Data Security

Cybersecurity expert Andrew Turner joins Booz Allen Hamilton to lead commercial customer secure digital transformations.

businesswire | December 23, 2020

Booz Allen Hamilton (NYSE: BAH) reported today that digital industry pioneer Andrew Turner has joined the firm as a chief VP and market technique pioneer in the association's worldwide business. Turner brings twenty years of network protection, danger insight, and corporate-flexibility experience to Booz Allen to assist customers with defeating their most basic digital difficulties in the midst of a dynamic danger climate. Turner joins Booz Allen from Fidelity National Information Services (FIS), where he filled in as boss security official, regulating corporate security, business versatility, and the organization's digital and character programs.

Turner brings broad experience and a firsthand comprehension of how online protection groups work. In a profession traversing various worldwide undertakings—basically engaged in the exceptionally controlled and profoundly focused on monetary administrations area—he has been liable for defending customers' most esteemed data and developed societies of change related to security. Turner assumed a basic job in making sure about three organizations as they traveled through multi-billion-dollar consolidations and acquisitions, effectively wedding dissimilar online protection frameworks on a worldwide scale while proceeding to develop at speed.

“Demonstrating to our clients that we understand their organizational needs and have walked in their shoes has been a cornerstone of our relationships and success. We are thrilled that Andrew will bring his C-level experience and perspective as a cybersecurity practitioner to our team,” said Bill Phelps, executive vice president and leader of Booz Allen’s global commercial cyber business. “As our clients continue to embark on ambitious digital transformation journeys, we know that a successful digital transformation must be done securely to produce the results it purports to deliver. With Andrew’s advanced skills, diverse background, and keen understanding of the client’s perspective, he will be an asset to Booz Allen as we continue to help clients defend against the most consequential cyber threats.”

Before joining FIS, Turner was boss security official at installment processor Worldpay (earlier Vantiv). There, he drove the organization's security capacities, managing all parts of corporate and data security while building up big business wide information arrangements and norms. Preceding FIS, he was the head of worldwide network safety at Visa. There, he drove the development of the organization's worldwide network safety program and was answerable for securing one of the world's biggest installment brands, which prepared more than $7 trillion in installment card exchanges yearly. Before Visa, Turner drove the digital insight work inside Microsoft's online protection program expanding on experience picked up from the get-go in his vocation supporting public security missions.

Turner has likewise served in an assortment of warning jobs, applying his digital mastery most as of late as an individual from an Advisory Board for the Bank of England's Operational Resilience board in the United Kingdom. In 2014, Turner was delegated by Virginia Governor Terry McAuliffe to serve on the Virginia Cyber Security Commission, distinguishing how the general population and private area can team up to reinforce Virginia's network protection industry.

“Technology is evolving rapidly, and with these positive innovations comes more sophisticated and complex cyber threats. Organizations must understand their vulnerabilities as they prepare for a new wave of industry advancements so they can reap the full benefits of digitization without putting valuable assets at risk,” said Turner. “As one of the world’s largest cybersecurity solution providers, Booz Allen is uniquely positioned to solve our clients’ toughest security challenges. I am eager to join such a strong team and support the needs of clients through transformative, industry-leading strategies.”

As leader VP at Booz Allen, Turner will answer to Bill Phelps. Under Phelps' authority, Booz Allen's U.S. business conveys profoundly considerable digital administrations for Fortune 500 and Global 2000 customers across numerous ventures. Booz Allen's profound mastery is procured through continuous digital activities, driving edge specialized developments, basic enormous scope occurrence reactions, and progressed digital danger knowledge.

About Booz Allen

For more than 100 years, business, government, and military leaders have turned to Booz Allen Hamilton to solve their most complex problems. As a consulting firm with experts in analytics, digital, engineering and cyber, we help organizations transform. We are a key partner on some of the most innovative programs for governments worldwide and trusted by the most sensitive agencies. We work shoulder to shoulder with clients, using a mission-first approach to choose the right strategy and technology to help them realize their vision. With global headquarters in McLean, Virginia, our firm employs about 27,200 people globally, and had revenue of $7.5 billion for the 12 months ended March 31, 2020.

Spotlight

HPE GreenLake for Backup and Recovery is backup as a service designed for hybrid cloud. It simplifies how you protect your on-premises and cloud-native workloads bringing with it the cloud experience and flexibility of software delivered as a service.

