Author

 Troy Leach and Christopher Strand
Twitter
LinkedIn
RSS
E-Mail

Profile of Troy Leach and Christopher Strand

Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9
News & Commentary Posts: 1

Troy Leach is the Chief Technology Officer for the PCI Security Standards Council (SSC). In his role, Mr Leach partners with Council representatives, Participating Organizations and industry leaders to develop comprehensive standards and strategies to secure payment card data and the supporting infrastructure. He is a Congressional subject matter expert on payment security and the current chairman of the Council's Standards Committee. Prior to joining the PCI Council, Mr Leach has held various positions in IT management, software development, systems administration, network engineering, security assessment, forensic analytics and incident response for data compromise.

For the past three years Christopher Strand has served as the Director of Compliance Programs at Bit9. With over 20 years of information technology experience, Strand is the subject matter expert on Bit9's IT Governance, Audit, and Compliance programs. He oversees the development of enterprise network and application security solutions that help organizations deploy positive security to maintain and improve their compliance posture. Previously, Strand held security/compliance positions at Trustwave, Tripwire, EMC/RSA and Compuware. Strand is a PCI Professional (PCIP) and has completed QSA training. He has been trained on and is proficient with other regulatory disciplines including HIPAA, NERC and GLBA. Chris often speaks on security and compliance issues.

Articles by Troy Leach and Christopher Strand
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11375
PUBLISHED: 2018-05-22
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVE-2018-11376
PUBLISHED: 2018-05-22
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.
CVE-2018-11377
PUBLISHED: 2018-05-22
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
CVE-2018-11378
PUBLISHED: 2018-05-22
The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.
CVE-2018-11379
PUBLISHED: 2018-05-22
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.