Publications
Books
Death by Identity Theft — Book (2016 - Self Published)
Non-Fiction book detailing types of identity theft, the impacts of identity theft, and how to mitigate or reduce the risk of identity theft
Hacking of the Free — Book (2020 - Self Published)
Non-Fiction book on Understanding Digital Threats to Democracy in the 21st Century
Cyber Security: Rules to Live By — Book (2021 - Self Published)
Non-Fiction book designed to be an “introduction to cybersecurity” for non-technical individuals.
Editor
President and Managing Editor of a local news site. Manage a freelance news team of approx. 2-4 members.
President and Managing Editor of a news site focused on cybersecurity, tech news, and gaming. Manage a freelance news team of approx. 2-3 members.
Conference Presentations
The Need for a Cyber Attack Warning System - (2013 - Recorded Future RFUN Conference, Washington DC)
Explore the history of attack warning systems, the historical context for cyber attacks crossing into the real world, as well as several case studies for what can be detected with a cyber-attack warning system.
Does Your Organization Understand the Value of Cyber Threat Intelligence? - (2023 - Tech at the Gap, Rocky Gap, Maryland)
In this research, Enterprise Management Associates set out to discover which CTI sources, methods, and integrations are currently working in the industry and where there is room for improvement. What we found was that many organizations are struggling with CTI, especially when it comes to data quality. The research provides key insights on the CTI sources organizations are having the most success with and how organizations can better leverage CTI in their everyday operations and technology integrations.
Training Classes
Social Engineering - You Are a Target — Web-Based Training Class (2014 - Dept. of Veterans Affairs)
One hour-long course on common social engineering techniques and how to prevent social engineering attacks. Custom developed to tailor to the Department of Veterans Affairs leadership.
Blogs
Podcasts
Cybersecurity Awesomeness Podcast
In this new podcast, Chris Steffen, Vice President of Research Covering Information Security, Risk, and Compliance Management at EMA, and Ken Buckler, Research Analyst covering Information Security at EMA, talk about a wide range of cybersecurity topics.
Research Reports
SSL/TLS Certificate Security – Management and Expiration Challenges
Research Report - End-User
07/26/2023
Co-Authored with Chris Steffen
Digital certificates play a vital role in securing online communications and transactions. They are used to encrypt sensitive data, authenticate users, and protect against various types of cyber threats. However...
Ransomware: How Increasing Attacks are Changing the Enterprise’s Security Priorities and Spending
Research Report - End-User
06/28/2022
Co-Authored with Chris Steffen
In 1971, the first self-replicating virus (called Creeper) was unleashed across the ARPANET as a proof of concept. The virus itself was not designed to do any harm, but instead simply highlighted potential vulnerabilities in mainframe computers...
Cyber Threat Intelligence – Transforming Data Into Relevant Intelligence
Research Report - End-User
04/18/2023
Co-Authored with Chris Steffen
Many organizations have leveraged cyber threat intelligence (CTI), a powerful tool, for over two decades. Until recent years, threat intelligence was extremely expensive and only the largest organizations with budgets that allowed for such investment...
Secure Coding Practices – Growing Success or Zero-Day Epidemic?
Research Report - End-User
01/19/2023
Co-Authored with Chris Steffen
From 2015 to 2021, the number of new vulnerabilities per year in the National Vulnerability Database grew from 6,487 to 20,139. This increase in vulnerabilities may be due to a significant skills gap when it comes to secure software development.
Whitepapers
Target-Centric Intelligence: Unlocking the Secrets of OSINT for Effective Cyber Defense
White Paper
07/21/2023
In the realm of cybersecurity, it is highly likely that you are already harnessing the power of open-source intelligence (OSINT) without even realizing it. Many teams are actively monitoring and tracking threat indicators and threat actors...
Less Complexity, More Return on Cybersecurity Investments
White Paper
04/19/2023
Depending on the type of attack, target organization, and effectiveness of an organization’s security defenses, attackers are typically inside a network for one to two months before being detected. The signals of the attacker’s presence...
Tricks of the Trade – How Malware Authors Cover Their Tracks
White Paper - Self Published
2013
As security applications evolve to detect more advanced malware, the authors of said malware must adapt and develop new tricks to avoid detection.
Webinars
Cyber Threat Intelligence: Transforming Data into Relevant Intelligence
Webinar
06/13/2023
Many organizations have leveraged cyber threat intelligence (CTI), a powerful tool, for over two decades. With tools dedicated to processing and distributing CTI, it has become much more affordable and accessible in recent years. Combined with CTI sh...
