I recently recorded an interview with KCBS, on Obama’s announcement of the Cyber Threat Intelligence Integration Center. I do believe this is good news, but I confess, I worry about the way all these proposals indicate how data will go in to the government, with very little said about how anything will ever come out. […]
The idea of the US and UK working together on war-games is a good one. It recognizes that we are in a war, and that we are losing. We need to improve our defensive game. Chris Inglis, the former NSA director, has commented that the state of security today massively favors the attacker – […]
Unemployment is bad, so negative unemployment must be good, right? Um, no. (I’ll steal a line from Douglas Adams: “It’s unpleasantly like being drunk” … “What’s so unpleasant about being drunk?” … “Well, ask a glass of water.”) Security as an industry is short-staffed – critically so, and it’s getting worse.
This came into sharp […]
It’s unthinkable: hackers targeting that sacrosanct American institution, the sports team? The recent incident in which the Houston Astros’ internal trade discussion were hacked and posted on the Internet shows that, today, no target is off limits. Jeff Luhnow, GM for the Astros, was quite right when he said: “It’s a reflection of the age […]
Google’s move to set up Project Zero is very welcome. The infrastructure on which we run our businesses and our lives is showing its fragile nature as each new, successful attack is disclosed. Unfortunately, we all share significant risks, not least because IT tends towards “monoculture”, with only a few major pieces of hardware and […]
I recently wrote about the necessity of getting the right data for security analytics. But I’m continuously reminded how typical organizations lack an even roughly complete understanding of their network, or even a map of it. I can understand why this happens – entropy is just as inevitable for organizations as it is in Physics. […]
I remember when I first started trying to solve network security problems, using fancy network analytics. I applied the classic suspension of disbelief that’s necessary to work on any emerging technology – first, you assume all the hard problems will be easy, and second, you assume the impossible ones will just go away. Happily, much […]
I recently attended a gathering of Wall St CISOs, one of whom referred to the “negative unemployment” in our industry. I thought this was a great phrase, and I’ve found it’s a quick way to get across some quite deep points about current security.
At first, it just sounds cute, but in practice, it’s about […]