Spotlight

HPE GreenLake for Backup and Recovery is backup as a service designed for hybrid cloud. It simplifies how you protect your on-premises and cloud-native workloads bringing with it the cloud experience and flexibility of software delivered as a service.

Related News

Enterprise Security, Platform Security, Software Security

ZeroFox Named Digital Risk Protection Leader by Quadrant Knowledge Solutions in 2023 SPARK Matrix™

GlobeNewswire | August 21, 2023

ZeroFox, (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, announced today that it was recognized as a technology leader in the 2023 Quadrant SPARK Matrix ™ for Digital Risk Protection by Quadrant Knowledge Solutions. This recognition comes on the heels of other recent accolades in the DRP space, further solidifying the company’s position on the forefront of innovation for digital risk protection. The SPARK Matrix™ from Quadrant Knowledge Solutions provides an in-depth analysis of the Digital Risk Protection landscape, including trends, the overall vendor landscape and the market. By ranking the vendors featured in the analysis, the SPARK Matrix ™ provides insights that allow companies to compare the potential capabilities – and the market position – of each company they would partner with in a more strategic way. "In the age of rapid digital transformation, enterprises face complex challenges in safeguarding their external attack surface. Amidst evolving threats from every corner of the web – whether the surface, deep, or dark – ZeroFox has combined the strength of AI and full-spectrum threat intelligence to power solutions for digital risk protection. This empowers security teams to stay ahead of potential threats and shield their online footprint in our dynamic digital world," said John Prestridge, Chief Product Officer at ZeroFox. "Being named a technology leader in Quadrant Knowledge Solutions’ SPARK Matrix™ for Digital Risk Protection speaks volumes about our team's unwavering commitment and passion for protecting our customers. We're deeply honored by the acknowledgment of our continuous dedication to the industry." “With its sophisticated technology platform, comprehensive functional capabilities, and roadmap, ZeroFox is well-positioned to maintain and grow its share in the DRP market,” Akshay Parmar, Analyst at Quadrant Knowledge Solutions notes in the report. The report notes “several key differentiators for ZeroFox’s External Cybersecurity Platform, including the recent launch of FoxGPT – which showcases the practical implementation of generative AI in addressing challenges within the cyber threat intelligence domain. Another is the team’s Threat Intelligence and Attack Surface Management solutions, both of which help the team to detect brand or executive impersonations, safeguard domains, detect phishing URLs, monitor brand mentions and negative sentiment, as well as identify data leaks and attack chatter on the deep and dark web.” This recognition for ZeroFox as a leader in Digital Risk Protection from Quadrant Knowledge Solutions is a special accolade for the team – but not the first. ZeroFox was also a winner of the 2023 Global Infosec Awards for Most Comprehensive in the Digital Risk Protection category. The team was also recognized with the 2022 Frost & Sullivan Global Competitive Strategy Leadership Award, which highlighted ZeroFox’s leadership and exceptional strategic innovation and customer impact. About Quadrant Knowledge Solutions Quadrant Knowledge Solutions is a global advisory and consulting firm focused on helping clients in achieving business transformation goals with Strategic Business and Growth advisory services. At Quadrant Knowledge Solutions, our vision is to become an integral part of our client's business as a strategic knowledge partner. Our research and consulting deliverables are designed to provide comprehensive information and strategic insights for helping clients formulate growth strategies to survive and thrive in ever-changing business environments. About ZeroFox ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries. Visit www.zerofox.com for more information.

Read More

Enterprise Security, Platform Security, Software Security

Legit Security Discovers and Helps Remediate CI/CD Vulnerabilities in Google Open-Source Projects

