We're preparing to go live with the Red Sky Alliance portal. We've been working hard to invite the right companies to participate --they must participate, contribute, and be interested in building a smart, interactive community to share data on hard problems they face -espionage, fraud, theft.
I'm happy to say that we've received commitments for three large financial institutions to kick off the membership as Founders. I'm most happy that these institutions are known to have great infosec shops who already know each other, and offer the highest possible probability of sharing high quality threat and incident data. Our Founding memberships will be rounded out soon for Banking/Finance, but we still have a couple of openings in other areas.. We currently have membership invitations out to members of the Defense, Energy, and Retail sectors both in the US and abroad. We're not chasing critical infrastructure, and encourage international participation. So if your company is experiencing APT, denials of service, theft of data, or other hard problems, don't go it alone! Join the Red Sky Alliance and get some help!
Interested? Request an invitation. jstutzman@redskyalliance.org or jmckee@redskyalliance.org
Happy New Year all!
Jeff
Saturday, December 31, 2011
Wednesday, December 07, 2011
EXCELLENT report by ENISA
The European Network and Information Security Agency released publicly today
This is one of the best reports I've read in a while. Bravo Zulu (that's Navy for great job!) to the authors!
This report is co-authored by a number of folks that I recognized immediately.. many are FIRST (maybe all?) but one of the best things in the report is how CERTs share information, detailing the pros and cons. In the end however, the document calls out data sharing as the most effective way to proactively stop attacks before they're allowed to occur. Powerful stuff. Easier said than done however.
Data formats must be lite and low in false positives;
Legal constraints are ALWAYS an issue;
Trust between participants is critical... tech feeds without knowing who's on the other end don't work;
The right information must be share in the right way... protected;
Information sharing organizations are less effective when the memberships don't know each other.
It's a long read, but a must read.
Great job to the authors.
Jeff
Proactive detection of network security incidents, report
This report describes available external sources of information and internal monitoring tools which can be used by CERTs to improve their capabilities to detect network security incidents.This is one of the best reports I've read in a while. Bravo Zulu (that's Navy for great job!) to the authors!
This report is co-authored by a number of folks that I recognized immediately.. many are FIRST (maybe all?) but one of the best things in the report is how CERTs share information, detailing the pros and cons. In the end however, the document calls out data sharing as the most effective way to proactively stop attacks before they're allowed to occur. Powerful stuff. Easier said than done however.
Data formats must be lite and low in false positives;
Legal constraints are ALWAYS an issue;
Trust between participants is critical... tech feeds without knowing who's on the other end don't work;
The right information must be share in the right way... protected;
Information sharing organizations are less effective when the memberships don't know each other.
It's a long read, but a must read.
Great job to the authors.
Jeff
Sunday, December 04, 2011
Survey - Smartphone security
Please take a moment and answer this one question survey for me? I'm interested in understanding public perception of smartphone security.
http://linkd.in/vGeahI
Thanks,
Jeff
http://linkd.in/vGeahI
Thanks,
Jeff
Saturday, December 03, 2011
Red Sky Alliance is growing!
The Red Sky Alliance is growing!
I look forward to seeing you in the boards!
Jeff
- Three new companies are expected to join us -one more large bank, one small bank, and a nuclear energy plant have all committed and are in various stages of entering the membership.
- One new executive has been added to the ranks of our advisory board. A more formal announcement will be made later, the but our newest board member is an EVP with a Fortune 100 financial institution and currently serves as their head of their Threat and Intelligence organization.
- Red Sky now has a LinkedIn Group, and with only a few days online, boasts an impressive constituency of nearly half from the Infosec CXO and VP ranks and a rest, a few hand selected consultants (for their ability to add real value to Infosec disussions).
I look forward to seeing you in the boards!
Jeff
Monday, November 28, 2011
Red Sky® Alliance named Industry Partner of the CISO Executive Network for Private Information Sharing and Collaboration
This is great news! As many of you know I've been doing a bit of consulting to the Red Sky Alliance. The Alliance is a private social networking site where members can talk to each other in a trusted forum (The theme song to "Cheers" is running through my head right now). The site is set up with mature rules for vetting new members, and complete peer review for anyone participating. Enjoy private instant messaging, running forums, even private groups (that don't show up in search results) inside the system that may be used for out of band communications for, well, choose your occasion.. incident response perhaps?
That said, building trust online begins with building trust in person. The CISO Executive Network has done amazing work in bringing CISOs from all kinds of companies into trusted forums in person, and is now recommending the Red Sky Alliance as a venue to extend those relationships online for private collaboration.
Press Release:
11/21/2011 - Red Sky® Alliance named Industry Partner of the CISO Executive Network for Private Information Sharing and Collaboration
Red Sky® Alliance is happy to announce that it has been named an Industry Partner of the CISO Executive Network.
Building trust between companies starts with building trust between people. “CISO Executive Network has done amazing work in developing trusted relationships among information security executives,” said Jim McKee, President, Red Sky® Alliance. These relationships are central to the trust required when sharing highly sensitive threat information in the Red Sky® Alliance private networking environment. “We can’t begin to emphasize how important these personal relationships are when building collaboration among companies,” notes Bill Sieglein, Founder and CEO of CISO Executive Network. “We are pleased to recommend Red Sky® Alliance for private collaboration among our members.”
About CISO Executive Network: The CISO Executive Network is a peer-to-peer organization dedicated to helping information security, IT risk management, privacy, and compliance executives to be more successful. It accomplishes this mission by providing opportunities for those professionals to meet periodically in their local cities to share with one another and hear from industry experts.
More to follow later on Red Sky Alliance, but for now know, we've got world class analysts in the backend to 'keep the conversation moving', analyze activity (and malware), and help companies strategize on how best to cope with the new threats.
www.redskyalliance.org
Cheers!
