Verzeichnis
Security RipcordCutaway's Observations, Opinions, Rants, Raves, Tantrums, and Tirades
Once again I find myself pointing to tweets by Richard Bejtlich. This time it was actually a retweet of Hogfly who runs the Forensic Incident Response blog. Hogfly recently pointed out an article in Aviation Week titled "China’s Role In JSF’s Spiraling Costs". This article demonstrates the actual cost for a specific project associated with [...]
It is more than obvious now that my ShmooCon talk, Looking into the Eye of the Meter, was canceled. Kelly Jackson Higgins in her Dark Reading article Researchers Postpone Release Of Free Smart Meter Security Testing Tool did a good job describing what InGuardians and I can say about the topic. But even one week later [...]
When I started working for IBM’s Emergency Response Team I was a little intimidated about walking into a client’s environment and quickly providing incident response leadership. Luckily I was trained by Chris Pogue and Harlan Carvey to consider three things when I got on-site: What are you trying to answer? What data do you need [...]
Mentoring can be a powerful learning tool for learning specific topics. I have been thinking about mentoring a little bit because I have often found myself thinking that a mentor would be beneficial to my technological and managerial growth. From my experiences I have determined there are a few requirements to setting up a good [...]
There are several reasons that I am drawn to IT security and incident response. The discovery of what occurred. Protecting a business and its employees from people doing them harm. The need for a breadth and depth of knowledge in many areas. When I was but a young security professional I always wanted to actively [...]
Drop The Refrain The refrain "make it too expensive for the attackers" needs to be retired from the security professional’s vocabulary. It is not going to happen. Making it "too expensive" is not S.M.A.R.T. It also means absolutely nothing to the attackers. The guidance security professionals need to be pushing is that managed business processes [...]
Shmoo Con First of all, I have to say that my talk at ShmooCon 2011 was a great experience. Here is a view from my stand point. Q and Atlas did a great job. You can experience our talk yourself by downloading and watching the presentation generously provided by ShmooCon. Purpose Although this started as [...]
When I left the United States Marine Corps and started college I knew two things. 1. I wanted my career to be in Computer Security and 2. I wanted to work for a group of professionals who operate at the same level of the Force Reconnaissance unit I had the pleasure of serving with for [...]
I recently attended SANS Security 508 at SANS 2010-Orlando. When I told Harlan Carvey that I was going to attend this training he was concerned that I would not be exposed to anything I had not already exposed myself to through work and personal effort. When I arrived on-site I got the same feeling from [...]
The success of Into The Boxes Issue 0×0 was only possible because of the collaboration provided by members of the Digital Forensics and Incident Response community. In order for this publication to continue we need more people to step up and provide their input. As you can see from the first issue we are looking [...]
