Rather than throw more ink on the evolving story of the recent breaches of two security companies. The goal of this short piece is to give actionable insight into things you can do recovering from a vendor exposure. As expected,…
Category: Technology
Incident Response to the FireEye Tool Exposure
There will be a lot of ink spilled on this topic. My only goal with this simple write up is to provide actionable objectives. As such we’re going to start out with a few things to start out the conversation.…
Wild Techdom
Hi, I’m Mitchel and this is my assistant Ron. Welcome to Wild Techdom supported by Mutual of Bromaha. Today we travel to the far off wilds of the cube mazes of Silicon Valley. These are dangerous lands with an entire…
Beware the professional path. There be dragons here
So, there I was talking to some people and I talked about focus of my career not being the same as longevity in my job. You see, long before the gig economy I started moving between jobs and looking for…
Socrates and the Consensus Leader
“You’re always telling me what to do!” “You never tell me what to do!” “You’re to lazy to actually lead!” A subordinate in a stressful situation can make a lot of allegations but the root of the problem may…
Incident response: Puzzle pieces and misadventure
The blinds were drawn, a glass of water sat sweating in the humidity, and as I looked around the room some very distraught men in suits looked back at me. The middle of a Midwest summer I had just climbed…
Rosetta Stone (network protocols)

This gallery contains 1 photo →
Draft Rosetta Stone (Incident Response)

This gallery contains 1 photo →
Dungeons and Data Centers
Dungeon Master: You are standing in a brilliant lit server roomed filled with millions of dollars in sunk legacy server costs. You: Roll the dice and advance. Dungeon Master: A DevOps ghoul jumps out from behind an IBM 360 running…
Senate Intelligence Committee hearing on Russia election interference
CISO metrics: Right sizing and right costing an information security program
In the continuing attempt to prove to the wider world I’m a desirable hire as a CISO for a fortune 100 company. I offer the following and hope even if you don’t hire me that you get something of use…
CISO Hunting Tags: What threat hunting should mean to you
If you don’t have a successful information security program don’t waste your dollars or time on threat hunting until you can secure what you own first. There has been much ink spilled on threat hunting in the network. Even the…
New CISO? Get your first 90 days action items here
So you’re a new CISO and you just arrived at the organization. What should your personal interaction project plan look like? I tell CISO’s that they should plan on a few days to simply spin up their technology, get their…
You’re not in our industry WTF do you know about infosec?
This is more from my noisy search for my next windmill to tilt at in what will be the great success of helping an organization become more resilient, capable, and respected for the information security posture they exhibit. I like…
Attribution of cyber adversaries
Key Points: Attribution has three distinct layers; political, technical, and forensic with each having different confidence levels and analysis strategies Adversaries must interact with systems to exploit them and this creates evidence or anomalies that can be used for attribution…