Before joining CISA as chief of staff, Todt served as managing director of the non-profit Cyber Readiness Institute (CRI). She also served as president and managing partner at risk management consulting firm Liberty Group Ventures between 2012 and 2016. Kiersten TodtAs for roles in the government, Todt served in 2016 as the executive director of…

BreachQuest is building a SaaS platform, named PRIORI, that aims to modernize incident response by providing automated end-to-end readiness and response capabilities. The company says its product can provide enhanced visibility, continuously monitoring systems in an effort to detect threats. When a threat has been detected, the platform provides detailed information in order to enable…

Forescout Research Labs and JFrog Security Research found a total of 14 vulnerabilities in NicheStack, a TCP/IP stack used by many operational technology (OT) vendors. The flaws, a majority of which have been assigned critical and high severity ratings, can be exploited for remote code execution, denial of service (DoS) attacks, obtaining information, TCP spoofing,…

The Infrastructure Investment and Jobs Act includes funding for roads, bridges, transportation safety, public transit, railways, electric vehicle infrastructure, airports, ports, waterways, broadband internet, environmental remediation, and power infrastructure. The White House said this week that the bill will also invest approximately $2 billion to “modernize and secure federal, state, and local IT and networks;…

One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities. The bill covers vulnerabilities in IT and OT systems, as well as security holes in…

Designed to assess the effectiveness of Federal Civilian Executive Branch (FCEB), Critical Infrastructure (CI), and State, Local, Tribal, and Territorial (SLTT) stakeholders in identifying and resolving network vulnerabilities, the RVAs revealed that phishing links were the most successful technique for initial access. CISA conducted a total of 37 RVAs, leveraging the MITRE ATT&CK framework to…

A total of 14 cybersecurity-related acquisitions were announced between July 1 and July 8, 2021. Barracuda Networks acquires SKOUT Cybersecurity Application, cloud, email, data and network security solutions provider Barracuda Networks is acquiring SKOUT Cybersecurity, a company that provides cyber-as-a-service software for MSPs, as well as XDR solutions. The deal enables Barracuda to expand its…