Collaborate Disseminate
This is not strictly an information security post, but the topic likely affects a decent proportion of my readership.Within the last few years I experienced a profound professional “burnout.” I’ve privately mentioned this to colleagues in the industry,… Continue reading Managing Burnout
While listening to a webcast this morning, I heard the speaker mentionThere are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.He credited Cisco CEO John Chambers but didn’t provide any source.Tha… Continue reading The Origin of the Quote "There Are Two Types of Companies"
I am an historian. I practice digital security, but I earned a bachelor’s of science degree in history from the United States Air Force Academy. (1)Historians create products by analyzing artifacts, among which the most significant is the written word…. Continue reading The Origin of the Term Indicators of Compromise (IOCs)
In response to my post More on Threat Hunting, Rob Lee asked:[D]o you consider detection through ID’ing/“matching” TTPs not hunting?To answer this question, we must begin by clarifying “TTPs.” Most readers know TTPs to mean tactics, techniques and proc… Continue reading Even More on Threat Hunting
Earlier this week hellor00t asked via Twitter:Where would you place your security researchers/hunt team?I replied:For me, “hunt” is just a form of detection. I don’t see the need to build a “hunt” team. IR teams detect intruders using two major modes: … Continue reading More on Threat Hunting
I was considering another debate about appropriate cybersecurity measures and I had the following thought: not all networks are the same. Profound, right? This is so obvious, yet so obviously forgotten.Too often when confronting a proposed defensive me… Continue reading Cybersecurity and Class M Planets
I have been associated with network security monitoring my entire cybersecurity career, so I am obviously biased towards network-centric security strategies and technologies. I also work for a network security monitoring company (Corelight), but I am n… Continue reading Have Network, Need Network Security Monitoring
On October 4, 2018, Bloomberg published a story titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” with a subtitle “The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising A… Continue reading Network Security Monitoring vs Supply Chain Backdoors
I was looking for resources on campus network design and found these slides (pdf) from a 2011 Network Startup Resource Center presentation. These two caught my attention:This bothered me, so I Tweeted about it.This started some discussion, and pro… Continue reading Firewalls and the Need for Speed
I am really fired up to join Corelight. I’ve had to keep my involvement with the team a secret since officially starting on July 20th. Why was I so excited about this company? Let me step backwards to help explain my present situation, and forecast the… Continue reading Twenty Years of Network Security Monitoring: From the AFCERT to Corelight