I attended my first DHS S&T Showcase 3 years ago and since then I have looked forward eagerly each year to see what new cyber technologies are emerging from the shadows due to the funding provided by DHS. DHS S&T steps in to help cyber start-ups and government researchers in many ways to get new […]

I have been saying for a while that security automation, orchestration, and response (SOAR) tools are key enablers for tranforming SOC operations. And these tools have matured from glorified python script engines to sophisticated and integated tools over the last couple of years, providing some of the latest machine learning and AI capabilities. This has […]

Not going to the RSA 2019 Conference or MWC Barcelona? Maybe it’s sticker shock or the crowds or schedule or whatever. Late winter and spring are usually great times for conferences and a good time to take a break from cooler weather and head to someplace warm. However, if you are like me you may […]

I have attended several conferences where researchers and practitioners describe some type of early warning system for cyber attacks. Some predictive systems involve the sharing of threat intelligence of attackers’ TTPs; others involve forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection / prevention systems; some use information from […]

When I first conceived the idea for this web site, I wanted to express a holistic, systematic and dynamic approach to designing and operating a secure environment. I had some practical experience to go by and was following the trends in technology that I felt could make a difference in combatting cyber threats of all […]

From working on the Hanover hackers’ case with Dr. Cliff Stoll as described in The Cuckoo’s Egg to re-exploring a nearly 50 year old cold case of the infamous hijacker – DB Cooper – and a lot in between, Jim Christy has been a leading pioneer in the field of digital forensics and computer crime […]

Coming up with an assessment of cyber risk that is meaningful and actionable tends to be a task where practitioners consistently come up short. You are often stuck with two extremes – one extreme saying simply that the sky is falling which doesn’t leave you much room for understanding your options or taking risk reduction […]

I recently attended the Fifteenth Annual Forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective at the University of Maryland. The forum was hosted by Professors Lawrence A. Gordon, Martin P. Loeb, and William Lucyshyn. You may remember the interview I did with Professor Gordon a while back on his collaboration with Professor […]

I remember reading a novel several years ago by Tom Clancy that featured virtual reality (VR) as part of the plot’s security operations center capabilities. I remember thinking how this will never happen in my lifetime and how Clancy was getting way ahead of himself. Then, recently I was able to attend a conference about […]