2017 BSIDES NOVA Keynote

Screen Shot 2019-04-07 at 5.00.26 PM

I was honored to be the keynote speaker for the first Northern Virginia BSIDES conference. I talked about a variety of different topics including an overview of the cyber market and how to pitch cyber product ideas.  Read More…

RSA 2017 Vendor Vocabulary — “Agent-less” Solutions and “Machine Learning”

As we prepare to descend on San Fransisco for the 2017 RSA conference, I wanted to take a moment and write a bit about a two terms cyber security vendors are using and the types of questions you should ask as a potential buyer, investor, partner or acquirer of these solutions. These terms are “Agent-less” and “Machine Learning”.
Read More…

While Visiting RSA 2017, Don’t Forget About Testing Security Controls

If you are going to RSA and walk the vendor floor, keep in mind that the vast majority the vendors you will meet are not designed to work together. You may be able to centralize their logs and even orchestrate a cohesive incident response to an event, but you won’t automatically know if you are PCI Compliant, if you have a gaping hole in your NIST Cyber Security Framework program or if your span port is down and all of your DLPs and IPSes are now blind. An answer to this is to look for solutions that can measure your defenses across all of your defensive technologies and identify gaps in your security specified by frameworks written in house, or by vetted industry experts and groups such as PCI, NIST and CIS.
Read More…