Skip to main content

Posts

Showing posts from 2016

The saga of Norse and an industry indictment

I first interacted with Norse and Sam Glines in 2013, when they were making the rounds in St. Louis pitching their product. They showed up to our office with 3 people and another person on the phone. They couldn't really answer any of my technical questions, but were pleasant enough. I knew right away though, they had nothing to offer me as leader of an IT security program at a then Fortune 500 energy company. Because they had an office in St. Louis and I was keen to see them succeed, I gave Sam advice to the effect that in their current form they were only replicating what Damballa had already done years earlier and much better. I told him they were too early and needed to establish an actual threat intelligence team with experienced, industry recognized analysts. I also recommended they focus on nation state versus the commodity type data they were collecting in the "deep, dark, web". No idea what he actually thought of this, but I'm going to go out on a limb and s

The People Problem - Part 1

Every new year begins with the best of intentions, and I am going to try to blog at least once a month in 2016. There was an absolutely fabulous post by Scott Roberts in January called Introduction to DFIR ( http://sroberts.github.io/2016/01/11/introduction-to-dfir-the-beginning/ ) that I highly recommend reading. That along with my steadfast belief that being good at infosec is primarily dependent on people and not technology, has inspired my first blog post of the year. More than anything, infosec is a problem caused by people that can only be effectively addressed by people. Whether it is coders introducing bugs, business leaders taking excessive cyber risks to accomplish near term business goals, or oblivious users clicking on links and attachments in phishing emails, it a people problem. To drive home this point, lets make an example. Based on the following organizational descriptions, which ones do you think are most secure and alternately which one would you want to work fo