interviews

I attended my first DHS S&T Showcase 3 years ago and since then I have looked forward eagerly each year to see what new cyber technologies are emerging from the shadows due to the funding provided by DHS. DHS S&T steps in to help cyber start-ups and government researchers in many ways to get new […]

I have been saying for a while that security automation, orchestration, and response (SOAR) tools are key enablers for tranforming SOC operations. And these tools have matured from glorified python script engines to sophisticated and integated tools over the last couple of years, providing some of the latest machine learning and AI capabilities. This has […]

I have attended several conferences where researchers and practitioners describe some type of early warning system for cyber attacks. Some predictive systems involve the sharing of threat intelligence of attackers’ TTPs; others involve forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection / prevention systems; some use information from […]

When I first conceived the idea for this web site, I wanted to express a holistic, systematic and dynamic approach to designing and operating a secure environment. I had some practical experience to go by and was following the trends in technology that I felt could make a difference in combatting cyber threats of all […]

From working on the Hanover hackers’ case with Dr. Cliff Stoll as described in The Cuckoo’s Egg to re-exploring a nearly 50 year old cold case of the infamous hijacker – DB Cooper – and a lot in between, Jim Christy has been a leading pioneer in the field of digital forensics and computer crime […]

Coming up with an assessment of cyber risk that is meaningful and actionable tends to be a task where practitioners consistently come up short. You are often stuck with two extremes – one extreme saying simply that the sky is falling which doesn’t leave you much room for understanding your options or taking risk reduction […]

I remember reading a novel several years ago by Tom Clancy that featured virtual reality (VR) as part of the plot’s security operations center capabilities. I remember thinking how this will never happen in my lifetime and how Clancy was getting way ahead of himself. Then, recently I was able to attend a conference about […]

Finding the right security solution is often a difficult task, with many complex trade-offs to consider. Building a secure system is even more challenging as history has shown. Designing and building systems that are “tolerant of adversarial cyber actions,” as expressed by our interviewee below, seems a herculean task. So I was quite interested to learn […]

One of the issues I have with standards is that they often take on a life of their own – different from what their authors intended – and, eventually become stale checklists that rob energy and innovation from operations and products. So it is refreshing to see how the National Institute of Standards and Technology […]