Brian A. McHenry

1023 0

BrianAs a Senior Security Solutions Architect at F5 Networks, Brian McHenry focuses on web application and network security. McHenry acts as a liaison between customers, the F5 sales team, and the F5 product teams, providing a hands-on, real-world perspective. Prior to joining F5 in 2008, McHenry, a self-described “IT generalist”, held leadership positions within a variety of technology organizations, ranging from startups to major financial services firms.

Twitter: @bamchenry

Articles by Brian A. McHenry

cloud-security

To The Cloud, But Securely

By now, you’ve seen some breakdown of SaaS vs. PaaS vs IaaS, with respect to security. You’ve also probably seen the most common piece of security advice, which is “patch your (stuff)”. For Software-aaS, the service provider handles patching and system maintenance. Your security concerns are going to be negotiated in all sorts of legal …

0 comments
access enter key and keys icon.

Perfect Forward Secrecy

Perfect Forward Secrecy. The term sounds like something out of the latest Bond film. When I first checked how to configure PFS ciphers several years ago, I couldn’t find much documentation because I didn’t realize that that PFS described a class of ciphers, which included Diffie Hellman Ephemeral (DHE) and Elliptic Curve DHE (ECDHE). Further …

0 comments
UK Plc to Take Security Seriously

F5 Releases 2017 State Of Application Delivery Report

Today F5 Networks released its third annual State of Application Delivery report. Data comes from a customer survey of over 2,000 IT professionals across the networking, application, and security realms, and examines the vital role application services play in enabling enterprises to deploy applications faster, smarter, and safer. Survey responses came from around the globe, …

0 comments
Ethernet cable with fiber optic background

High Speed Internet Security And Safety

This column is now in its third year with Information Security Buzz. As a result, there are now two past “security predictions” entries for 2015 and 2016. For 2015, I predicted that HTTP/2 and TLS 1.3 would have a disrupting effect on the Internet. Perhaps because I missed the mark on Internet disruption, I was …

0 comments
appsec

Breaking Through At AppSecUSA 2016

Recently, I attended AppSecUSA, which was held in Washington, DC from October 11th through the 14th. I last attended AppSecUSA in 2013 in New York City, and was fortunate enough to participate in Web Application Defenders’ training led by Ryan Barnett. Each year, the talks and training improve dramatically for OWASP’s biggest meeting here in …

0 comments
Cybersecurity-networksecurity-1

Injecting Security Into DevOps

DevOps is now being met by the OpsDev movement, which some say is just NetOps with SDN thrown in. But what of our old friend, security? SecDevOps (or is it DevSecOps) just doesn’t roll off the tongue like any of the aforementioned movements in automation and infrastructure-as-code. The cynic in me feels like this digital …

0 comments
cybersecurity-firewall

Deciphering Security Assessment Jargon

Growing up, I think every kid heard a parent or teacher or coach tell them to sit or stand up straight. At the time, it was never quite clear why good posture was so important at the dinner table, in the classroom, or on the field. However, as we grow up, the lesson is apparent: …

0 comments
Ciphers

What Business Needs To Know About Ciphers

When it comes to encryption, there are usually two perspectives in any organization outside of IT or infosec. Those who are concerned with compliance/SSL Labs/green padlocks, and those who are mostly unaware of HTTPS encryption. Increasingly, consumers and businesses alike are choosing selecting services and partners based on HTTPS encryption. More importantly, tools like SSL …

0 comments
Security Service Chaining

Security Service Chaining 101

One of the biggest challenges in information security is adapting to change. While you might say this is true in any profession, allow me to explain why it is particularly true in infosec. Security must be adaptable both on a macro level, as with changes to compliance standards like PCI. However, security must also be …

0 comments
slow-down

Should SSL Slow You Down?

For most of us, when we think “encryption,” we do not immediately think “high performance” or “easy.” However, advances in TLS (the successor to obsolete SSL) and other protocols as well as cipher implementations have greatly reduced the workloads associated with encryption—all while commodity processing power and capabilities continue to increase, despite apparent slow-downs in …

0 comments