Author

 Andrew Williams
LinkedIn
RSS
E-Mail

Profile of Andrew Williams

Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire
Member Since: 9/17/2018
Author
News & Commentary Posts: 2
Comments: 0

Andrew Williams is the product director for the Cyber Risk Advisory and FedRAMP Assessment Services teams at Coalfire.  As product director, Andrew oversees Coalfire's sales, delivery, and professional development strategy for all advisory and assessment personnel delivering services to cloud computing customers. Andrew works closely with delivery personnel and executive management across Coalfire to ensure Coalfire maintains its position as a thought leader in cloud compliance, and to ensure customers are receiving the best support available.

Since joining Coalfire in 2014, his primary focus has been providing guidance around AWS, Microsoft Cloud and hybrid cloud enterprise level environments in relation to federal, state, and private sector industry best practices. He functions as a subject matter expert for cloud compliance, cloud network architecture, cloud administrator and cloud customer access control, and secure code development. He has extensive experience with the NIST 800-53 framework and the NIST IT security landscape; FedRAMP, FISMA, DISA, and DOD program development and security architecture design; and general controls client advisory. Andrew has supported engagements at more than 40 different cloud service providers.

Andrew holds a business M.A. from Seattle Pacific University and a B.A. in political science from Western Washington University.

Articles by Andrew Williams
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Now, we come here to play Paw-ke Man Go!"
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6497
PUBLISHED: 2019-01-20
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CVE-2018-18908
PUBLISHED: 2019-01-20
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requ...
CVE-2019-6496
PUBLISHED: 2019-01-20
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of...
CVE-2019-3773
PUBLISHED: 2019-01-18
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CVE-2019-3774
PUBLISHED: 2019-01-18
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.