Prnewswire | July 19, 2023

Legit Security, a cyber security company with an Application Security Posture Management platform that helps organizations deliver fast and secure software releases, today announced that it discovered Continuous Integration/Continuous Delivery (CI/CD) security vulnerabilities in open-source projects from Google. The Legit Security Research Team found a vulnerability leveraging "GitHub environment injection" that allows attackers to take control of a vulnerable project's GitHub Actions CI/CD pipeline. In this case, any GitHub user could exploit the vulnerability found in the Google Orbit project to modify the project's source code, steal secrets, move laterally inside an organization and ultimately initiate a SolarWinds-like software supply chain attack. Google acknowledged and fixed the vulnerabilities after disclosure by Legit Security. For an in-depth description of the vulnerability and information on how to protect your organization, please visit the technical disclosure blog. GitHub Actions is part of the extremely popular GitHub source code management system at the heart of many organization's software supply chains and used by software developers globally. The recently discovered vulnerability relates to GitHub's special environment variables file called "GITHUB_ENV", which is used to control the pipeline container's environment variables. The vulnerable project had a GitHub Actions workflow that wrote untrusted user input into the GITHUB_ENV file. Legit Security's Research Team discovered that a specially crafted payload written to this file could allow an attacker to execute code on the target pipeline and thereby modify the source code or compromise the repository itself. This attack can be initiated by any GitHub user and is very easy to implement just by creating a pull request. The simple act of submitting the request will trigger the vulnerable build action and carry out a successful compromise. The attacker does not need a code review approval from the maintainer since the vulnerable build action is running on the pull request before the code is merged. The Legit team disclosed these issues via Google's vulnerability disclosure program, along with remediation guidelines, and verified that these vulnerabilities weren't exploited by a malicious actor. The Google project vulnerability was remediated quickly and is now safe. Unfortunately, there are many other projects using GitHub Actions that are susceptible to this same attack. Since using the GITHUB_ENV file is currently the widely accepted way to change environment variables in GitHub Actions, many repositories are using workflows that write untrusted data into this file, leaving them exposed these potential supply chain attacks. This type of vulnerability joins a large number of other disclosed vulnerabilities and successful supply chain attacks targeting popular open-source libraries. The Legit Security Research Team has previously discovered a wide range of vulnerabilities in popular Source Code Management systems including GitHub, as well as other Software Development Lifecycle Management (SDLC) systems and infrastructure commonly found in an organization's software supply chain. About Legit Security Legit Security provides application security posture management to ensure secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Read More

Platform Security

Conceal Announces Strategic Partnership with Kompingo: Revolutionizing Web Security with the Next Generation of Protection

Business Wire | August 23, 2023

Conceal, renowned for its pioneering stance against web-based threats, today heralded its significant partnership with Kompingo, the UK's distinguished value-added distributor and managed security service provider. This collaboration signifies a major enhancement for Kompingo’s Managed Detection and Response (MDR) services, as it integrates Conceal’s patented zero-trust browser security into its offerings. "As the digital threat landscape rapidly evolves, strengthening our MDR and managed services capabilities remains paramount. Integrating Conceal’s browser security solution aligns perfectly with our ambition to offer our customers top-tier, holistic security solutions," commented Toby Caton, Director at Kompingo. “Conceal also allows us to offer the product as a stand-alone solution to our growing MSP partners and reseller base for them to enhance their offerings further, too.” Gordon Lawson, CEO of Conceal, further emphasized the partnership’s potential: "Kompingo's expertise in managed security services makes them an ideal partner. We’re confident that by infusing ConcealBrowse into their MDR offerings, we can provide users with unprecedented protection from web-centric threats." Together, Kompingo’s state-of-the-art Security Operations Centre and ConcealBrowse promise a robust defense against today’s sophisticated web threats. With Kompingo’s AI and machine learning-enhanced operations now complemented by Conceal's dynamic web content analysis, both organizations are poised to set a new benchmark in cybersecurity. About Conceal Conceal is at the forefront of defending against web-based attacks, using innovative technology to detect, prevent, and shield businesses and individual users from ever-evolving online threats. ConcealBrowse operates on the principle of proactive protection. Its AI-powered intelligence engine, ConcealSherpa, runs at machine speed with virtually zero latency to identify potentially harmful webpages autonomously, stopping cyber attacks that take advantage of weaponized links. For more information, visit https://conceal.io/. About Kompingo Situated at the crossroads of innovation and technology, Kompingo has etched its mark as a leading light in the IT security arena. Famed for its comprehensive managed services, Kompingo is dedicated to incubating IT security start-ups, nurturing technological advancements, and driving growth. Their plethora of services, spanning from co-managed and fully managed offerings to vCISO and penetration testing, makes them an indispensable ally in the cybersecurity domain. With a steadfast dedication to the Cyber Essentials Scheme and their top-notch Managed Detection and Response services, Kompingo remains a name synonymous with excellence.

Read More