• ATARC: AI Bill of Rights White Paper
  • CSA-DC & ZTA
  • HIPAA Compliance Best Practices
  • LLM AI Security & Governance
  • Microsoft Digital Defense
  • Protecting Your IP & CAD
  • Team Cymru
  • On First Principles' Podcast
ATARC: AI Bill of Rights White Paper

ATARC: AI Bill of Rights White Paper

We are pleased to announce that the Unpacking OSTP’s Blueprint for an AI Bill of Rights White Paper has been published on the ATARC website linked here

and view the View the AI Bill of Rights Framework: Algorithmic Discrimination Webinar:

Any questions or follow up: please address them to Amy Karpowicz Advanced Technology Academic Research Center (ATARC)


Cloud Security Alliance (DC Chapter) and ZTA

Secure By Design is proud to be a member of CSA-DC and a contributor to the development of this white paper.

Although ZT is in its infancy, we hope this informative white paper provides a snapshot of the complexity and infancy of ZT adoption. We believe it helps IT stakeholders with a deeper understanding of:

  • An evolving and broad technology landscape
  • New government initiatives from CISA on a ZT Maturity Model
  • Developing a ZT strategy through conducting a ZT Maturity Assessment and developing a ZT Roadmap
  • The impact of technology, culture, policy, and regulatory factors have on the ability for organizations to adopt a ZTA This paper is a foundation and we at Secure By Design will continue to build upon these tenets.

This white paper concludes with Recommendations on how ecosystem stakeholders can improve collaboration to accelerate the adoption of ZT in their environments and meet government mandates. We trust you will find this white paper a valuable resource and ask you to please join us and become involved with the CSA-DC chapter.


HIPAA Compliance Best Practices

HIPAA Compliance Best Practices

We are pleased to announce our partnership with the https://compliancy-group.com.

Our team has crafted a tailored services offering around our partners' offering. Compliancy Group provides a comprehensive document management platform (SaaS- with no API's or agents) for healthcare compliance management, focusing on simplifying and automating the compliance process across various standards and regulations. Their services are designed to help healthcare entities efficiently manage HIPAA, OSHA, and SOC 2 compliance, while also providing the necessary tools and guidance for training and incident management.

LLM AI Security & Governance

LLM AI Security & Governance Checklist

Today's industry leaders such as OWASP® Foundation continue to provide incredible resources for the community to learn, and help their organizations securely adopt AI.

This newest LLM/AI Security and Governance Checklist from OWASP Top 10 For Large Language Model Applications and folks like Sandy Dunn and Steve Wilson is a great example.

It covers:

  • An overview of Trustworthy and Responsible AI
  • LLM/AI Security and Privacy Challenges
  • Determining an LLM Strategy
  • An action oriented checklist focused on core areas such as: Governance, Security & Privacy, Regulation and AI Inventory.

This is an excellent resource for the community and folks such as CISO's and Security Leaders looking to keep pace with business peers on AI, and facilitate secure AI adoption for their organizations while mitigating risk and implementing governance.

Microsoft Digital Defense

Microsoft Digital Defense Report Building and Improving Cyber Resilience

Learn more: https://microsoft.com/mddr

Dive deeper: https://blogs.microsoft.com/on-the-issues/

Stay connected: @msftissues and @msftsecurity

In this fourth annual edition of the MS Digital Defense Report, MS shares insights on how the threat landscape has evolved and discuss the shared opportunities and challenges we all face in securing a resilient online ecosystem which the world can depend on.

Protecting Your IP & CAD

How will you protect your CAD data once it leaves your hands?

Extend data protection beyond your organization’s IT perimeter In today’s business environment, Computer Aided Designs (CAD) data are shared beyond a company’s IT boundary. That means an organization’s critical intellectual property (IP) based on CAD files, such as blueprints, drawings, illustrations, and simulations, can easily get into the wrong hands. Consequently, loss or breach of proprietary information can result in loss of reputation, sales, and profit, causing irreversible damage.

How do you ensure compliance?

HALOCAD enhances Microsoft 365 E5 compliance to protect CAD files across the production chain, including uncontrolled partner and supplier IT environments.

Enhance your security tools.

Enhance your security tools. Extend the security provided by Microsoft Purview Information Protection to the complete lifecycle of CAD files.

HALOCAD® and Microsoft Information Protection.

Case Studies included.

Team Cymru

What Elite Threat Hunters See

So what really is Threat Reconnaissance? This term basically means to gain visibility far beyond your perimeter to trace threats to their origin and map out the extended infrastructures. This allows you to watch threat actors at work, monitor their infrastructures as they evolve, and trace clear paths between them and their victims.

The objective is to give you the best chance of, not just surviving, but defeating cyber-attacks even before they commence nefarious activity. Adding a threat recon program to your overall security practice allows you to manage risks and/or deal with active threats more effectively. This allows more freedom as you move the needle of cyber resilience from reactive to proactive.

So what do elite threat hunters see, that others can’t? This data sheet will show you quickly.

Zero Trust with Team Cymru

Zero-trust projects come with cost, complexity, flaws and accuracy challenges. Whether you’re looking to address flaws in your zero-trust cloud environments; or you lack the budget and resources to begin, we can help. By adding service-level enforcement and required services and expertise, Team Cymru should be a definite consideration for any security enterprise.

For example, can you currently see activity across Every AS on the internet, observing and scoring both IPv4 and IPv6 addresses? So really what is “Pure Signal,” and why should I care?

This data sheet will help you answer these items quickly. 

On First Principles' Podcast

SBD Sponsors the First Interview for the 'On First Principles' Podcast

SBD is honored to sponsor the 'On First Principles' podcast, where Christian Keil (https://twitter.com/pronounced_kyle), Host and Chief of Staff at Astranis, dives into the complex world of deep tech startups. Christians' mission is to make these deep tech startups approachable and PhD-optional.

Look for our SBD ad (at the 8 min, 40 second mark), where founder Ian Brooke (YC W24) gives his first public interview to talk about Astro Mechanica, a new startup building

electric-adaptive jet engines. And, possibly, the world’s fastest plane. And the cheapest way to orbit. SBD proudly supports deep thinkers and tech innovation and we hope you enjoy this interview.

You can also find the podcast here on YouTube.




Schedule a Consultation