What do we mean when we say strategic?. Usually the people talking about strategic effort are more interested in effects than in the actual activity of strategic decision making. Most assuredly, strategic leadership that is poor can have just as…
Category: Technology
The term “technology” does not follow the same linguistic pattern as “biology” and “geology” because its etymology is different. While “biology” and “geology” are derived from Greek roots, with “bio” meaning life and “geo” meaning Earth, “technology” has Latin roots.
“Technology” comes from the combination of two Greek words: “techne,” meaning skill or art, and “logia,” meaning study or science. So, the term “technology” literally means the study or science of skills or arts. It reflects a broader concept that goes beyond the study of a specific substance (like life or the Earth) to encompass a wide range of human-made tools, systems, and techniques.
Strategic incident response to increase information security after breaches
Another day, another breach, and more credit cards are on the open market. I’m not sure what the thieves are going to be doing with the credit cards at this point but let’s take a look at where we are…
SecureWorld 2014, Digital forensics and the Internet of things
Slides as promised. This is a redacted slide deck due to the sensitive nature of some of the data. The presentation is meant to be about 2 hours long, but was 45 minutes at SecureWorld in Indianapolis. If you want…
DerbyCon 2014, Higher Education Panel for Hackers
Video: Members of the panel are Bill Gardner @oncee, Ray Davidson @RayDavidson, Adrian Crenshaw @irongeek_adc, Me! @selil @DrWhomPhD Rob Jorgensen. The members of the panel were great and I felt honored to be included. After the video feel free to read…
CERIAS Seminar slides, West Lafayette Indiana
Slides as promised This is an expanded slide deck of a previous presentation. Still got about two-dozen that haven’t made it out front yet 🙂 Threat Intelligence and Digital Forensics (pdf)
S4 IResponder Conference, San Francisco
Slides as promised. S4 IrespondCon Slides (PDF)
CERIAS : What is wrong with all of you? Reflections on nude pictures, victim shaming, and cyber security
I wrote a CERIAS blog post with Dr. Eugene Spafford on the issues surrounding the media and social implications of the exploitation and distribution of images from various celebrities. As an information security researcher I am completely blown away by…
Trans-convergence Thought Exercise
There are a few thoughts and activities going on in my life right now that are starting to pull together into a single thread. The first was Apple’s most recent keynote where they talked about iHealth as a way to…
Trans-convergence
Where is the tech world headed? Where and what will be the enterprise of the future? We are in a post-converged world swimming in a sea of devices and moving into the world of trans-convergence. Where trans refers to changing…
Research note: Strategic compression and the future of information security
In the world of strategic theory there are many pages and gallons of ink exhorting the relative merits of various historical figures thinking. I don’t discount the relative merits of Clausewitz or Sun Tzu but in each entities time their…
Threat actor zero (TA0)
When Mandiant came out with the APT1 report the world was shattered into two camps. In the first camp was a group of people who were happy to have more information on the bad guys entering their networks and doing…
Threat intelligence “know thyself”
I worry about the over use of threat intelligence. The idea of intelligence came to the information technology space in the early 1990s and many from the intelligence world and the information technology community scoffed at the idea. In the…
Response to –>Errata Security: PR will be first up against the wall when the revolution comes
Forbes.com interviews leaders on “10 Ways to Fix Cybersecurity“. It’s useless — in fact (as I’ll demonstrate below) worse than useless.The problem is that these leaders aren’t experts, they are fluff. Their technical competence extends only as far as knowing…
Strategic information security
It’s not only a good idea it is one that most people will never understand making it absolutely the next buzzword at security conventions. Strategy is often misunderstood. It simply isn’t an easy term for most people to get there…