SecurityWeek

2017 June 20

Understanding Looming Threats and the Need to Hunt With Anonymity

My latest Security Week article is on the importance of hunting for threats in the wilds beyond your perimeter, and the need for digital camouflage and body armor when doing so.


SecurityWeek

2017 May 11

Wear Camouflage While Hunting Threats

Threat hunting has become a hot topic in information security. Sometimes threat hunting extends outside the perimeter and merges with threat intelligence. At that point it is important to put on some camouflage.


SecurityWeek

2017 April 11

 

Treat Security Like a Doctor, Not an EMT

It takes time to properly analyze a file to know if it is safe. Unfortunately the way we deploy many security systems means they need to make decisions in milliseconds, only knowing that a file was bad after the fact. We need to architect around this to give security the time it needs to do inspection right.


SecurityWeek

2017 March 13

Post Breach Identity Theft Monitoring: Too Little Too Late

Breached Companies Must get Ahead of Attacks and Provide Security that Protects Victims Before they are Victimized Again


SecurityWeek

2017 February 08

Cybersecurity Lessons From Kung Fu

It seems like something from a bad martial arts movie but I actually learned an important lesson for cybersecurity from my kung fu instructor. After finishing this article I started to study renaissance rapier fencing. Avoiding the attack rather than blocking it was the first lesson they taught as well.


ISC2 ThinkTank

2017 January 26

Be Vewy, Vewy Quiet.. I'm Hunting Threats! Finding & Dealing with Threats

Join me for what should be a fascinating and informative panel discussion on threat hunting. You can join live to participate in the Q&A or listen to the recording later.


SecurityWeek

2017 January 12

 

Isolation Based Security Provides Prevention and Enhances Incident Response

Careful Design of Network and System Security Architecture Can Substantially Enhance Security. Detection & Response are often positioned as competing with Isolation & Prevention. While these classes of security solutions often approach the problem in radically different ways, there can be synergies which allow them to significantly reinforce each other.


ISC2 ThinkTank

2016 December 20 1PM EST

I am speaking on the ThinkTank round table "Threats - The Wolf that Never Leaves the Door"  at 1PM EST December 20. Join us here. A recording should be available shortly after the event.


SINET 16 Awards

2016 November 3

I am proud and excited to be speaking at the 2016 SINET 16 awards event as representative of one of the winning companies, Passages.


SecurityWeek

2016 October 14

Breaking the ooda loop!

The OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
OODA is an iterative process because after each action you need to observe your results and any new opposing action. The idea is that if you can consistently get to the action faster than your opponent you can beat them. It is typically described using an airplane dogfight analogy – airplanes try to turn more quickly and sharply than their opponent in order to get off a shot. But, as you turn faster and faster the g-forces build and at this point the ever faster OODA loop is more like a centrifuge crushing us. We need to break out of the loop and find a new way to play the security game.


ASIS / ISC2 Conference

2016 September 12-15

I will be giving two talks at the ASIS / ISC2 conference in Orlando. The first is on why targeting of attacks will be the next big trend. The second is on how to achieve improved security through application isolation.


HTCIA Conference

2016 August 29,30

I will be speaking at the High Technology Crime Investigation Association (HTCIA) conference. The session is called "Going Online Undercover: Tools, Techniques, and Best Practices"


BSidesSF

2016 February 28

I will be speaking at BSidesSF on Sunday at 5:00. The presentation is called "In the Crosshairs: The Trend towards Targeted attacks"