JLS
That said, building trust online begins with building trust in person. The CISO Executive Network has done amazing work in bringing CISOs from all kinds of companies into trusted forums in person, and is now recommending the Red Sky Alliance as a venue to extend those relationships online for private collaboration.
Press Release:
11/21/2011 - Red Sky® Alliance named Industry Partner of the CISO Executive Network for Private Information Sharing and Collaboration
Red Sky® Alliance is happy to announce that it has been named an Industry Partner of the CISO Executive Network.
Building trust between companies starts with building trust between people. “CISO Executive Network has done amazing work in developing trusted relationships among information security executives,” said Jim McKee, President, Red Sky® Alliance. These relationships are central to the trust required when sharing highly sensitive threat information in the Red Sky® Alliance private networking environment. “We can’t begin to emphasize how important these personal relationships are when building collaboration among companies,” notes Bill Sieglein, Founder and CEO of CISO Executive Network. “We are pleased to recommend Red Sky® Alliance for private collaboration among our members.”
About CISO Executive Network: The CISO Executive Network is a peer-to-peer organization dedicated to helping information security, IT risk management, privacy, and compliance executives to be more successful. It accomplishes this mission by providing opportunities for those professionals to meet periodically in their local cities to share with one another and hear from industry experts.
======================================
More to follow later on Red Sky Alliance, but for now know, we've got world class analysts in the backend to 'keep the conversation moving', analyze activity (and malware), and help companies strategize on how best to cope with the new threats.
www.redskyalliance.org
Cheers!
JLS
Thursday, November 24, 2011
Blackberry Playbook.. Number 8 turkey? Not in my book!
It's Thanksgiving morning. I'm watching the Macy's parade and had vowed that I wouldn't open my computer. Well, we know how that goes.. it's like crack. And speaking of crack, I just read an article that offered up the ten 'turkeys' of 2011. Most I agree with except one... (this is where I get to the crack part)...
The Blackberry Playbook. My crackberry only better. I'm here to tell you, this is one of my favorite tech toys. When I used to carry my MacBook everywhere I went (I'm a crazy Mac fan.. have been since WAAAYYYY before it was cool), I now leave the MacBook at home and carry the Playbook everywhere I go. Let me tell you why... For $300 I bought a device that mimicks my favorite phone -the Blackberry Torch 9810 --the 4G model. Between the two devices -my phone which tethers to the Playbook as a 4G modem and the Playbook with a slightly larger screen, I get 4G speeds on the same plan as my phone (I could have cracked it with free 4G but chose not to). So it falls under the same all you can eat plan I had before, all of the applications of the Blackberry Torch (which I also love --mostly the tactile touch of the keyboard) and now full functionality of a tablet with 4G, an incredible display, and at a great price. Last, as a long time Infosec guy, I got to see the OSD Deputy CIO speak at the ACT/IAC Executive Leadership Conference in Williamsburg last month. Rob stood in front of an audience of about 800 of us at lunch time and told us how and why he believed Blackberry to still be the safest mobile platform. I'm not going channel Rob or try and recount the quotes, but I've seen the presentation a couple of times now. I'm a believer.
Ok, it's off my chest. I love my Macs, but I also love my Torch/Playbook combo. 4G ( ...yes, I know what the H+ means on my display), all of my blackberry apps, the tactile touch of the keyboard if I get so frustrated on the glass that I absolutely MUST have it, and the ability to manage/edit documents on a slightly smaller more convenient platform than others --all wrapped in a more secure platform (as described by sources I tend to believe) to be more secure than the iPad and Android platforms? I'm a happy guy.
Happy Thanksgiving everyone! I'm going back to the Macy's Parade :)
JLS
The Blackberry Playbook. My crackberry only better. I'm here to tell you, this is one of my favorite tech toys. When I used to carry my MacBook everywhere I went (I'm a crazy Mac fan.. have been since WAAAYYYY before it was cool), I now leave the MacBook at home and carry the Playbook everywhere I go. Let me tell you why... For $300 I bought a device that mimicks my favorite phone -the Blackberry Torch 9810 --the 4G model. Between the two devices -my phone which tethers to the Playbook as a 4G modem and the Playbook with a slightly larger screen, I get 4G speeds on the same plan as my phone (I could have cracked it with free 4G but chose not to). So it falls under the same all you can eat plan I had before, all of the applications of the Blackberry Torch (which I also love --mostly the tactile touch of the keyboard) and now full functionality of a tablet with 4G, an incredible display, and at a great price. Last, as a long time Infosec guy, I got to see the OSD Deputy CIO speak at the ACT/IAC Executive Leadership Conference in Williamsburg last month. Rob stood in front of an audience of about 800 of us at lunch time and told us how and why he believed Blackberry to still be the safest mobile platform. I'm not going channel Rob or try and recount the quotes, but I've seen the presentation a couple of times now. I'm a believer.
Ok, it's off my chest. I love my Macs, but I also love my Torch/Playbook combo. 4G ( ...yes, I know what the H+ means on my display), all of my blackberry apps, the tactile touch of the keyboard if I get so frustrated on the glass that I absolutely MUST have it, and the ability to manage/edit documents on a slightly smaller more convenient platform than others --all wrapped in a more secure platform (as described by sources I tend to believe) to be more secure than the iPad and Android platforms? I'm a happy guy.
Happy Thanksgiving everyone! I'm going back to the Macy's Parade :)
JLS
Wednesday, November 16, 2011
Infosec and beer! It's a hit!
A bit of a hickup last night. In my invitation I called out the Westin but gave the link to the Sheraton. The hotels are side by side up in Linthicum Heights. None the less, it was a great turnout and happy hour was terrific. It was really good seeing many of you again! Who knew Delta flight crews were so Infosec savvy?
