Asymmetrical threats in Cybersecurity

May 28, 2021 | Chris Mark

Chris Mark

Chris Mark is AT&T Cybersecurity’s PCI National Practice Director. He is an experienced security professional with over 25 years of experience in physical, operational and cyber domains of security. Chris is one of the original authors of the CISP and PCI DSS and has audited and consulted with over 100 large and complex organizations. He is a frequent public speaker on various security related topics. He has been interviewed on CNN, FoxNews, NPR, and NBC and has published scores of articles in periodicals such as SC Magazine, The Counter Terrorist, Credit Union Times, Secure Payments, Transaction Trends, and National Review, among others. Chris has a BA, MBA and is completing his dissertation for his doctorate in cybersecurity. He is a former enlisted Marine and Navy Officer combat veteran.

May 28, 2021 | Chris Mark

Asymmetrical threats in Cybersecurity

Security and defense theory are inextricably entwined. Consider medieval castles. They were designed as a defensive mechanism that provided security to those within, most of whom were simply civilians hiding behind the walls for protection from invaders. Within cybersecurity, multiple concepts from defense and war theory can be applied to better address the cyber risks facing organizations. In…

May 3, 2021 | Chris Mark

The new normal is actually very normal: Punctuated equilibrium, security cycle theory, and the “New Normal”

In 2020, the world was hit with an unexpected pandemic that changed much of life as many had come to know it. Virtually overnight, masks were required, employees were working remotely, children were home from school, and businesses were locked down to stop the spread of Covid19. In reading the news and social media the term “The New…

February 24, 2021 | Chris Mark

Quantifying CyberRisk- Solving the riddle

In the late 1990’s and early 2000’s there was a concept that was bandied about that was coined “Return on Security Investment” or ROSI. Borrowing from the common business term Return on Investment (ROI) where a return on a particular investment (capital investment, personnel, training etc.) could be quantified, the cybersecurity industry attempted to quantify…

March 17, 2020 | Chris Mark

Exploits, vulnerabilities and threat adaptation

Security, whether focused on physical, cyber, operational, or other domains, is an interesting topic that lends itself to considerable debate among practitioners. There are, however, basic concepts and underpinnings that pervade general security theory. One of the most important, yet often misunderstood concepts are those inextricably entwined concepts of vulnerabilities and exploits. These basic underpinnings are critical in…

February 19, 2020 | Chris Mark

Understanding cyber attacker motivations to best apply controls

Implementing a risk based security program and appropriate controls against adaptive cyber threat actors can be a complex task for many organizations. With an understanding of the basic motivations that drive cyber-attacks organizations can better identify where their own assets may be at risk and thereby more efficiently and effectively address identified risks. This article will discuss the Rational…