Richard Bejtlich – Page 7 – WindowsTechs.com

Notes on Self-Publishing a Book

Posted on December 31, 2018 by Richard Bejtlich

In this post I would like to share a few thoughts on self-publishing a book, in case anyone is considering that option.As I mentioned in my post on burnout, one of my goals was to publish a book on a subject other than cyber security. A friend fro… Continue reading Notes on Self-Publishing a Book→

Managing Burnout

Posted on December 21, 2018 by Richard Bejtlich

This is not strictly an information security post, but the topic likely affects a decent proportion of my readership.Within the last few years I experienced a profound professional “burnout.” I’ve privately mentioned this to colleagues in the industry,… Continue reading Managing Burnout→

The Origin of the Quote "There Are Two Types of Companies"

Posted on December 18, 2018 by Richard Bejtlich

While listening to a webcast this morning, I heard the speaker mentionThere are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.He credited Cisco CEO John Chambers but didn’t provide any source.Tha… Continue reading The Origin of the Quote "There Are Two Types of Companies"→

The Origin of the Term Indicators of Compromise (IOCs)

Posted on November 25, 2018 by Richard Bejtlich

I am an historian. I practice digital security, but I earned a bachelor’s of science degree in history from the United States Air Force Academy. (1)Historians create products by analyzing artifacts, among which the most significant is the written word…. Continue reading The Origin of the Term Indicators of Compromise (IOCs)→

Even More on Threat Hunting

Posted on November 24, 2018 by Richard Bejtlich

In response to my post More on Threat Hunting, Rob Lee asked:[D]o you consider detection through ID’ing/“matching” TTPs not hunting?To answer this question, we must begin by clarifying “TTPs.” Most readers know TTPs to mean tactics, techniques and proc… Continue reading Even More on Threat Hunting→

More on Threat Hunting

Posted on November 23, 2018 by Richard Bejtlich

Earlier this week hellor00t asked via Twitter:Where would you place your security researchers/hunt team?I replied:For me, “hunt” is just a form of detection. I don’t see the need to build a “hunt” team. IR teams detect intruders using two major modes: … Continue reading More on Threat Hunting→

Cybersecurity and Class M Planets

Posted on November 2, 2018 by Richard Bejtlich

I was considering another debate about appropriate cybersecurity measures and I had the following thought: not all networks are the same. Profound, right? This is so obvious, yet so obviously forgotten.Too often when confronting a proposed defensive me… Continue reading Cybersecurity and Class M Planets→

Have Network, Need Network Security Monitoring

Posted on October 25, 2018 by Richard Bejtlich

I have been associated with network security monitoring my entire cybersecurity career, so I am obviously biased towards network-centric security strategies and technologies. I also work for a network security monitoring company (Corelight), but I am n… Continue reading Have Network, Need Network Security Monitoring→

Network Security Monitoring vs Supply Chain Backdoors

Posted on October 5, 2018 by Richard Bejtlich

On October 4, 2018, Bloomberg published a story titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” with a subtitle “The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising A… Continue reading Network Security Monitoring vs Supply Chain Backdoors→

Firewalls and the Need for Speed

Posted on September 18, 2018 by Richard Bejtlich

I was looking for resources on campus network design and found these slides (pdf) from a 2011 Network Startup Resource Center presentation. These two caught my attention:This bothered me, so I Tweeted about it.This started some discussion, and pro… Continue reading Firewalls and the Need for Speed→