After reading the first third of “Disrupted; My Misadventure in the startup bubble” by Dan Lyons I realized that I had been marketing myself all wrong. Hiring managers like the little-emperors of China want happy, go-lucky, youthful, soft individuals to…
Category: Technology
The term “technology” does not follow the same linguistic pattern as “biology” and “geology” because its etymology is different. While “biology” and “geology” are derived from Greek roots, with “bio” meaning life and “geo” meaning Earth, “technology” has Latin roots.
“Technology” comes from the combination of two Greek words: “techne,” meaning skill or art, and “logia,” meaning study or science. So, the term “technology” literally means the study or science of skills or arts. It reflects a broader concept that goes beyond the study of a specific substance (like life or the Earth) to encompass a wide range of human-made tools, systems, and techniques.
Levels of attribution
This gallery contains 1 photo →
Humans, networks, and visualizing risk to the network
Risk is made of disparate components that technologists inherently understand. Decision makers and corporate staff that are not necessarily smart in technology are often left flummoxed by the technobabble. As technologists and information security practitioners it is important to think…
Infosec Risk Management (graphic)
This gallery contains 1 photo →
Infosec reality: When you don’t have the goose that laid the golden egg
You are a CIO or CISO looking at your next budget cycle. You know that there is way more threats operating on innumerable vulnerabilities than you can afford to mitigate. How best to spend the often shrinking budget you have…
A nightmare scenario: FedCyber
Bruce Schenier has his hollywood movie script for cyber terror, and Bob Gourley has a similar scenario at FedCyber. I wanted to answer the call before the presentations because I was going to put it into the perspective of my…
Adversary interaction: Indicators of sophistication
There are no absolutes including the absence of absolutes. As such any discussion of adversary sophistication is whimsical at best and likely reliant of chains of logic subject to breaking at their weakest link. If you can handle that then…
In defense of not sharing: What is cyber TMI?
I’ve long been a proponent of sharing threat intelligence. The technical level of this sharing is usually at the indicator of compromise (IOC) level. There are several protocols that allow tools to share these IOCs rapidly. IOCs are gathered through…
Research Note: Investigating a breach
Many people are talking about the attribution of the Sony hack. Was it or was it not North Korea? I do not care. I thought I would talk about a couple of things in driving towards attribution and analysis of…
UCF: Digital forensics in the age of the Internet of things: Challenges and opportunities
Abstract: The term “Internet of things” has different meaning to each of the constituent communities building services and devices. One community though is having to rapidly evolve and that is the digital forensics and incident response community. Whether it is…
CERIAS discussion on CISSP and certification in INFOSEC
Here are the slides as promised. 2014 CERIAS CERT Discussion (CISSP) (pdf)
2014 Indianapolis Summit: Threat trends to the enterprise
Slides of my presentation today at the Indianapolis Summit. 2014 November Indianapolis Summit Threat Trends
Research note: Trans-convergence architecture
Apple CEO Tim Cook and previously Steve Jobs talk often about the idea of the iOS application eco-system. I think that is fundamentally flawed thinking. Thinking in terms of operating systems limits the level of innovation by constraining the product…
Lightweight portable threat intelligence for the enterprise
Does your enterprise threat intelligence feed get you down? Does the wide-ranging list of IP’s, URLs, and other IOCs make you feel bloated? Do you have acronym fatigue? Then you should get lightweight portable threat intelligence for the enterprise. It…
Let’s #FixIt: Information security and the fud of the breach
If I told you tomorrow that a major corporation was going to be breached and a huge volume of credit cards or personal identifiable information was going to be released. You would not be surprised. “What is the big deal”,…