“You’re always telling me what to do!” “You never tell me what to do!” “You’re to lazy to actually lead!” A subordinate in a stressful situation can make a lot of allegations but the root of the problem may…
Category: Technology
Incident response: Puzzle pieces and misadventure
The blinds were drawn, a glass of water sat sweating in the humidity, and as I looked around the room some very distraught men in suits looked back at me. The middle of a Midwest summer I had just climbed…
Rosetta Stone (network protocols)
This gallery contains 1 photo →
Draft Rosetta Stone (Incident Response)
This gallery contains 1 photo →
Dungeons and Data Centers
Dungeon Master: You are standing in a brilliant lit server roomed filled with millions of dollars in sunk legacy server costs. You: Roll the dice and advance. Dungeon Master: A DevOps ghoul jumps out from behind an IBM 360 running…
Senate Intelligence Committee hearing on Russia election interference
CISO metrics: Right sizing and right costing an information security program
In the continuing attempt to prove to the wider world I’m a desirable hire as a CISO for a fortune 100 company. I offer the following and hope even if you don’t hire me that you get something of use…
CISO Hunting Tags: What threat hunting should mean to you
If you don’t have a successful information security program don’t waste your dollars or time on threat hunting until you can secure what you own first. There has been much ink spilled on threat hunting in the network. Even the…
New CISO? Get your first 90 days action items here
So you’re a new CISO and you just arrived at the organization. What should your personal interaction project plan look like? I tell CISO’s that they should plan on a few days to simply spin up their technology, get their…
You’re not in our industry WTF do you know about infosec?
This is more from my noisy search for my next windmill to tilt at in what will be the great success of helping an organization become more resilient, capable, and respected for the information security posture they exhibit. I like…
Attribution of cyber adversaries
Key Points: Attribution has three distinct layers; political, technical, and forensic with each having different confidence levels and analysis strategies Adversaries must interact with systems to exploit them and this creates evidence or anomalies that can be used for attribution…
Hiring military leaders off the street
Lots of snark talk from the military types out there. I understand it, but don’t have to agree with it. Over the weekend Military Times put out an article that above the fold states. Defense Secretary Ash Carter wants to…
Am I looking for a job?
I’m a senior executive, a subject matter expert, and an influential strategic leader in cyber security. Why would I always be looking for a job, why would I always be keeping my ear to the ground, and why would I…
Digital forensic books
A not comprehensive reading list. Some of these are new, some are old, but they give a good overview of the discipline. If the book has exercises it is a good idea to do them. Operating System and Platform…
NDU Presentation to the faculty
I’ve been asked to talk about a variety of topics. This particular topic was a strategic look at three policy changes that might degrade, deter, or disrupt adversary capability in cyberspace. NDU IRMC 2016 Presentation (PPT)