Secure Coding Practices – Growing Success or Zero-Day Epidemic?
Webinar
02/07/2023
From 2015 to 2021, the number of new vulnerabilities per year in the National Vulnerability Database grew from 6,487 to 20,139. With this alarming rate of increasing software vulnerabilities and the significant security skills gap for software develo...
Ransomware: How Increasing Attacks are Changing the Enterprise’s Security Priorities and Spending
Webinar
09/07/2022
Today, ransomware is one of the fastest-growing threats in the cybersecurity industry, designed to not only self-propagate but also encrypt all files or entire systems across a network. This specialized malware has one primary purpose—to direct...
Vendor to Watch
Vendor to Watch
04/05/2023
EMA Vendors to Watch are companies that deliver unique customer value by solving problems that previously went unaddressed, or provide value in innovative ways. The designation rewards vendors that dare to go off the beaten path and have defined thei...
EMA Vendor to Watch: DuploCloud
Vendor to Watch
05/25/2022
EMA "Vendors to Watch" are companies that deliver unique customer value by solving problems that previously went unaddressed, or provide value in innovative ways. The designation rewards vendors that dare to go off the beaten path and have ...
Impact Briefs
Jamf Launches Executive Threat Protection Solution
EMA Impact Brief
10/09/2023
Ken Buckler
Jamf, a company that provides management and security solutions for Apple devices, launched Jamf Executive Threat Protection, an advanced detection and response tool for mobile devices. Built upon technology acquired in the ZecOps acquisition last Se...
Panorays Unveils Smart Match to Revolutionize Third-Party Security Risk Management
EMA Impact Brief
10/03/2023
Ken Buckler
Panorays, a prominent third-party security risk management solutions provider, introduced Smart Match, an innovative capability designed to expedite responses and simplify risk analysis. This development bolsters Panorays’ AI-powered third-part...
Foretrace Introduces “Tim” – AI Analyst Redefining Data Leak Response
EMA Impact Brief
10/03/2023
Ken Buckler
Foretrace, a pioneer in data leak and exposure management, unveiled “Tim,” a generative AI analyst designed to revolutionize the response to data exposure incidents. Tim’s real-time recommendations promise to augment human analysts,...
AWS Enables Proactive Security with Release of Amazon Security Lake
EMA Impact Brief
09/21/2023
Ken Buckler
Amazon Web Services (AWS) announced the general availability of Amazon Security Lake, a purpose-built data lake that centralizes an organization’s security data from various sources into a unified platform. The service enables customers to impr...
SimSpace Expands Cyber Force Platform for Enhanced Cybersecurity Defense
EMA Impact Brief
09/21/2023
Ken Buckler
SimSpace, an industry leader in military-grade cyber ranges, announced significant additions to its Cyber Force Platform. The platform now includes ML-driven adaptive attacks, cyber stack optimization, and automated deployment capabilities. These adv...
Unlocking Insights: Vaultree and Tableau Integrate for Secure Data Analytics
EMA Impact Brief
09/21/2023
Ken Buckler
Vaultree, a cybersecurity leader specializing in fully functional data-in-use encryption, announced a groundbreaking integration with Tableau, a renowned data visualization and business intelligence platform. This integration introduces a new era of ...
Action1 Invests $20 Million in Secure Cloud Solution with Zero-Knowledge Architecture
EMA Impact Brief
09/19/2023
Ken Buckler
Action1 Corporation, a leading provider of risk-based patch management solutions, announced a $20 million investment in its platform. The investment aims to enhance the company’s cloud-based solution for continuous remediation of security vulne...
ThreatHunter.ai Releases Cybersecurity Solution Based on AI and Human Expertise
EMA Impact Brief
09/19/2023
Ken Buckler
ThreatHunter.ai developed an innovative cybersecurity solution that combines advanced AI technology with expert human threat hunters. The solution addresses common cybersecurity challenges companies face, such as alert fatigue, improper system tuning...
Virsec Unveils Market-First Capabilities for Zero Trust Workload Protection
EMA Impact Brief
09/19/2023
Ken Buckler
Virsec, a leader in zero-day prevention for workloads, introduced a suite of market-first capabilities that automate the path to rapid deployment of zero trust workload protection, including stopping attacks in milliseconds.
Corelight and CrowdStrike Partner to Revolutionize Incident Response and Threat Hunting
EMA Impact Brief
09/19/2023
Ken Buckler
Corelight, a leading provider of open network detection and response (NDR) solutions, announced an expanded partnership with CrowdStrike, a prominent player in cloud-delivered endpoint protection. This partnership enables CrowdStrike to deploy Coreli...
