Brian A. McHenry

3144 0

BrianAs a Senior Security Solutions Architect at F5 Networks, Brian McHenry focuses on web application and network security. McHenry acts as a liaison between customers and the F5 product teams, providing a hands-on, real-world perspective. He is a regular contributor on InformationSecurityBuzz.com, a co-founder of BSidesNYC, and a speaker at AppSecUSA, BC Aware Day, GoSec Montreal, and the Central Ohio Infosec Summit, among others. Prior to joining F5 in 2008, McHenry, a self-described IT generalist, held leadership positions within a variety of technology organizations, ranging from startups to major financial services firms. Follow him on twitter @bamchenry



Articles by Brian A. McHenry

Internet

The Internet of Thingbots

If you follow technology news, then it’s almost impossible to avoid some mention of “the Internet of Things” or IoT, for short. With the proliferation of smart home devices ranging from lighting to garage door openers to thermostats to cameras and the use of other smart devices in enterprises, the challenges and growth in IoT …

0 comments

Black Hat USA 2017: Bigger and Better (?)

The 20th edition of Black Hat USA (BHUSA) did not disappoint, if your expectations were the largest exhibit floor, the most lasers, and the biggest attendance ever. Black Hat USA has become one of the most anticipated infosec conferences of the year, and anchors a week that has become affectionately known as Infosec Summer Camp, …

0 comments

What’s New In The OWASP Top 10 And How TO Use It

As a student of web application security over the last decade, a constant touchstone has been all of the educational tools and projects available from the Open Web Application Security Project (OWASP). OWASP does a phenomenal job of publishing tools, promoting and funding projects, and fostering a community of students and professionals passionate about application …

0 comments

Balancing Simplicity in Security

Complexity is the enemy of security. I first heard this truism from an interview with Bruce Schneier way back in 2001. In the years since, infrastructures have only grown more complex. Virtualization in its many forms is a chief contributor to complexity. Containers within hypervisors within clouds within data centers. As we’ve seen the barriers …

0 comments

Keep The Security Light On Without Burning Out

At BC Aware Day in Vancouver this past February, I was lucky enough to attend Jack Daniel’s InfoSec Survival Skills talk. Check out the recording or find Jack at a local security conference near you. Jack’s talk focuses a lot on the stresses and triggers we deal with as security practitioners and the coping mechanisms …

0 comments

To The Cloud, But Securely

By now, you’ve seen some breakdown of SaaS vs. PaaS vs IaaS, with respect to security. You’ve also probably seen the most common piece of security advice, which is “patch your (stuff)”. For Software-aaS, the service provider handles patching and system maintenance. Your security concerns are going to be negotiated in all sorts of legal …

0 comments

Perfect Forward Secrecy

Perfect Forward Secrecy. The term sounds like something out of the latest Bond film. When I first checked how to configure PFS ciphers several years ago, I couldn’t find much documentation because I didn’t realize that that PFS described a class of ciphers, which included Diffie Hellman Ephemeral (DHE) and Elliptic Curve DHE (ECDHE). Further …

0 comments
UK Plc to Take Security Seriously

F5 Releases 2017 State Of Application Delivery Report

Today F5 Networks released its third annual State of Application Delivery report. Data comes from a customer survey of over 2,000 IT professionals across the networking, application, and security realms, and examines the vital role application services play in enabling enterprises to deploy applications faster, smarter, and safer. Survey responses came from around the globe, …

0 comments

High Speed Internet Security And Safety

This column is now in its third year with Information Security Buzz. As a result, there are now two past “security predictions” entries for 2015 and 2016. For 2015, I predicted that HTTP/2 and TLS 1.3 would have a disrupting effect on the Internet. Perhaps because I missed the mark on Internet disruption, I was …

0 comments

Breaking Through At AppSecUSA 2016

Recently, I attended AppSecUSA, which was held in Washington, DC from October 11th through the 14th. I last attended AppSecUSA in 2013 in New York City, and was fortunate enough to participate in Web Application Defenders’ training led by Ryan Barnett. Each year, the talks and training improve dramatically for OWASP’s biggest meeting here in …

0 comments