When I led incident response operations at Los Alamos National Laboratory, we subscribed to several ‘threat intelligence’ feeds: big commercial providers, secret-squirrel (theoretically) government only information, and other miscellaneous items. Almost without exception, if the feed did not provide reports that detailed how an attack or intrusion took place and Read more
The School of Athens is one of the most famous images of Renaissance painting, blending Classical historicism with an increasing appreciation for the intellectual history passed down from Greece to the Western world. The figures at the center of this image represent divergent views in how we reason about and Read more
Patrick Howell O’Neill and Chris Bing recently dropped a very interesting report on yet another possible action against Kaspersky by the US government. In this specific case, possible sanctions are oriented around larger actions against Russia, home of Kaspersky, but stands as yet another public blow to the security company Read more
This year I facilitated a discussion – formally, a ‘Peer-to-Peer Session’ – at RSA focused on threat profiling. The concept of ‘threat profiling’ is usually new to infosec practitioners, who are typically used to ‘threat intelligence’, ‘risk management’, and similar terms. Threat profiling as a concept and practice refers to Read more
RSAC Week is upon us, and with it will come a flurry of social media postings emphasizing the lack of value behind the event. Common criticisms include: an overwhelming focus on marketing, a lack of compelling technical content, and overemphasis on glitz. One could describe the event as a gigantic Read more
The information security community is fundamentally no different from any other industry. Whenever a certain feature, concept, or buzzword bubbles to the top of the underlying conversational froth, entities (trying to make money) will attempt to appropriate this idea in some fashion to show that their product ‘fits’ the current Read more
Kaspersky recently released a new public report on a group they refer to as ‘Slingshot’ (https://securelist.com/apt-slingshot/84312/). Aside from being a fairly complex adversary based on the description, one thing immediately struck me in the first paragraph: “This turned out to be a malicious loader internally named ‘Slingshot’, part of a Read more
I’ve played with blogging platforms and efforts previously, but have done so while in especially ‘non-public’ roles – as a US Navy Officer, as a member of Los Alamos National Laboratory, etc. Now that I’ve embarked on this grand private sector experiment with a subsequent increase in public interaction and Read more