Dungeon Master: You are standing in a brilliant lit server roomed filled with millions of dollars in sunk legacy server costs. You: Roll the dice and advance. Dungeon Master: A DevOps ghoul jumps out from behind an IBM 360 running…
Category: Technology
The term “technology” does not follow the same linguistic pattern as “biology” and “geology” because its etymology is different. While “biology” and “geology” are derived from Greek roots, with “bio” meaning life and “geo” meaning Earth, “technology” has Latin roots.
“Technology” comes from the combination of two Greek words: “techne,” meaning skill or art, and “logia,” meaning study or science. So, the term “technology” literally means the study or science of skills or arts. It reflects a broader concept that goes beyond the study of a specific substance (like life or the Earth) to encompass a wide range of human-made tools, systems, and techniques.
Research note: Security testing through forensic resistance
Senate Intelligence Committee hearing on Russia election interference
CISO metrics: Right sizing and right costing an information security program
In the continuing attempt to prove to the wider world I’m a desirable hire as a CISO for a fortune 100 company. I offer the following and hope even if you don’t hire me that you get something of use…
CISO Hunting Tags: What threat hunting should mean to you
If you don’t have a successful information security program don’t waste your dollars or time on threat hunting until you can secure what you own first. There has been much ink spilled on threat hunting in the network. Even the…
New CISO? Get your first 90 days action items here
So you’re a new CISO and you just arrived at the organization. What should your personal interaction project plan look like? I tell CISO’s that they should plan on a few days to simply spin up their technology, get their…
You’re not in our industry WTF do you know about infosec?
This is more from my noisy search for my next windmill to tilt at in what will be the great success of helping an organization become more resilient, capable, and respected for the information security posture they exhibit. I like…
Attribution of cyber adversaries
Key Points: Attribution has three distinct layers; political, technical, and forensic with each having different confidence levels and analysis strategies Adversaries must interact with systems to exploit them and this creates evidence or anomalies that can be used for attribution…
Hiring military leaders off the street
Lots of snark talk from the military types out there. I understand it, but don’t have to agree with it. Over the weekend Military Times put out an article that above the fold states. Defense Secretary Ash Carter wants to…
Am I looking for a job?
I’m a senior executive, a subject matter expert, and an influential strategic leader in cyber security. Why would I always be looking for a job, why would I always be keeping my ear to the ground, and why would I…
Digital forensic books
A not comprehensive reading list. Some of these are new, some are old, but they give a good overview of the discipline. If the book has exercises it is a good idea to do them. Operating System and Platform…
NDU Presentation to the faculty
I’ve been asked to talk about a variety of topics. This particular topic was a strategic look at three policy changes that might degrade, deter, or disrupt adversary capability in cyberspace. NDU IRMC 2016 Presentation (PPT)
Some ICS Reading Resources
Quick hit on some things for reading up on control system security. One of my favorites is Kurtz, R., (2006) “Securing SCADA Systems” this particular book is older, but it has a great section on comparing ICS security protocols. Meant…
Metrics of Precision for Leaders of Security Programs
Slides for my talk at National Defense University Information Resources Management College (IRMC) Metrics_of_Precision_For_Leaders_Of_Security_Programs
Don’t be that guy: Try promoting professionalism and empathy
I’ve hired a lot of people. Between academia, government, and industry I’ve been on hundreds of hiring boards. I’ve been junior enough to be a primary assessor and senior enough to rate other peoples skill at hiring. I like building…