Chuck White

Picture of
Chuck is a technologist, inventor, entrepreneur, father, and husband. He has extensive knowledge in cyber defense, collaboration solutions, big data analytics, and security software development. He is a former U.S. Army officer, combat veteran, father of a four year old girl who loves Supergirl, and a recognized thought leader in the security software community. Chuck is a member of the OASIS KMIP and OpenC2 technical committees and is a co-editor for version 2.0 of the KMIP specification.

Recent Posts

Key Orchestration: Identity, Credential, and Access Management (ICAM) for the IoT World

October 03, 2018 / by Chuck White

When looking at the problems we were trying to solve with Key Orchestration, IoT and IoE have always been part of the grand vision of Orchestration. As more and more systems break down the concept of perimeters or layers, there is a need to address the realities of these changes.

Read more

Pivoting From Cyber Security to Cyber Defense — Part 3

July 27, 2018 / by Chuck White


Utilizing Key Orchestration During a Hospital Ransomware Event

In Part 2 of this series, we examined the ongoing transition from Cyber Security to Cyber Defense, discussing Cyber Defense effects and utilizing Key Orchestration to realize those effects. In this post, we continue the discussion as we demonstrate how Key Orchestration enables the effects in a real-world scenario.

For practical consideration, let’s examine the following environment: A healthcare enterprise with 15 hospitals, two data centers, and multiple third-parties who use hospital technology resources. The IT infrastructure represents a number networks, applications, storage solutions, and network-connected diagnostic equipment. 

Read more

Pivoting From Cyber Security to Cyber Defense — Part 2

July 19, 2018 / by Chuck White

It’s been a little over a year since exclaiming that Cyber Security is dead. In that year, we have seen broader acceptance of terms like Defense and Resiliency. We have even seen attempts to pass laws that are the cyber equivalent of the “castle doctrine” for home defense. All that aside, one term that is starting to show up in this space is Orchestration. In practice, tools that support AI, machine learning, or analytics are turning to the term Orchestration to address what happens next. Applying the OODA loop (Observe, Orient, Decide, Act) is an easy way to look at this — if SIEM, AI, machine learning, big data, etc. are about Observe and Orient, then Orchestration is about Decide and Act.

Read more

Why Integrity Matters in Automotive Supply Chains (& What Cryptography Can Do About It)

January 27, 2018 / by Chuck White

When considering automotive IoT, it’s logical to focus on the supply chain that makes the car possible. In reviewing the application of key management to the automotive IoT landscape, it becomes apparent that the provenance of car components, from tires to telematics, is absolutely critical. Any poorly-built component can cause a systemic failure of the vehicle delivered to the consumer. When one typically thinks of applying encryption, it is focused on protecting the confidentiality of data at rest, in motion, or even while being processed. However, what about measuring whether the data should be trusted instead how whether it needs to be protected?

Read more

The Strong Case for Interoperability, Part II: Transition

October 16, 2017 / by Chuck White

Back in June, Kevin Mooney wrote an excellent piece on The Strong Case for Interoperability. Getting back to that subject matter, in perhaps not the most ideal of circumstances, we are going to talk about standards, interoperability, and transition as it pertains to resolving systemic issues. This is being driven by faults in 802.11 as described in Mathy Vanhoef’s and Frank Piessens’ paper on key reinstallation attacks released today.

Read more

Amazon S3: Don't Kick the Bucket, Do Something About It

July 20, 2017 / by Chuck White

Over the past several weeks we’ve seen three newsworthy stories where sensitive information finds its way onto Amazon's S3 cloud storage service: NGA, WWE, and Verizon.

Read more

Pivoting From Cyber Security to Cyber Defense – Part 1

July 05, 2017 / by Chuck White

I recently had the chance to respond to a LinkedIn post from Larry Cole about terminology for Cyber Security vs Cyber Defense. The conversation with Larry really hits home regarding what we are all doing with technology and services: defending what we consider valuable. I think we have all been wrong in calling it Cyber Security. It’s time to start saying Cyber Defense and act accordingly.

Read more

The Critical Need for Key Management Beyond Storage

June 02, 2017 / by Chuck White

The need for Key Management beyond storage is effectively the need to provide security controls that reduce risk when authority is separated from responsibility. The published leak of National Geospatial Agency data onto Amazon S3 by a defense contractor shines a spotlight on both the problem and the solution.

Read more
1
Page 1 of 1

Subscribe to Email Updates

Recent Posts