I am always on the lookout for new, innovative tools especially ones that break new ground in the cybersecurity fight. At a recent conference I ran across a tool that does that – Verodin – but not in your typical “detect” or “protect” roles that most security tools fall into. Instead, Verodin provides evidence-based, continuous […]

Achieving and maintaining good security posture requires good situational awareness. Achieving “good” situational awareness requires capabilities that accurately reflect network status in real-time and are simple to use and access. Capabilities that are economical on top of these needs are also a must as every CISO tries to stretch a tight budget. So when my […]

A couple of years ago I was investigating a security topic when I ran across some research by a company called Secure Decisions that I found quite interesting and relevant. I reached out to the principal investigator – Dr. Anita D’Amico – the subject of this interview, who responded positively and collegially. Fast forwarding from […]

I attended my first DHS S&T Showcase 3 years ago and since then I have looked forward eagerly each year to see what new cyber technologies are emerging from the shadows due to the funding provided by DHS. DHS S&T steps in to help cyber start-ups and government researchers in many ways to get new […]

I have been saying for a while that security automation, orchestration, and response (SOAR) tools are key enablers for tranforming SOC operations. And these tools have matured from glorified python script engines to sophisticated and integated tools over the last couple of years, providing some of the latest machine learning and AI capabilities. This has […]

I have attended several conferences where researchers and practitioners describe some type of early warning system for cyber attacks. Some predictive systems involve the sharing of threat intelligence of attackers’ TTPs; others involve forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection / prevention systems; some use information from […]

When I first conceived the idea for this web site, I wanted to express a holistic, systematic and dynamic approach to designing and operating a secure environment. I had some practical experience to go by and was following the trends in technology that I felt could make a difference in combatting cyber threats of all […]

From working on the Hanover hackers’ case with Dr. Cliff Stoll as described in The Cuckoo’s Egg to re-exploring a nearly 50 year old cold case of the infamous hijacker – DB Cooper – and a lot in between, Jim Christy has been a leading pioneer in the field of digital forensics and computer crime […]

Coming up with an assessment of cyber risk that is meaningful and actionable tends to be a task where practitioners consistently come up short. You are often stuck with two extremes – one extreme saying simply that the sky is falling which doesn’t leave you much room for understanding your options or taking risk reduction […]