Randy Marchany

CISO

Virginia Tech


Will Corporate Security Models Move Toward the EDU Security Model?

Posted on: 29 Jul 2016

No network is impenetrable, a reality that business executives and security professionals alike must accept. The traditional perimeter focused approach to cybersecurity has often failed to prevent intrusions, especially in…

“The Internet of Cows”

Posted on: 04 May 2016

Glenn Fink, a security researcher at Pacific Northwest Labs, did a presentation called the “Internet of Cows” at a recent IEEE conference where he showed how dairy farming has become an automated,…

The 20 Critical Controls – A Practical Security Strategy – Part 2

Posted on: 11 Jun 2015

In my last article, I talked about using the 20 Critical Controls as a practical security strategy.  I showed how the controls map to a wide variety of international and…

The 20 Critical Controls – A Practical Security Strategy – Part 1

Posted on: 20 Jan 2015

Back in the late 1990’s, I was fortunate to be part of a team of cyber security experts who were asked to develop a list of the Top 10 Internet…

Application Security – Redux

Posted on: 07 Nov 2014

When you’re on a roll, ride it out. I’ve been on the “Redux” train for a couple of days. I usually do this when I review our security architecture initiatives…

Deja Vu All Over Again – DDoS Amplification Attacks

Posted on: 04 Nov 2014

Yep, it’s time to use this title again. This time we’re talking about Distributed Denial of Service (DDoS) amplification attacks. One of the lists I monitor posted the following: Christian…

Cloud Security: How I Learned to Love a Data Exfiltration Service

Posted on: 02 Oct 2014

Ok, I know the title sounds a little negative. I’m not against cloud services at all. We use cloud services here for a wide variety of business and personal purposes.…

Announcing the Marriage of the IT Security Office and the Network Management Group

Posted on: 24 Jul 2014

Ok, maybe it’s not a marriage but more along the lines of living together. In a previous article, I spoke about moving to a Continuous Monitoring security model, which focuses on…

When is it a Breach?

Posted on: 26 Jun 2014

One of the most difficult decisions a CISO has to make is the one that says the organization suffered a data breach. A data breach starts a chain of events…

Heartbeat, Heartbleed or Heartache?

Posted on: 08 May 2014

You almost have to be on some deserted island with no Internet access to have not heard about the OpenSSL Heartbleed vulnerability. This vulnerability is very serious and pervasive because…