Anyway, next time we'll pick a non-hotel venue.. I'm thinking maybe Max's Taproom in Fells Point? Any suggestions?
Jeff
Anyway, next time we'll pick a non-hotel venue.. I'm thinking maybe Max's Taproom in Fells Point? Any suggestions?
Jeff
Tuesday, November 15, 2011
Happy hour tonight?
Sheraton Linthicum Heights, MD
http://www.starwoodhotels.com/sheraton/property/overview/index.html?propertyID=1495
5:30 ish?
See you there!
Jeff
http://www.starwoodhotels.com/sheraton/property/overview/index.html?propertyID=1495
5:30 ish?
See you there!
Jeff
Friday, November 11, 2011
Three days of CISO summits...
I've spent the last three days in two different information sharing forums, having no less than four industry segments talk about what's happening in APT in their environments. Tuesday and Wed were spent with about 150 of my closest DIB, banking/finance, and communications sector friends, and yesterday with healthcare CISOs at the CISO Executive Network Annual Healthcare Summit.
My sample size is only about 100 companies across the four sectors, and not exactly scientific in my methods, but here's what I found out:
1. Every CISO wants to do the right thing.
2. Most know about APT, but only a few actually have the resources to protect themselves.
3. The hype can be overwhelming. While many know, APT means a lot of things to a lot of people, including now a subset of APT - Anti-Exploitation Threats (AET) --those anti-forensic techniques taken by attackers. I'm not sure they're actually different, but I am sure a new name is being tossed around.
4. CISOs don't know how to talk their management about APT, and therefore can't articulate the need for resources.
Here's the good stuff:
1. There was an entire presentation yesterday about how CISOs can articulate gaps in defenses using compliance language and graphics. I learned something new, and will probably call the company for a demo!
2. CISOs want to do the right thing!
3. Information sharing works! When CISOs can get in a room, either physical or virtual, without threat of oversight, regulatory pressures, etc., they talk! And when they talk, everyone gets something.
Before I leave.. I've got a few RSVPs for Happy Hour on the 15th. Drop me a note!
JLS
My sample size is only about 100 companies across the four sectors, and not exactly scientific in my methods, but here's what I found out:
1. Every CISO wants to do the right thing.
2. Most know about APT, but only a few actually have the resources to protect themselves.
3. The hype can be overwhelming. While many know, APT means a lot of things to a lot of people, including now a subset of APT - Anti-Exploitation Threats (AET) --those anti-forensic techniques taken by attackers. I'm not sure they're actually different, but I am sure a new name is being tossed around.
4. CISOs don't know how to talk their management about APT, and therefore can't articulate the need for resources.
Here's the good stuff:
1. There was an entire presentation yesterday about how CISOs can articulate gaps in defenses using compliance language and graphics. I learned something new, and will probably call the company for a demo!
2. CISOs want to do the right thing!
3. Information sharing works! When CISOs can get in a room, either physical or virtual, without threat of oversight, regulatory pressures, etc., they talk! And when they talk, everyone gets something.
Before I leave.. I've got a few RSVPs for Happy Hour on the 15th. Drop me a note!
JLS
Saturday, November 05, 2011
In search of Infosec talk and beer... two of my favorite things!
It's Saturday morning. I'm having coffee and doing my required reading looking for opportunities to have happy hour next week with a few information security folks in the S. Baltimore area. Thought it might be fun to get a small group going to share insights over a beer and wings.
My first stop was LinkedIn. I have to say, I love LinkedIn. I'm a long time user. Don't really care for Facebook or the others but I like LinkedIn. I thought I might send a note to a few of my contacts who are close enough to not have to go out of their way, but also who might actually have fun sharing information and experiences with others in my network. So I pulled four names from my contacts list. I'm generally pretty good about vetting those with whom I connect with, so those names are rock solid. They're all either CISOs or have been CISOs, but all have mad analysis skills, and frankly, are just plain fun to talk to!
Then I thought it might be fun to expand my search to figure out who might be in local groups that might share similar experience. While I'm not really interested in having a full blown morning conference, it might be fun to at least see who's around that might be fun to chat with another time. What'd I find? I found great stuff -I'm a daily reader of Cyber Aurora. Love it. I also found some not so great stuff. I'm not sure I'd like to out groups -they seem to thrive, but there's just SOOO much crap out there. In groups that would seem like no-kidding groups of smart folks, the marketing hype is knee deep! I remember once seeing someone with their arm over their head. I asked what he was doing. He replied he was saving his watch because the crap was rising fast (he used a different word!). It's what I'm seeing in many of the Infosec groups, and much of the noise we're hearing from vendors, a ton of startups, and seemingly in the news. One news guy I used to know (a CNN guy) used to say "If it bleeds it leads!". APT bleeds. One might also add to that... "If it bleeds it leads, and generates revenue!". I believe most vendors (based on personal experience in hearing the pitches) don't have any experience fighting APT. I'll tell you, I heard one L7 content monitoring and filtering (a data protection company) tell thirty CISOs in a conference room that his product (and his product alone) could stop all APT exfiltration. Hmmm.
So here's the deal. I'm looking for a few folks to pull together a local happy hour meet-up. Heck, I'll buy the first round. Here's what I'd ask.. Be a commercial infosec practitioner (I talk to government people all the time!). Have an opinion! I'd love to hear your thoughts on infosec (especially APT), trends you're seeing, products you use..
Join me? I'm looking at Tuesday 11/15 about 5. Location TBD.. I'm open to suggestions.
Jeff
My first stop was LinkedIn. I have to say, I love LinkedIn. I'm a long time user. Don't really care for Facebook or the others but I like LinkedIn. I thought I might send a note to a few of my contacts who are close enough to not have to go out of their way, but also who might actually have fun sharing information and experiences with others in my network. So I pulled four names from my contacts list. I'm generally pretty good about vetting those with whom I connect with, so those names are rock solid. They're all either CISOs or have been CISOs, but all have mad analysis skills, and frankly, are just plain fun to talk to!
