Author

 Allan Alford
Twitter
LinkedIn
RSS
E-Mail

Profile of Allan Alford

Chief Information Security Officer
News & Commentary Posts: 1

Allan Alford is Chief Information Security Officer (CISO) at Forcepoint. In this role he leads Forcepoint's corporate security and governance program, including the implementation of the company's internal user and data protection program for 2,700 employees worldwide. As Forcepoint's CISO, Allan plays a key role in leading the compliance and certification efforts for Forcepoint's security offerings and partners with engineering teams to drive best practices and real-world learnings into security product development.

With more than 25 years of IT and security experience, Alford joined Forcepoint from Pearson, where he was product and business information security officer. Prior to that, Alford held various IT and security positions at Polycom, where he built and managed the product security program and served most recently as CISO. He is currently pursuing a master's degree in information systems and security from Our Lady of the Lake University and received a bachelor's degree with a focus on leadership from DePaul University.

Articles by Allan Alford
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Google to Delete 'Secure' Label from HTTPS Sites
Kelly Sheridan, Staff Editor, Dark Reading,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2598
PUBLISHED: 2018-05-23
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
CVE-2018-1124
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution ...
CVE-2018-1126
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVE-2018-11396
PUBLISHED: 2018-05-23
ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.
CVE-2018-8176
PUBLISHED: 2018-05-23
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.