Since the COVID-19 pandemic began to spread throughout much of the world, I’ve covered how this slowly unfolding catastrophe will impact the business climate of information security, why cost-saving reductions in network defense may be deeply undesirable, and how responses to certain actions in a pandemic landscape will be difficult Read more…
The steadily unfolding COVID-19 pandemic continues to unleash chaos and uncertainty in tandem with the disease’s impacts on human health. In just the past few days, total US new unemployment numbers for the past two weeks increased by over 10 million people, the price of crude oil continues to crash, Read more…
Late 02 January 2020 (US Eastern time), the United States launched a strike outside Baghdad airport killing Qasem Soleimani, Iranian general and leader of the paramilitary Qods Force. General Soleimani was a despicable person responsible for promoting conflict and prolonging strife in various areas of the Middle East (among other Read more…
Throughout the roiling (and often tiring) discussion over the release and disclosure of “offensive security tools” (OST – previously addressed here), one disadvantage is constantly referenced to show the harm of publicly-available hacking tools and techniques. Put most simply, individuals cite how many organizations either have little or no security Read more…
As of this writing (late December 2019), an argument has continued through multiple social media formats on the value (or harm) created by “offensive security tools” (OSTs). As with most discussions taking place online, the discourse – rooted in an originating, absolutist blog post – has rapidly devolved into rival Read more…
Note: This blog post was significantly revised on 17 November 2019 after initial release on 12 November 2019. The primary alteration is within the second paragraph, noting that the initial event that inspired this blog post – an exchange between a security researcher/responder and a journalist – was much more Read more…
On 02 November 2019, Brian Batholomew (at the time of this writing, at Kapsersky Lab) posted a very interesting Twitter poll. To summarize (or in case the poll is removed), the question can be simplified as the following: if someone bought leaked data from the Shadow Brokers, would you still Read more…
At present, I will assume anyone reading this possesses at least a basic familiarity with who Edward Snowden is and the general conception of his actions. The former CIA employee (removed from overseas duty for suspicious behavior in 2009) and former Dell and Booz Allen Hamilton contractor for the NSA Read more…
Something interesting came up in an extended (and wandering) Twitter thread discussing the relevance of certain legacy information security frameworks (like the CIA triad) to modern concerns like disinformation campaigns. The aspects of this discussion that most interested me were the following two items: “Which part of the CIA triad Read more…
I previously recorded some thoughts on the new US government strategy in cyber defense known as “defend forward”. Recently, I had the pleasure and opportunity to take part in a Naval War College exercise implicitly testing this strategy’s implementation and execution in the context of civilian critical infrastructure cyber operations. Read more…