Then I thought it might be fun to expand my search to figure out who might be in local groups that might share similar experience. While I'm not really interested in having a full blown morning conference, it might be fun to at least see who's around that might be fun to chat with another time. What'd I find? I found great stuff -I'm a daily reader of Cyber Aurora. Love it. I also found some not so great stuff. I'm not sure I'd like to out groups -they seem to thrive, but there's just SOOO much crap out there. In groups that would seem like no-kidding groups of smart folks, the marketing hype is knee deep! I remember once seeing someone with their arm over their head. I asked what he was doing. He replied he was saving his watch because the crap was rising fast (he used a different word!). It's what I'm seeing in many of the Infosec groups, and much of the noise we're hearing from vendors, a ton of startups, and seemingly in the news. One news guy I used to know (a CNN guy) used to say "If it bleeds it leads!". APT bleeds. One might also add to that... "If it bleeds it leads, and generates revenue!". I believe most vendors (based on personal experience in hearing the pitches) don't have any experience fighting APT. I'll tell you, I heard one L7 content monitoring and filtering (a data protection company) tell thirty CISOs in a conference room that his product (and his product alone) could stop all APT exfiltration. Hmmm.
So here's the deal. I'm looking for a few folks to pull together a local happy hour meet-up. Heck, I'll buy the first round. Here's what I'd ask.. Be a commercial infosec practitioner (I talk to government people all the time!). Have an opinion! I'd love to hear your thoughts on infosec (especially APT), trends you're seeing, products you use..
Join me? I'm looking at Tuesday 11/15 about 5. Location TBD.. I'm open to suggestions.
Jeff
Friday, October 28, 2011
Information Sharing... part 3/3
This is the third part of a three part post. I started with "you don't know what you don't know" moved to "pick one!", and now I'm moving into sharing of information.
I built, and now operate a cyber information sharing organization. While I can give you a 100% guarantee that I've not gotten it 100% right (yet), I know from recent feedback that every one of them enjoys the broadened situational awareness and each and every one has improved their security postures. They share cyber analysis, stories, and data. More than that, the vast majority now run 24/7 security operations centers who look for and act on data coming from the information sharing environment and each other! Sharing information helps the tactician identify and act, it helps the manager allocate resources on the most pressing issues, and it helps senior managers measure themselves against baseline. Best of all? It makes you safer by knowing what the other guys are seeing and allows you to take advantage of strengths/skills in other organizations that you may not be able to fill yourself.
Bottom line? If you're not talking to your peers, you're already two steps behind in this cyber environment.
So where can you go?
Immediate thoughts:
Talk, publish, listen, compare notes, protect your environment.
JLS
I built, and now operate a cyber information sharing organization. While I can give you a 100% guarantee that I've not gotten it 100% right (yet), I know from recent feedback that every one of them enjoys the broadened situational awareness and each and every one has improved their security postures. They share cyber analysis, stories, and data. More than that, the vast majority now run 24/7 security operations centers who look for and act on data coming from the information sharing environment and each other! Sharing information helps the tactician identify and act, it helps the manager allocate resources on the most pressing issues, and it helps senior managers measure themselves against baseline. Best of all? It makes you safer by knowing what the other guys are seeing and allows you to take advantage of strengths/skills in other organizations that you may not be able to fill yourself.
Bottom line? If you're not talking to your peers, you're already two steps behind in this cyber environment.
So where can you go?
Immediate thoughts:
- SANS Internet Storm Center has been around since Y2K (I was there! I was one of the first watch standers keeping vigil and maintaining comms during the transition). The Storm Center is one of the better places to share information, although data can be time-late. The ISC is a free service offered by SANS.
- The Information Sharing and Analysis Centers (ISACS) represent nearly every segment of industry and are operated through membership fees. One issue I have with the ISAC structure is the requirement to anonymize all submissions. This results in the loss of ability for an analyst to actually ask questions of the originator.
- Red Sky Alliance is a newcomer. I've watched from the sidelines and offered a bit of pro bono consulting in the past couple of weeks. I also sold them a trademarked name and domain ;) I like the idea. The thought is real time sharing of information in a private setting with a trusted membership and a small cadre of back-end analysts to keep things moving. Again, Red Sky Alliance will be operated through membership fees. I don't believe the company has the site operational yet, but there is a video and demo site running and I know they've been signing on Founding Members. I'd expect to see them go live sometime in November of this year.
- The Forum of Incident Response and Security Teams (FIRST) and Government equivalent (GFIRST) have also been around for a long time. I was an early member of FIRST during my days as an analyst at the Navy's Fleet Information Warfare Center in 1996, and again as the head of Cyber Threat Analysis and Intelligence at Northrop Grumman from 2007-2009. FIRST hasn't changed much. They require an up-front inspection of your security operation, issue a PGP key, and let you participate in multiple lists. I'm not convinced FIRST has kept up with the times in terms of information dissemination but they get the word out and do share information.. and they offer a pretty cool technical conference!
Talk, publish, listen, compare notes, protect your environment.
JLS
Friday, October 21, 2011
Pick a standard and stick to it
Over the course of the last 15 years, I've watched information security grow and mature as a practice. One thing I've come to realize however is that the process end of the infosec business is more important than ever - especially in light of the new APT landscape.
Here's the story of two companies:
Company A and B are Global Tech companies.. Four years ago both companies were worth approximately $16B each.
Both companies suffered APT attacks over the course of the last four years.
Company A stuck their head in the sand hoping it'd go away.
Company B developed world class process using ISO for their infosec guidelines. They participated in information sharing with their peers, built a SOC, practiced response. The company created amazing process, practiced them, measured everything and fine tuned them until they got it right. When the attacks hit, they were prepared. The global organization is now wired for information security.
