This is more from my noisy search for my next windmill to tilt at in what will be the great success of helping an organization become more resilient, capable, and respected for the information security posture they exhibit. I like…
Category: Technology
The term “technology” does not follow the same linguistic pattern as “biology” and “geology” because its etymology is different. While “biology” and “geology” are derived from Greek roots, with “bio” meaning life and “geo” meaning Earth, “technology” has Latin roots.
“Technology” comes from the combination of two Greek words: “techne,” meaning skill or art, and “logia,” meaning study or science. So, the term “technology” literally means the study or science of skills or arts. It reflects a broader concept that goes beyond the study of a specific substance (like life or the Earth) to encompass a wide range of human-made tools, systems, and techniques.
Attribution of cyber adversaries
Key Points: Attribution has three distinct layers; political, technical, and forensic with each having different confidence levels and analysis strategies Adversaries must interact with systems to exploit them and this creates evidence or anomalies that can be used for attribution…
Hiring military leaders off the street
Lots of snark talk from the military types out there. I understand it, but don’t have to agree with it. Over the weekend Military Times put out an article that above the fold states. Defense Secretary Ash Carter wants to…
Am I looking for a job?
I’m a senior executive, a subject matter expert, and an influential strategic leader in cyber security. Why would I always be looking for a job, why would I always be keeping my ear to the ground, and why would I…
Digital forensic books
A not comprehensive reading list. Some of these are new, some are old, but they give a good overview of the discipline. If the book has exercises it is a good idea to do them. Operating System and Platform…
NDU Presentation to the faculty
I’ve been asked to talk about a variety of topics. This particular topic was a strategic look at three policy changes that might degrade, deter, or disrupt adversary capability in cyberspace. NDU IRMC 2016 Presentation (PPT)
Some ICS Reading Resources
Quick hit on some things for reading up on control system security. One of my favorites is Kurtz, R., (2006) “Securing SCADA Systems” this particular book is older, but it has a great section on comparing ICS security protocols. Meant…
Metrics of Precision for Leaders of Security Programs
Slides for my talk at National Defense University Information Resources Management College (IRMC) Metrics_of_Precision_For_Leaders_Of_Security_Programs
Don’t be that guy: Try promoting professionalism and empathy
I’ve hired a lot of people. Between academia, government, and industry I’ve been on hundreds of hiring boards. I’ve been junior enough to be a primary assessor and senior enough to rate other peoples skill at hiring. I like building…
Curmudgeon Information Security Officer
After reading the first third of “Disrupted; My Misadventure in the startup bubble” by Dan Lyons I realized that I had been marketing myself all wrong. Hiring managers like the little-emperors of China want happy, go-lucky, youthful, soft individuals to…
Levels of attribution
This gallery contains 1 photo →
Humans, networks, and visualizing risk to the network
Risk is made of disparate components that technologists inherently understand. Decision makers and corporate staff that are not necessarily smart in technology are often left flummoxed by the technobabble. As technologists and information security practitioners it is important to think…
Infosec Risk Management (graphic)
This gallery contains 1 photo →
Infosec reality: When you don’t have the goose that laid the golden egg
You are a CIO or CISO looking at your next budget cycle. You know that there is way more threats operating on innumerable vulnerabilities than you can afford to mitigate. How best to spend the often shrinking budget you have…
A nightmare scenario: FedCyber
Bruce Schenier has his hollywood movie script for cyber terror, and Bob Gourley has a similar scenario at FedCyber. I wanted to answer the call before the presentations because I was going to put it into the perspective of my…