SecurityWeek

2017 September 27

Did You Know: Browsing the Internet is a Risk to the M&A Process?

A discussion of the risks of being caught during the early phases of M&A investigations and research. What can happen and how to protect yourself.

SecurityWeek

2017 June 20

Understanding Looming Threats and the Need to Hunt With Anonymity

My latest Security Week article is on the importance of hunting for threats in the wilds beyond your perimeter, and the need for digital camouflage and body armor when doing so.

SecurityWeek

2017 May 11

Wear Camouflage While Hunting Threats

Threat hunting has become a hot topic in information security. Sometimes threat hunting extends outside the perimeter and merges with threat intelligence. At that point it is important to put on some camouflage.

SecurityWeek

2017 April 11

Treat Security Like a Doctor, Not an EMT

It takes time to properly analyze a file to know if it is safe. Unfortunately the way we deploy many security systems means they need to make decisions in milliseconds, only knowing that a file was bad after the fact. We need to architect around this to give security the time it needs to do inspection right.

SecurityWeek

2017 March 13

Post Breach Identity Theft Monitoring: Too Little Too Late

Breached Companies Must get Ahead of Attacks and Provide Security that Protects Victims Before they are Victimized Again

SecurityWeek

2017 February 08

Cybersecurity Lessons From Kung Fu

It seems like something from a bad martial arts movie but I actually learned an important lesson for cybersecurity from my kung fu instructor. After finishing this article I started to study renaissance rapier fencing. Avoiding the attack rather than blocking it was the first lesson they taught as well.

ISC2 ThinkTank

2017 January 26

Be Vewy, Vewy Quiet.. I'm Hunting Threats! Finding & Dealing with Threats

Join me for what should be a fascinating and informative panel discussion on threat hunting. You can join live to participate in the Q&A or listen to the recording later.

SecurityWeek

2017 January 12

Isolation Based Security Provides Prevention and Enhances Incident Response

Careful Design of Network and System Security Architecture Can Substantially Enhance Security. Detection & Response are often positioned as competing with Isolation & Prevention. While these classes of security solutions often approach the problem in radically different ways, there can be synergies which allow them to significantly reinforce each other.

ISC2 ThinkTank

2016 December 20 1PM EST

I am speaking on the ThinkTank round table "Threats - The Wolf that Never Leaves the Door"  at 1PM EST December 20. Join us here. A recording should be available shortly after the event.

SecurityWeek

2016 October 14

Breaking the ooda loop!

The OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
OODA is an iterative process because after each action you need to observe your results and any new opposing action. The idea is that if you can consistently get to the action faster than your opponent you can beat them. It is typically described using an airplane dogfight analogy – airplanes try to turn more quickly and sharply than their opponent in order to get off a shot. But, as you turn faster and faster the g-forces build and at this point the ever faster OODA loop is more like a centrifuge crushing us. We need to break out of the loop and find a new way to play the security game.

BSidesSF

2016 February 28

I will be speaking at BSidesSF on Sunday at 5:00. The presentation is called "In the Crosshairs: The Trend towards Targeted attacks"