What happened?
Company A is still alive, but struggling. They lost the lions share of their stock value!
Company B is landing contracts all over the world, teaching others how to do best practice information security.
Who would you rather be? Not Company A you say? Take the following lessons learned and and go do it starting today!
Great information security organizations invest in three things...
• People
• Process
• Technology
People: My tale of two companies is very similar to another as told by Alan Paller of SANS. Alan talks of the "Story of Two Agencies". I've seen it a couple of times. In short, he talks of two teams, both hit by APT actors. One team had solid technology but didn't have operating guidelines, training, analytic curiosity, or direction. The second team had basic technology with a highly trained, very curious team with practiced incident response processes... who do you think faired best? The second team of course! The team stopped the attacks with minimum damage, shared indicators with their peer community and was able to quickly implement controls to stop future attacks. Team one was completely owned. I hear this story repeated at least weekly, and heard it again today from companies I've been working with for the last couple of years.
Process: Great process leads to great results. It's that simple. Information security teams who know what to do under 90% of the circumstances they will encounter -and have practiced those actions operated under the premise (a military phrase) "command by negation". Command by negation means that during conflict commanders can do whatever needed according to predefined rules/processes and have a pre-specified deep, practiced understanding of how they must execute. Information security teams must also have this same pre-specified deep, practiced understanding of how they must execute, and must not allow variance in process during times of attack. Pick your infosec model. ISO, NIST, ITIL, whatever.. just pick one. Then build your organization using sound process around one of these models. Do it right from the start. Get management buy-in, find your early wins, and don't stop normalizing the way you do business.
Technology: Tools and toys don't cut it. Knowing how to get the most out of your current tools by understanding exactly where they fit in your strategy, and as importantly where your gaps are, are critical. Find places where technology can replace repetitive manual processes (SE/IM, manual correlations, lookups, etc.), and leverage your people where they're strongest -analytics, response, operations.
How do you create a mature organization that can survive the fog of war created by persistent threats? By creating an organization who knows what to do every time. Plenty of options exist today... ISO, NIST 800, or ITIL are great places to start. For my day job, I 'matured' my organization by using the Capability Maturity Model Integration Services provider model (CMMI-SVC). Over the course of the last two years we undertook an aggressive process engineering and training agenda. When we started this undertaking, it took my team over 44 days to perform a single triage analysis of an APT event. Today it takes less than five and we're heading quickly to 72 hours with added automation. For me, the recognition that we were a service provider of information security analysis services (we do only APT analysis in a public/private information sharing organization) lead me to the belief that process was every bit as important as the technologies used to manipulate data, and that if I didn't have people curious enough to work the process, nothing else matters. My team will fail. I've also watched CISOs in some very large organizations (approx 60 of them) go through similar process engineering exercises. Those who picked a standard (for information security) and implemented solid, repeatable process around those ISO, NIST, ITIL, etc., practices, are FAR more successful at battling APT today than those who don't. Don't be fooled into thinking you can survive without it. You can't. APT actors practice solid command and control and process. You must as well.
More next time!
JS
Here's the story of two companies:
Company A and B are Global Tech companies.. Four years ago both companies were worth approximately $16B each.
Both companies suffered APT attacks over the course of the last four years.
Company A stuck their head in the sand hoping it'd go away.
Company B developed world class process using ISO for their infosec guidelines. They participated in information sharing with their peers, built a SOC, practiced response. The company created amazing process, practiced them, measured everything and fine tuned them until they got it right. When the attacks hit, they were prepared. The global organization is now wired for information security.
What happened?
Company A is still alive, but struggling. They lost the lions share of their stock value!
Company B is landing contracts all over the world, teaching others how to do best practice information security.
Who would you rather be? Not Company A you say? Take the following lessons learned and and go do it starting today!
Great information security organizations invest in three things...
• People
• Process
• Technology
People: My tale of two companies is very similar to another as told by Alan Paller of SANS. Alan talks of the "Story of Two Agencies". I've seen it a couple of times. In short, he talks of two teams, both hit by APT actors. One team had solid technology but didn't have operating guidelines, training, analytic curiosity, or direction. The second team had basic technology with a highly trained, very curious team with practiced incident response processes... who do you think faired best? The second team of course! The team stopped the attacks with minimum damage, shared indicators with their peer community and was able to quickly implement controls to stop future attacks. Team one was completely owned. I hear this story repeated at least weekly, and heard it again today from companies I've been working with for the last couple of years.
Process: Great process leads to great results. It's that simple. Information security teams who know what to do under 90% of the circumstances they will encounter -and have practiced those actions operated under the premise (a military phrase) "command by negation". Command by negation means that during conflict commanders can do whatever needed according to predefined rules/processes and have a pre-specified deep, practiced understanding of how they must execute. Information security teams must also have this same pre-specified deep, practiced understanding of how they must execute, and must not allow variance in process during times of attack. Pick your infosec model. ISO, NIST, ITIL, whatever.. just pick one. Then build your organization using sound process around one of these models. Do it right from the start. Get management buy-in, find your early wins, and don't stop normalizing the way you do business.
Technology: Tools and toys don't cut it. Knowing how to get the most out of your current tools by understanding exactly where they fit in your strategy, and as importantly where your gaps are, are critical. Find places where technology can replace repetitive manual processes (SE/IM, manual correlations, lookups, etc.), and leverage your people where they're strongest -analytics, response, operations.
