2017: Annual Review

2017: Annual Review

Improving is all about measurement and adaptation. Here is my own annual review of my performance in 2017, the good, the bad, and looking ahead!…

Bringing Red Teaming into the Board Room (Part 1)

Bringing Red Teaming into the Board Room (Part 1)

Over the last few months, I've had the pleasure of speaking at a few events on some of my ideas regarding red teaming techniques at the highest levels of the business. To be clear, this is not all about finding more vulnerabilities (a la pen-testing), but rather challenging our assumptions about what it means to protect an organization. I want to summarize some of the key points from this talk…

Reflecting on the Conference Spree

Reflecting on the Conference Spree

These last few months have been crazy for me, especially as we wrap up with Blackhat, Defcon and BSides Las Vegas. Since April, I've been to and spoken at the following events: CyberSecureGov - Washington, DC RVASec - Richmond, VA OSEHRA - Washington, DC ChefConf - Austin, TX MORS Summit - West Point the United States Military Academy SECon - New York, NY BSidesLV - Las Vegas, NV DefCon -…

#Reflections on the President's Executive Order on Cyber Security

#Reflections on the President's Executive Order on Cyber Security

I recently finished up my read of the President's recent Executive Order on cyber security and wanted to summarize some of my main takeaways. The TLDR though; it's currently aimed at the short term and is very narrowly scoped, which, for an issue as expansive and complex as cyber security is going to require a lot more than this EO calls for. A few of the positives: There is a…

Test Driven Compliance

Test Driven Compliance

This is part 2 of a short series on balancing the complexities of regulation and security. The first post provided an overview of some of the challenges that security teams face when they operate in regulated environments, these challenges are then exaggerated by a company's overall size and/or maturity. This post will be the first of several that will focus on possible solutions to these challenges. Background On Test-Driven…