CDW’s Recent Acquisitions Empower Cloud Strategies and Consulting Excellence
EMA Impact Brief
07/26/2023
Ken Buckler
CDW Corporation made two strategic acquisitions this year, bringing Enquizit and Locus into its portfolio. The acquisition of Enquizit enhances CDW’s Public Sector Cloud Services Practice, allowing for accelerated cloud strategies and increased...
SSH Launches OpenSSH Support Service for Multi-Platform SSH Environments
EMA Impact Brief
07/11/2023
Ken Buckler
SSH Communications Security introduced a support service for OpenSSH toaddress customer support challenges and provide high-quality SSH supportfor the open-source variant of SSH software. With support available forWindows and Red Hat Linux platforms,...
Cisco’s Acquisition of Lightspin Will Strengthen Cloud Security Offerings
EMA Impact Brief
07/11/2023
Ken Buckler
Cisco recently announced its intention to acquire Lightspin Technologies Ltd, a cloud security software company based in Tel Aviv. The acquisition will provide Cisco with a comprehensive cloud security posture management (CSPM) solution for cloud-nat...
Intrusion’s Innovative App Revolutionizes Mobile Device Security
EMA Impact Brief
07/11/2023
Ken Buckler
Intrusion, a leading provider of cyber attack prevention solutions, announced the release of its new mobile app, Intrusion Shield Mobile. Powered by the Intrusion Global Threat Engine®, Shield Mobile is now available in the Google Play Store and ...
ConnectWise Announces New Cross-Portfolio Security Capabilities for TSPs
EMA Impact Brief
07/11/2023
Ken Buckler
ConnectWise, a leading software company for technology solution providers (TSPs), unveiled its latest advancements in cross-portfolio security capabilities. These enhancements aim to empower TSPs with robust tools and solutions to address the evolvin...
Verimatrix’s Newest Offerings Enhance Mobile App Security
EMA Impact Brief
06/27/2023
Ken Buckler
Verimatrix, a leader in providing people-centered security for the modern connected world, announced the launch of a revamped user experience (UX) for its Extended Threat Defense (XTD) product, along with a new VMX Labs research team dedicated to inv...
Searchlight Cyber Launches Secure Virtual Browser for Dark Web Investigations
EMA Impact Brief
06/27/2023
Ken Buckler
Searchlight Cyber released Stealth Browser, a virtual machine designed to allow cyber professionals to conduct investigations on the dark web securely and anonymously. The browser is an addition to Searchlight’s automated investigation and inte...
Paladin Cloud Introduces Game-Changing SaaS Platform for Cyber Asset Protection
EMA Impact Brief
06/13/2023
Ken Buckler
Paladin Cloud, a leading open source cloud security company, launched its new SaaS cloud security platform. The platform helps organizations identify and visualize their cyber assets and security controls while monitoring their cloud environments for...
Lumu Launches SecOps Capabilities to Combat Growing Cybersecurity Threats
EMA Impact Brief
05/31/2023
Co-Authored with Chris Steffen
Lumu Technologies, a cybersecurity company that offers the Continuous Compromise Assessment model to measure compromise in real time, launched a new set of capabilities called Lumu for SecOps. The capabilities, which Lumu presented at the RSA Confere...
ColorTokens’ Microsegmentation Brings Zero Trust to Virtualized Containers
EMA Impact Brief
05/24/2023
Ken Buckler
ColorTokens, an American company specializing in zero trust cybersecurity, recently announced the addition of microsegmentation for virtualized containers to their portfolio of capabilities. The new feature provides security for containerized workloa...
Akamai’s Acquisition of Neosec Will Strengthen API Security and Visibility
EMA Impact Brief
05/18/2023
Ken Buckler
Akamai Technologies, Inc., an American company specializing in content delivery, cybersecurity, and cloud services, recently announced it definitive agreement to acquire Neosec, an industry leader in API detection and response, to strengthen Akamai&r...
Cradlepoint Acquires Ericom Software to Strengthen its Enterprise Security Offerings
EMA Impact Brief
05/17/2023
Ken Buckler
Cradlepoint, a leader in 5G for business solutions, announced the acquisition of Ericom Software, a cloud-based enterprise security platform provider. Cradlepoint plans to leverage Ericom’s zero trust and cloud-based security solutions to build...