How do you create a mature organization that can survive the fog of war created by persistent threats? By creating an organization who knows what to do every time. Plenty of options exist today... ISO, NIST 800, or ITIL are great places to start. For my day job, I 'matured' my organization by using the Capability Maturity Model Integration Services provider model (CMMI-SVC). Over the course of the last two years we undertook an aggressive process engineering and training agenda. When we started this undertaking, it took my team over 44 days to perform a single triage analysis of an APT event. Today it takes less than five and we're heading quickly to 72 hours with added automation. For me, the recognition that we were a service provider of information security analysis services (we do only APT analysis in a public/private information sharing organization) lead me to the belief that process was every bit as important as the technologies used to manipulate data, and that if I didn't have people curious enough to work the process, nothing else matters. My team will fail. I've also watched CISOs in some very large organizations (approx 60 of them) go through similar process engineering exercises. Those who picked a standard (for information security) and implemented solid, repeatable process around those ISO, NIST, ITIL, etc., practices, are FAR more successful at battling APT today than those who don't. Don't be fooled into thinking you can survive without it. You can't. APT actors practice solid command and control and process. You must as well.
More next time!
JS
Sunday, October 16, 2011
On Information Sharing... Most companies don't know they've been had!
I saw an interesting piece of text from Mandiant the other day. It was prepared for testimony (I'm presuming to Congress) discussing APT. It went something like this...
“More than 90 percent of the breaches Mandiant responds to are first detected by the government, not the victim companies.” (Kevin Mandia, CEO of cyber security firm Mandiant Corp., in prepared testimony).
Dozens (probably more) examples prove this statement. Search the news. Generally companies fall into two main categories when they find out.. denial, or they fight. Denial rarely works, and fighting it results in rapid escalation. Regardless, your business is in danger.
So what's a company to do? Start thinking strategically. Come up with a plan for mitigating current badness already in the environment, WHILE maintaining business operations, AND planning for future strategies for minimizing or mitigating future attacks, AND ensuring you'll be able to operate in your new-found understanding that your networks are now untrusted.
This is where we start thinking about steps two and three in my previous post...
2. Build solid process (for operation and incident response). Pick a model and stick to it.
3. At this point you MUST start talking to your peers, and others. You wouldn't try and sell a product without knowing what your competitors (peers) are selling (what sells, and what doesn't). Why would you try and implement strategy without knowing how well your chosen processes will work (what works and what doesn't, before you spend any money!).
For now, start looking around... there are lots of public sources of information.. SANS, NCFTA, FIRST, and a newcomer, RedSkyAlliance.org. From a government assistance perspective DHS/US-CERT.
Be prepared. It's not a question of 'if', or 'when'. It's 'what are you going to do when someone tells you there's a problem?'
More next time.
JS
“More than 90 percent of the breaches Mandiant responds to are first detected by the government, not the victim companies.” (Kevin Mandia, CEO of cyber security firm Mandiant Corp., in prepared testimony).
Dozens (probably more) examples prove this statement. Search the news. Generally companies fall into two main categories when they find out.. denial, or they fight. Denial rarely works, and fighting it results in rapid escalation. Regardless, your business is in danger.
So what's a company to do? Start thinking strategically. Come up with a plan for mitigating current badness already in the environment, WHILE maintaining business operations, AND planning for future strategies for minimizing or mitigating future attacks, AND ensuring you'll be able to operate in your new-found understanding that your networks are now untrusted.
This is where we start thinking about steps two and three in my previous post...
2. Build solid process (for operation and incident response). Pick a model and stick to it.
3. At this point you MUST start talking to your peers, and others. You wouldn't try and sell a product without knowing what your competitors (peers) are selling (what sells, and what doesn't). Why would you try and implement strategy without knowing how well your chosen processes will work (what works and what doesn't, before you spend any money!).
For now, start looking around... there are lots of public sources of information.. SANS, NCFTA, FIRST, and a newcomer, RedSkyAlliance.org. From a government assistance perspective DHS/US-CERT.
Be prepared. It's not a question of 'if', or 'when'. It's 'what are you going to do when someone tells you there's a problem?'
More next time.
JS
Friday, October 14, 2011
On Information Sharing...
Going to tell you.. I'm a long time straight stick IT guy, gone Intel/Information Warfare then Information Security (for the last 15 years or so?), and I've not had so much fun, nor realized the value of Information Sharing until my last three years running an information security sharing organization wrapped around a CERT and Analysis shop. I'm not going to take a lot of time to tell you what that is. You can check out my bio and look at the web page; rather I'd like to take a moment and tell you about the value proposition I've come to realize over the course of my tenure.
Not a day goes by without a new story in the news depicting company losses from (ahem) Advanced Persistent Threats (APT) - a term coined by a guy named Greg Rattray several years ago during his active duty career. At the time, the term APT seemed pretty spot-on. Since however, those APT threats have become far more ubiquitous, and now I'm more convinced they should be called Omnivorous Persistant Threats --OPT. Malware, computers beaconing, and bandwidth consumed is becoming more common than not, and most importantly, the vast majority of companies don't even know they've been successfully attacked!
I'm here to tell you, the most valuable information security lesson I've ever learned has been learned in the last five years --INFORMATION SECURITY PRACTITIONERS MUST STOP LISTENING TO VENDORS AND START TALKING TO EACH OTHER. Vendors want to sell you stuff. Your peers are working hard to stop the same attacks you are. More importantly, the threats change as your ability to protect yourself changes. Even the most sophisticated shops lack the 100% capability to foil every attack.
I'm preparing to speak at a conference for healthcare CIOs. I'm going to give them three words of wisdom:
1. Most companies attacked by APT don't know it until someone else tells them they've been owned.
2. Pick a standard infosec model, implement solid processes, do it well, and don't shoot at protecting everything. Protect that information most important to your organization and build solid controls around the rest.
3. Talk to your peer companies. They're getting hit with the same things you are. Lone wolves starve in the cold. The packs survive.
More next time. I've got to update the block list in my UTM.
