*NIX Command Line Foo

Well, not one of my normal blog posts, but I hope some of you geeks out there will find this useful anyways. I will definitely use this post as a reference frequently. I have been using various flavors of UNIX and their command lines from ksh to bash and zsh ... Read More
HP Wolf TeamViewer, insider, application, insider risk, case, threat Palo Alto network IP theft

Cybersecurity Leaders on Insider Threat Awareness Month

September marks the third annual National Insider Threat Awareness Month, launched by various federal agencies to highlight the growing danger insider threats pose to national security. Though the initiative has successfully increased awareness of the risks associated with insider threats, many organizations remain susceptible to attacks. In fact, 60% of ... Read More
Security Boulevard
How To Drive Value with Security Data

How To Drive Value with Security Data – The Full Talk

Last week I keynoted LogPoint’s customer conference with a talk about how to extract value from security data. Pretty much every company out there has tried to somehow leverage their log data to manage their infrastructure and protect their assets and information. The solution vendors have initially named the space ... Read More
A Log Management History Lesson – From syslogd(8) to XDR

A Logging History Lesson – From syslogd(8) to XDR

The log management and security information management (SIEM) space have gone through a number of stages to arrive where they are today. I started mapping the space in the 1980’s when syslog entered the world. To make sense of the really busy diagram, the top shows the chronological timeline (not ... Read More
How To Drive Value with Security Data

How To Drive Value with Security Data

We have been collecting data to drive security insights for over two decades. We call these tools log management solutions, SIMs (security information management), and XDRs (extended detection and response) platforms. Some companies have also built their own solutions on top of big data technologies. It’s been quite the journey ... Read More
Slide from BlackHat 2018 talk about "Why Algorithms Are Dangerous"

Taking Inventory – Where Do We Stand With AI and ML in Cyber Security?

Before diving into cyber security and how the industry is using AI at this point, let’s define the term AI first. Artificial Intelligence (AI), as the term is used today, is the overarching concept covering machine learning (supervised, including Deep Learning, and unsupervised), as well as other algorithmic approaches that ... Read More

Asset Management – Back To The Roots

Asset management is one of the core components of may successful security programs. I am an advisor to Panaseer, a startup in the continuous compliance management space. I recently co-authored a blog post on my favorite security metric that is related to asset management: How many assets are in the ... Read More

2021 Cyber Security Focus: “Unbound”

It’s already early March and the year is in full swing. Covid is still raging and we have been seeing some crazy weather patterns, especially in the south of the United States. While snowed in here in Texas, I took some time to reflect on what’s driving cyber security spend ... Read More

The Data Lakehouse Post 1 – My Database Wishlist – A Rant

In 2015, I wrote a book about the Security Data Lake. At the time, the big data space was not as mature as today and especially the intersection of big data and security wasn’t a well understood area. Fast forward to today, people are talking about to the “Data Lakehouse“ ... Read More
Use of AI for Cyber Security in the Intelligence Community

Use of AI for Cyber Security in the Intelligence Community

This post is about capturing my talking points from the recent conference panel on the “Use of AI for Cybersecurity” at the Intelligence and National Security Alliance (INSA) conference. You can find my musings on the term AI in my previous blog post. Building an AI Powered Intelligence Community (Click ... Read More