All Posts

Excited to be in Tallin for CyCon! Doing a workshop on how we developed the Biden Administration's National Cybersecurity Strategy. Using this blogpost to collect the resources I cite in my talk: US Cyber Strategy Documents PPD 63 (Clinton 1998) 2000 Clinton Plan 2003 Bush Strategy 2009 Obama Cyberspace Policy Review 2018 Trump Strategy 2023 Biden Strategy 2024 Implementation Plan 2026 Trump Strategy Sample One Page Strategies Biden Strategy One-Pager (GAO) General Montgomere

We’re proud to announce a strategic partnership between TPO Group and Legato Security - bringing together two organizations with deep roots in national security and defense to deliver truly end-to-end, mission-ready cybersecurity. This collaboration combines TPO Group’s expertise in cyber defense strategy, incident response, supply chain risk management, and executive advisory with Legato Security’s 24×7 managed detection and response, SOC excellence, and CMMC Level 2–aligned

TPO Group's Rob Knake and Edna Conway sit down with Data Breach Today's Tom Field Expanding digital dependence and geopolitical strain had exposed a critical imbalance in cybersecurity priorities. Organizations had over-focused on software while underinvesting in hardware assurance, leaving critical infrastructure exposed to threats embedded in global supply chains according to TPO Group's Rob Knake and Edna Conway. Read more...

As operational technology (OT) environments outgrow IT-centric risk models, industry leaders are rethinking whether traditional tools like CVSS can meaningfully guide decision-making. In a recent article in OT.Today , TPO Group’s Allan Friedman highlights the core limitation: translating real-world operational context into vulnerability scoring is not just difficult—it’s often impractical. As he notes, the data required to reflect true risk “lives deep within operational en

Bishop Fox and TPO Group today announced a strategic partnership that offers clients access to an end-to-end approach from technical discovery to executive action in order to drive smarter investment and faster response. TEMPE, ARIZONA — Bishop Fox, a leading offensive security firm, and TPO Group , a cybersecurity consultancy specializing in cyber risk management and executive security leadership, today announced a strategic partnership that offers clients access to an end-

TPO Group CEO Rob Knake testified before the House Judiciary Subcommittee on Oversight hearing on “Embedded Threats: Foreign Ownership, Hidden Hardware, and Licensing Failures in America’s Transportation Systems”. In his testimony , Knake set out a strategy for addressing supply chain threats, citing the work of his TPO colleague Allan Friedman on Software Bills of Material (SBOM) and Hardware Bills of Material (HBOM).

T he ISPAB, Chartered by Federal Legislation, identifies emerging managerial, technical, administrative, and physical safeguard issues relative to information security and privacy. The Board advises the National Institute of Standards and Technology (NIST), the Secretary of Homeland Security, and the Director of the Office of Management and Budget (OMB) on information security and privacy issues pertaining to federal government information systems.

At first glance, Geopolitics at the Internet’s Core (Amazon affiliate link) by Fiona M. Alexander, Laura DeNardis, Nanette S. Levinson, and Francesca Musiani reads as a dense technical history of Internet Protocol—that constellation of technical specifications and social agreements that makes the internet work. But this would be a profound misreading. What Alexander, DeNardis, Levinson, and Musiani have actually written is something far more elegiac: a cenotaph for a bygone

In this article published by The Project on National Security and Technology, TPO Group CEO Rob Knake looks at what lessons can be learned from the short-lived Cyber Safety Review Board. Along with almost all other advisory boards at the Department of Homeland Security, the Trump Administration moved quickly to disband the Cyber Safety Review Board (CSRB) in the name of cost savings and government efficiency. Yet the CSRB may not be much dead as it is dormant. The Trump Admin

Nathan Case Jake Williams Tarah Wheeler Bryson Bort Public and private organizations across the United States, especially those with ties to critical infrastructure, are under increasing pressure from Iranian cyber actors after the events of weeks ago. The reality of the initial event and the impact on cybersecurity over the next few months is still being determined. While it is easy to say that the impact on commercial entities is over, the reality is that the Iranian natio