JS
Not a day goes by without a new story in the news depicting company losses from (ahem) Advanced Persistent Threats (APT) - a term coined by a guy named Greg Rattray several years ago during his active duty career. At the time, the term APT seemed pretty spot-on. Since however, those APT threats have become far more ubiquitous, and now I'm more convinced they should be called Omnivorous Persistant Threats --OPT. Malware, computers beaconing, and bandwidth consumed is becoming more common than not, and most importantly, the vast majority of companies don't even know they've been successfully attacked!
I'm here to tell you, the most valuable information security lesson I've ever learned has been learned in the last five years --INFORMATION SECURITY PRACTITIONERS MUST STOP LISTENING TO VENDORS AND START TALKING TO EACH OTHER. Vendors want to sell you stuff. Your peers are working hard to stop the same attacks you are. More importantly, the threats change as your ability to protect yourself changes. Even the most sophisticated shops lack the 100% capability to foil every attack.
I'm preparing to speak at a conference for healthcare CIOs. I'm going to give them three words of wisdom:
1. Most companies attacked by APT don't know it until someone else tells them they've been owned.
2. Pick a standard infosec model, implement solid processes, do it well, and don't shoot at protecting everything. Protect that information most important to your organization and build solid controls around the rest.
3. Talk to your peer companies. They're getting hit with the same things you are. Lone wolves starve in the cold. The packs survive.
More next time. I've got to update the block list in my UTM.
JS
Friday, June 03, 2011
ISC(2).. really? REALLY?
You HAVE to check this out:
ThinkTank: Building a Better Mousetrap – Tracking and Catching the Cyber Criminal
It's a talk by RSA and Capella University on catching cyber bad guys.
I'd be happier with lessons learned from RSA. Any chance of that? Probably not. It seems RSA isn't talking, rather continuing to market. I'd rather have them simply own the issue, and come clean on how they are remediating (and winning back the trust of their customers).
JS
ThinkTank: Building a Better Mousetrap – Tracking and Catching the Cyber Criminal
It's a talk by RSA and Capella University on catching cyber bad guys.
I'd be happier with lessons learned from RSA. Any chance of that? Probably not. It seems RSA isn't talking, rather continuing to market. I'd rather have them simply own the issue, and come clean on how they are remediating (and winning back the trust of their customers).
JS
Sunday, May 22, 2011
Carbon Black
I've had the opportunity to test a new-comer to the forensic market, and while young, I like this product.
Carbon Black is developed by a company called Kyrus. Can't tell you where these guys came up with the name, other than it's taken from Greek mythology for luck and opportunity. In this case, I'm not convinced there's any luck involved, but more opportunity and simple smarts.
Carbon Black is a two piece application --client and server; the server currently hosted and operating in beta as a SaaS with the client loaded on my Bambi Windows 7 machine in my lab. Push a client to your machine, and CB identifies the host, reads running processes, and begins to look for file changes and modifications. It took an initial reading from Bambi for an upload of about 30Mb, but after the company realized I was pushing a thick milkshake through a tiny straw (their rate limiting) and opened up the bandwidth, all went well.
So it's been running for a couple of weeks. I just rechecked and yes, lots of files modified --many I'm sure from the AV running on the machine, but what's nice is it auto generates the hash values of the modified files, libraries, etc., to allow fast correlation to known bad guy files. While not perfect, it shows promise. There's no noticeable performance hit from the client and the server side operates quickly and without glitches.
I've got a few invitations left. If you're interested, leave me a comment or shoot a note over. I'll push one out.
Good stuff. I'm not a real fan of SaaS for security tools. Can't wait to see the final enterprise product where everything resides inside the environment.
Any questions, leave me a comment.
Jeff
Carbon Black is developed by a company called Kyrus. Can't tell you where these guys came up with the name, other than it's taken from Greek mythology for luck and opportunity. In this case, I'm not convinced there's any luck involved, but more opportunity and simple smarts.
Carbon Black is a two piece application --client and server; the server currently hosted and operating in beta as a SaaS with the client loaded on my Bambi Windows 7 machine in my lab. Push a client to your machine, and CB identifies the host, reads running processes, and begins to look for file changes and modifications. It took an initial reading from Bambi for an upload of about 30Mb, but after the company realized I was pushing a thick milkshake through a tiny straw (their rate limiting) and opened up the bandwidth, all went well.
So it's been running for a couple of weeks. I just rechecked and yes, lots of files modified --many I'm sure from the AV running on the machine, but what's nice is it auto generates the hash values of the modified files, libraries, etc., to allow fast correlation to known bad guy files. While not perfect, it shows promise. There's no noticeable performance hit from the client and the server side operates quickly and without glitches.
I've got a few invitations left. If you're interested, leave me a comment or shoot a note over. I'll push one out.
Good stuff. I'm not a real fan of SaaS for security tools. Can't wait to see the final enterprise product where everything resides inside the environment.
Any questions, leave me a comment.
Jeff
Saturday, April 23, 2011
Hey Southwest Air! Please! Charge me bag fees!
So here's my gripe...
I fly SWA almost every other week between MHT and BWI. Been doing it for about six years now.
SWA just changed their (ahem) reward system, and it frosts my butt. Here's why:
SWA used to require 8 round trip flights for one reward. One reward is one round trip. Credits were earned by paying for a flight. For each flight segment (a one way flight). Therefore, if I were able to book a $69 flight, it counted as one segment. More often than not the flight was at least $100, and in most cases I booked business class (I generally arrive minutes before the departure time. Business class gets me right on.. SWA has really become my subway!).
Ok, so we went from 'buy one flight get one award segment'. Get 16 and earn a free round trip.
SWA has now moved to a point system, whereby every dollar spent earns a certain number of points. For example, my last round trip cost me $371 (up from $282 six months ago). For $350, I get roughly 4400 points (where'd that number come from?). To earn a round trip between MHT and BWI, I now need 21,600 points each way or pay $180 per segment.
