Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - Archives for Brian A. McHenry - Page 3

Brian A. McHenry

Brian A. McHenry
  • Website

As a Senior Security Solutions Architect at F5 Networks, Brian McHenry focuses on web application and network security. McHenry acts as a liaison between customers and F5 product teams, providing a hands-on, real-world perspective. He is a regular contributor on InformationSecurityBuzz.com, a co-founder of BSidesNYC, and a speaker at AppSecUSA, BC Aware Day, GoSec Montreal, and the Central Ohio Infosec Summit, among others. Prior to joining F5 in 2008, McHenry, a self-described IT generalist, held leadership positions within a variety of technology organizations, ranging from startups to major financial services firms.

Organic Denial of Service, When DoS Isn’t an Attack

Brian A. McHenryMarch 23, 20164 Mins Read

Denial of service attacks are so common now that “DoS attack” hardly needs explanation, even to the lay person. The phrase “DoS attack” instantly conjures images of banking sites that refuse to load, and gaming consoles unable to connect. The other instant reaction is to think of the attackers such as Anonymous, the Qassam Cyber Fighters, or the Lizard Squad. However, not all denial-of-service is the product of a coordinated attack. Many forms of DoS are organic by-products of completely normal traffic. So-called “normal traffic” includes everything from legitimate customers, business partners, search-index bots,data-mining scraper-bots, and other more malicious automated…

Read More

Herding Certs: Mandatory Homework for 2016

Brian A. McHenryJanuary 27, 20164 Mins Read

The exasperating attempt to bring seemingly uncontrollable and chaotic forces into step with one another is often referred to as “herding cats.” Examples range from chaperoning kindergarteners on a museum field trip to managing rock star developers on a software project. In today’s “HTTPS Everywhere” world, enterprise key and certificate management (EKCM) can also seem like an exercise in herding cats. However, with the explosion of SSL/TLS usage, high profile Certificate Authority (CA) compromises, and ever-evolving malware, an effective EKCM program has never been more vital to ensuring strong security. Mismanagement of keys and certificates can impact security in a…

Read More

Mutating Malware and Data Center Blind Spots in 2016

Brian A. McHenryDecember 15, 20155 Mins Read

Predictions for the coming new year always abound. While no one has a crystal ball, I have the benefit of talking to a lot of security teams. Last year around this time, I held forth that HTTP/2 and TLS 1.3 would be disrupting the Internet in 2015. While HTTP/2 adoption is only now starting to really pick up speed, and we’re still awaiting a new version of TLS, the all-HTTPS Internet is unquestionably on its way. While intelligence agencies speculate upon the impact of criminals and terrorists encrypting their communications, the all-HTTPS Internet is already impacting most of us in…

Read More

Defending DNS

Brian A. McHenryNovember 24, 20155 Mins Read

The Domain Name System, or DNS, is arguably the most important system on the Internet. Without it, we’d all have to memorize IP addresses the way we once did the phone numbers of our friends and family by heart. Actually, in the case of IP addresses, we’d probably just not use the Internet, at all, since even the web applications we use rely on DNS to call services and content from other addressable locations on the Internet. As security or IT practitioners, we spend a lot of time securing and ensuring the availability of applications. However, none of them would…

Read More

When a Bot isn’t a Bot

Brian A. McHenryOctober 22, 20154 Mins Read

Threat modeling is vital to any security practice. For example, we can understand the OWASP top 10 vulnerabilities, but we can easily misspend our efforts and dollars defending against exploits of vulnerabilities not present in our web applications. Managing the epidemic of bot traffic can be just as daunting, when considering how such traffic affects our threat models. The term “bot” or “botnet” is thrown around a lot. Why is bot detection so valuable to your security posture, if the typical botnet isn’t a significant part of your threat model? Bots cover large classes of fully-automated scans and attacks, and…

Read More

Jailbroken Phones: Too Cool for Security

Brian A. McHenrySeptember 22, 20155 Mins Read

Smartphones are powerful devices, and a constant reminder that we are “living in the future.” We can take high-resolution photos, edit those photos, and upload them to the Internet in less time than it takes to order a cup of coffee. We can track our activity, our calorie intake, and our workouts. We can even get a ton of work done without ever opening a laptop or sitting down at a desk. All with a device that fits in the palm of the hand. However, as with any complex device or system, vulnerabilities and the potential for bad guys to…

Read More

Securing your Web Application Through HTTP Headers

Brian A. McHenryAugust 27, 20156 Mins Read

Web application security is hard to implement and harder still to maintain. The application layer is also the top attack vector for data loss, via such well-known vulnerabilities as SQL injection. Needless to say, we infosec practitioners are always looking for an application security “easy button.” Part of the solution is staring us right in the eyes, yet we have been slow to leverage HTTP response headers. With that in mind, the revelations of Scott Helme’s recent survey of the top one million web sites came as a huge shock. Security-centric HTTP response headers are relatively easy to insert and…

Read More

Is Bot Detection the Best Value in InfoSec?

Brian A. McHenryJuly 22, 20155 Mins Read

Spending on cyber security solutions is exploding. Security startups like Crowd Strike are attracting investment funding to the tune of $100M, and enterprises are hiring security engineers as quickly as they can find them. Unfortunately, unlike with online shopping where there’s a deal site or coupon code just waiting to be used, there’s no coupon code for getting the most out of our efforts to improve security. Instead of wishing for a coupon code, the key is to focus on reducing the risk of a successful denial-of-service (DoS) attack, or worse, a data breach. While every organization is different, with…

Read More

Taming the Internet of Things

Brian A. McHenryJune 25, 20153 Mins Read

While the debate rages on whether SSL everywhere is necessary and/or good for the Internet, the number of sites and services supporting SSL and TLS encryption continues to soar. The focus of the SSL Everywhere debate has centered on typical browser-based web applications and mobile apps, but the Internet of Things (IoT) is also increasingly encrypting communications by default. IoT devices and services aren’t confined to smart thermostats and other home automation gadgets. In the enterprise, copier/printers, security sensors, and the variety of gadgets employees bring to the office are just a few examples of how the IoT trend is…

Read More

THOTCON 0x6 in Review

Brian A. McHenryMay 28, 20155 Mins Read

Attending conferences and trade shows is a luxury many of us cannot afford, both from the time and expense perspectives. Compounding that fact is that many of the larger events have devolved into long-form vendor showcases, more closely resembling the International Auto Show than the educational and invigorating experiences they purport to be. These mega events are also very costly, due to travel costs and skyrocketing price of admission in the thousands of dollars. Fortunately, many local events have sprung up for the security professional, such as local OWASP and ISSA chapter meetings, Security BSides, and many others. The cost…

Read More
Previous 1 2 3 4 Next
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}