IONIX Sets Target on Attack Surface Prioritization
EMA Impact Brief
05/17/2023
Ken Buckler
Cyberpion, an Israeli company specializing in attack surface management, rebranded as IONIX as part of their shift toward helping clients better prioritize cyber risk. The company’s unique approach focuses not only on the attack surface of clie...
Fortinet NSE Certification Program Expands to Evolving Skillset Needs
EMA Impact Brief
05/04/2023
Ken Buckler
Fortinet expanded its NSE Certification Program to address the evolving cybersecurity skillset needs of security professionals. The program now includes updated designations that provide more flexibility and advanced skills for individuals and securi...
Elastic Further Enhances Cloud Security Offerings
EMA Impact Brief
04/21/2023
Ken Buckler
Elastic, an American company specializing in indexing and searching large amounts of data quickly and efficiently, recently announced the expansion of Elastic Security’s capabilities, including cloud security posture management (CPSM), containe...
DigiCert to Provide Full Certificate and PKI Management
EMA Impact Brief
01/23/2023
Co-Authored with Chris Steffen
DigiCert, an American company based out of Utah, recently announced the release of Trust Lifecycle Manager, its full-stack certificate and PK management solution. This solution unifies CA-agnostic certificate lifecycle management, PKI services,...
Proofpoint is Adding Identity Risk to Protect the “Keys to the Kingdom” with Illusive
EMA Impact Brief
01/12/2023
Co-Authored with Chris Steffen
Proofpoint, an American company based out of Sunnyvale, California, recently completed their acquisition of Israeli company Illusive. The acquisition will enable the addition of identity threat detection and response (ITDR) to its comprehensive threa...
Action1 Delivers Automated Peace of Mind for Remote Patch Management
EMA Impact Brief
01/10/2023
Co-Authored with Chris Steffen
Action1, an American company based out of Houston, Texas, recently announced the release of their Continuous Patch Compliance feature leveraging automated remediation of security vulnerabilities.
novoShield Delivers Next-Generation Phishing Protection for Mobile Devices
EMA Impact Brief
10/10/2022
Co-Authored with Chris Steffen
novoShield, an Israeli company based out of Tel Aviv, recently announced the release of their next-generation phishing protection platform for mobile phones. The initial release is available for home and business iPhone users, with Android and PC ver...
EMA Impact Brief: Safe Security
EMA Impact Brief
09/14/2022
Co-Authored with Chris Steffen
Safe Security, an American company headquartered in Palo Alto that specializes in cybersecurity and digital business risk quantification, recently announced the release of several new assessment tools designed to provide organizations quantifiable da...
Xcitium ZeroThreat Brings Zero Trust to the Endpoint and Stops Unknown Malware
EMA Impact Brief
09/07/2022
Co-Authored with Chris Steffen
Comodo Cybersecurity, an American company headquartered in New Jersey that specializes in endpoint protection, recently announced its rebrand under the name Xcitium. Coinciding with the rebrand is their release of Zero Dwell Containment technology de...
Release of AppTotal Enables Next-Gen App Security Research in the Cloud
EMA Impact Brief
08/23/2022
Co-Authored with Chris Steffen
Canonic Security, an Israeli company specializing in analysis of SaaS-native threats, recently announced the release of their flagship product, AppTotal. This cloud-based service enables administrators and security researchers to analyze cloud SaaS a...
Halo Security Release Shines Spotlight on Attack Surface Management
EMA Impact Brief
08/23/2022
Co-Authored with Chris Steffen
TrustedSite, an American company specializing in vulnerability scanning and certification, recently announced the spin-out of its attack surface management suite of services under the new Halo Security brand. The platform allows organizations to cons...
Security Journey Relaunch is a Much-Needed Move Toward Better Application Security
EMA Impact Brief
08/22/2022
Co-Authored with Chris Steffen
HackEDU, an American company based out of Pittsburgh, PA, recently completed their acquisition of Security Journey, also an American company, based out of Raleigh, NC. Both companies specialize in application development security training and are now...
NVIDIA Morpheus AI Framework Could Revolutionize Cybersecurity
EMA Impact Brief
07/13/2022
Ken Buckler
NVIDIA, an American multinational technology company, recently announced the general availability release of its Morpheus cybersecurity artificial intelligence (AI) application framework. This application framework, combined with NVIDIA graphics proc...
Elastic Security for Cloud – The Next Step in Securing Cloud and Hybrid Environments
EMA Impact Brief
06/23/2022
Ken Buckler
Elastic, an American technology company specializing in search-powered solutions and enterprise observability, recently announced the release of its cloud security product. This product will help organizations solve their visibility and observability...