The Cyber Kill Chain Approach to Security

The Cyber Kill Chain Approach to Security

The Cyber Kill Chain Approach to Security The territory is not real but virtual, and its guardians use software instead of weapons. Nevertheless the security model is the psame—intrusion detection along the kill chain. The Kill Chain is a security framework that’s been successfully practiced by the military for years and is now finding its […]

Good news - Best Jobs In America, Information Security is well ranked!

Good news – Best Jobs In America, Information Security is well ranked!

Hi all, I wish you all a Happy New Year full of good news! And to start it off, check out this article about the best professions in America. Information/IT Security is well ranked, and paying good money too!

3 Certifications IT Professionals Can’t Afford to Ignore

3 Certifications IT Professionals Can’t Afford to Ignore

Today’s technology professionals are under a type of pressure that did not exist 10-to-20 years ago. As technology has improved, so have the threats that can be used against it. These threats can come in the form of security compromises, employees not following protocol, data breaches, lost or damaged data, and much more. Pages: 1 […]

Dinosaur knows-it-all

5 Scary Types of Security Professionals You Will Meet in Your Career

Hello everyone and welcome to the blog! Information Security is cool. We all  know that. But… As most of you know, I’ve been in the market for 16 years now… which gave me the opportunity to meet the brightest security professionals around the globe, and also some who weren’t the sharpest tool in the shed. […]

How to Sell the Value Of Information Security - The four "Rs"

How to Sell the Value Of Information Security – The four “Rs”

Whether you are freelancer in the information security sector trying to convince a company to hire you, or you are struggling with an employer to justify the annual information security budget, explaining the importance and value of what you do is a hurdle most people in the industry face. While those in the infosec industry […]

7 reasons why you SHOULD work in Information Security

7 reasons why you SHOULD work in Information Security

  Dear readers, Wow! what a hit it was! My previous article on  6 reasons why you should NOT work with information security was a block buster, breaking all previous page hits records of this site, and bringing along a deluge of  praises,  insults, and funny comments. I was called a comedian, an a$$hole, a betrayer and a genius, […]

6 Reasons Why You Should NOT Work With Information Security

6 Reasons Why You Should NOT Work With Information Security

This article does not mean to be demeaning to the career I chose to follow, but rather a humorous rundown of facts about being a security professional that cannot be ignored, and are shared amongst several of us. Do not let the items below discourage you, but rather be aware that they are an intrinsic […]

Using Imagery To Avoid Censorship

Using Imagery To Avoid Censorship

Interesting: “It’s really hard for the government to censor things when they don’t understand the made-up words or meaning behind the imagery,” said Kevin Lee, COO of China Youthology, in conversation at the DLD conference in Munich on Monday. “The people there aren’t even relying on text anymore It’s audio, visual, photos. All the young […]

Targeted Attack Against UAE Activist Utilizes CVE-2013-0422, Drops Malware

Targeted Attack Against UAE Activist Utilizes CVE-2013-0422, Drops Malware

Earlier this month, BahrainWatch.org was contacted by an UAE activist, who reported receiving a suspicious email. Upon deeper examination, it was revealed that it was a targeted atttack relying on Java exploit (CVE-2013-0422), which would have dropped a Remote Access Trojan (RAT), if the attack wasn’t detected. The malware was hosted on the isteeler(dot)com domain, […]

The Eavesdropping System In Your Computer

The Eavesdropping System In Your Computer

Dan Farmer has an interesting paper (long version here; short version here) discussing the Baseboard Management Controller on your computer’s motherboard: The BMC is an embedded computer found on most server motherboards made in the last 10 or 15 years. Often running Linux, the BMC’s CPU, memory, storage, and network run independently. It runs Intel’s […]

Network Forensics Defined?

Network Forensics Defined?

One of my research projects this quarter will be focused on a really, really exciting subject: network forensics. While we will likely formally define it in the course of our research, I wanted to briefly explore it in this blog post. As I understand it now, “network forensics” today exists at the confluence of several […]

Making The Case For National Cyber Labs

Making The Case For National Cyber Labs

Recently I received a most interesting link from a friend, about a tiny city that was actually a perfect working model of a real-life city built by the SANS Institute. It had real banking networks, power grid networks, public transit systems, a hospital, a military complex, you name it. It’s a fully decked out city […]