security management

Where Is My Cybersecurity Rosetta Stone?

This week’s theme for National Cyber Security Awareness Month is “Cyber from the Break Room to the Board Room.” Communication, like anything else worth getting better at, takes practice. Sometimes it takes planning to know what we want to say and how we want to say it. We also need to anticipate who our audience is…

The Life Cycle of a Threat Pattern

Applying a structured approach to developing and maintaining significant threat patterns is absolutely key to successfully hunting for the advanced TTPs used by many motivated threat actors. In the post, Context in Risk-Based Threat Patterns, author Demetrio Milea suggested a simple and effective method borrowed from the Software Development Life Cycle (SDLC) to design and maintain threat patterns…

Appetite and Exercise

In my last blog post, I posed the concept of Cyber Risk Appetite as something that all organizations need to consider today.  I used the analogy of a balanced diet of risk – taking some risks to keep the business growing while avoiding so much risk that the business becomes bloated.   The objective is to…

How Hungry is your Organization?

As someone that tries to watch my diet, I know how hard it is to deal with your own appetite. Several things that are my weakness – fresh bread, cold beer, pizza, the list goes on – are definitely not the best elements for a balanced diet.  Most of the time I am able to deal…

Defend the Kingdom – My Final Thoughts

Episode #6 of Defend the Kingdom, “Ghost in the Machine”, brings to close the dramatic battle between good and evil in both Marty’s imagination and his daily work as a security “hunter”.   The episode reveals a highly skilled, persistent, maniacal adversary bent on the Kingdom’s ultimate destruction.  In Marty’s alter-universe, he sees this as an…

E6 – Ghost in the Machine – Curtain Call

The Hunter’s horse panted heavily and churned up dust as it raced down the dirt road towards the Frontier.  The moonlight glanced off the swirling clouds of powder in the horse’s wake.  The Hunter gritted his teeth as the horse careened around a corner. His mind raced.  He wondered if he would make it in…

E6 – Ghost in the Machine – No Longer Fun and Games

Dave Reinhardt, gritty, determined, wizard of MagnaCorp security, arranged his notes on the conference room table once more.   He sat alone briefly while the team took a break.  As he arranged the pages for his upcoming briefing to his fellow executives, he paused to look around the room.  The whiteboards of the breach war room…

E6 – Ghost in the Machine – Phantom Tracks

The Ghost exited the massive wagon nodding at the Guard as he passed. His trips to the wagon had been spaced out such that he knew each Guard had only seen him minimally. Once he had figured out the rotation of the guards’ schedules, it took only patience and time to determine the frequency and…

E6 – Ghost in the Machine – Honey, I’m Home

Greg and Marty exited the data center and made a beeline to their cubicles. Their smug looks made it apparent they were up to no good and enjoying it. They had just left their partners in crime – Erin and Carl – with a laundry list of To Dos. Erin and Carl were now busily…

E5 – The Flies and the Hornet – Technical Dialogue

Episode #5 of Defend the Kingdom, “The Flies and the Hornet”, begins with Marty briefing Dave Reinhardt the CISO on a significant compromise of MagnaCorp’s security.  Improper logins, remnants of cracking utilities and other evidence clearly indicates a serious problem.  The source of the intrusion, while still unknown at this time, points towards a nefarious…