[Updated below 6/8/15] The last ten years of my professional life have been spent working for some amazing companies; architecting and building security solutions that are deployed across the globe in the most demanding circumstances imaginable.  It’s been an incredibly fulfilling, challenging and interesting set of challenges, growth opportunities and ... Read More

There are three immutable rules that pertain to presentations*, even more so important if one’s presentation is in front of several thousand people, live: Never present with kids Never present with a live demo Never present with animals Not doing one outa three ain’t bad 🙂 My 2015 RSA Security ... Read More

If Black Hat and DEF CON are Security Summer Camp, then RSA is the Spring Dance. I think this is my 16th RSA Conference.  I believe I am now eligible for the AARP discount shortly. Beyond the massive amount of customer, partner, analyst and press stuff I have to do ... Read More

Attribution is hard.  It’s as much art as it is science.  It’s also very misunderstood. So, as part of my public service initiative, I created and then unintentionally crowdsourced the most definitive collection of reality-based constructs reflecting the current state of this term of art. Here you go: Faptribution => ... Read More

At the 2015 Kaspersky Security Analyst Summit, I kicked off the event with a keynote titled: “Active Defense and the A.R.T. of W.A.R.” The A.R.T. of W.A.R. stands for “Active Response Techniques of Weaponization and Resilience.” You can read about some of what I discussed here.  I will post the ... Read More

Over the last couple of years, we’ve seen some transformative innovation erupt in networking. In no particular order OR completeness: CLOS architectures and protocols are evolving the debate over Ethernet and IP fabrics is driving toward the outcome that we need both x86 is finding a home in networking at ... Read More

From the “It can happen to anyone” department… A couple of days ago, prior to the announcement that hundreds of celebrities’ nudie shots were liberated from their owners and posted to the Web, I customized some Growl notifications on my Mac to provide some additional realtime auditing of some apps ... Read More

Rich Mogull (Securosis) and I have given  a standing set of talks over the last 5-6 years at the RSA Security Conference that focus on innovation, disruption and ultimately making security practitioners more relevant in the face of all this churn. We’ve always offered practical peeks of what’s coming and ... Read More

The insufferable fatigue of imprecise language with respect to “stopping” DDoS attacks caused me to tweet something that my pal @CSOAndy suggested was just as pedantic and wrong as that against which I railed: I think it's fair to say that you can't "stop" a DDoS attack unless you can ... Read More