So SWA, let me understand better. For the purchase of a $370 round trip I get 4400 points, but to purchase a $370 trip with points I need 43,200?
Please, charge me bag fees! I'm going to have to start flying USAIR ($218, with a short stop in Philly)!
Sorry SWA. You're pricing yourself out of my wallet.
Jeff
I fly SWA almost every other week between MHT and BWI. Been doing it for about six years now.
SWA just changed their (ahem) reward system, and it frosts my butt. Here's why:
SWA used to require 8 round trip flights for one reward. One reward is one round trip. Credits were earned by paying for a flight. For each flight segment (a one way flight). Therefore, if I were able to book a $69 flight, it counted as one segment. More often than not the flight was at least $100, and in most cases I booked business class (I generally arrive minutes before the departure time. Business class gets me right on.. SWA has really become my subway!).
Ok, so we went from 'buy one flight get one award segment'. Get 16 and earn a free round trip.
SWA has now moved to a point system, whereby every dollar spent earns a certain number of points. For example, my last round trip cost me $371 (up from $282 six months ago). For $350, I get roughly 4400 points (where'd that number come from?). To earn a round trip between MHT and BWI, I now need 21,600 points each way or pay $180 per segment.
So SWA, let me understand better. For the purchase of a $370 round trip I get 4400 points, but to purchase a $370 trip with points I need 43,200?
Please, charge me bag fees! I'm going to have to start flying USAIR ($218, with a short stop in Philly)!
Sorry SWA. You're pricing yourself out of my wallet.
Jeff
Thursday, March 24, 2011
Final HKS post
Morning all.
I'm back at work, but wanted to take a moment and chat about a couple of things:
1. This experience was easily the best training I've ever had.
2. On my first day back, I was asked if I wore my new lapel pin to show everyone I went to Harvard. I answered back that I wore the pin to remind me of what I'd learned.
3. I have new tools in the toolkit. I have reminders in a Harvard logo'd binder on my desk next to my monitor, so when I need a refresher, it's right there. Inside I placed a few of the most important tools I'd previously lacked, with my handwritten notes from class.
That's it. I'm posting the remainder of the pictures:
OK all. That's it.
Harvard, out.
I'm back at work, but wanted to take a moment and chat about a couple of things:
1. This experience was easily the best training I've ever had.
2. On my first day back, I was asked if I wore my new lapel pin to show everyone I went to Harvard. I answered back that I wore the pin to remind me of what I'd learned.
3. I have new tools in the toolkit. I have reminders in a Harvard logo'd binder on my desk next to my monitor, so when I need a refresher, it's right there. Inside I placed a few of the most important tools I'd previously lacked, with my handwritten notes from class.
That's it. I'm posting the remainder of the pictures:
Steve Kellman's comic
During my walk back to Soldiers Field.. my last night
The gates into the dorm courtyard
My study group
Dinner at the Harvard Faculty Club
Jeff, Paul, Nat and Mike
More inside the Harvard Faculty club
The walk from the Faculty Club.. Wrapping up on St. Patty's day.
This was the start of a great night!
John Harvard - do you recognize any of the faces in the
stained glass? I'll give you two of them.. Nixon, John Lennon
The RedLine -- the second St. Patty's Day event. For those
who rode the bus from the Faculty Club, the bus dropped
everyone off here. Some stayed, some went back to the dorms for
some well needed rest. Obviously I didn't go back just yet!
Me with Simon and Ibrahim
A night of well mannered frivolity!
Melancholy moments on my final walk to the dorm.
I'd just left the Friday 'reflections' class; a new graduate SEF.
When it was nice, the walk along the Charles was the best.
...including the view of the woman's rowing teams!
OK all. That's it.
Harvard, out.
Thursday, March 17, 2011
Wrapping it up at the Kennedy School
It's Thursday afternoon, 3:45 and we've just wrapped up our final class.
That means roughly 120 sessions of 45 minutes crammed into four weeks. Most professors used 90 minutes and taught two. Regardless, it's been a hell of a journey. Today we wrapped up by 3:30, and don't have any readings for tomorrow, but we need to pack out and be ready to check out of the dorms by 9:00 tomorrow morning. Unfortunately we have final sessions and reflections starting at 8.
...four weeks. I'm going to tell you, this is a life changing experience. Everything about the program is first class. It's hard to explain how these guys do what they do, but the program teaches leadership, history, personal accountability, lessons from the Presidential offices (from people who advised the Presidents), and more. In addition to the coursework, they really do everything possible to immerse you in the higher level thinking and culture of Harvard. Again, hard to explain. I'll do my best in actions when I return.
Besides the coursework and culture, one of my friends suggested I bring extra bourbon for the study groups at night. We used all of mine, and more from others. During the Balcony Summits, we solved world hunger, the crisis in the Middle East, we've fixed Israel, and know how to best assist Japan. Does anyone by chance have Hillary's phone number? I'm sure she'll want to know what we've come up with!
OK all, probably one more post tomorrow with pictures from tonight... final dinner, business attire at the Harvard Faculty Club.
Jeff
That means roughly 120 sessions of 45 minutes crammed into four weeks. Most professors used 90 minutes and taught two. Regardless, it's been a hell of a journey. Today we wrapped up by 3:30, and don't have any readings for tomorrow, but we need to pack out and be ready to check out of the dorms by 9:00 tomorrow morning. Unfortunately we have final sessions and reflections starting at 8.
...four weeks. I'm going to tell you, this is a life changing experience. Everything about the program is first class. It's hard to explain how these guys do what they do, but the program teaches leadership, history, personal accountability, lessons from the Presidential offices (from people who advised the Presidents), and more. In addition to the coursework, they really do everything possible to immerse you in the higher level thinking and culture of Harvard. Again, hard to explain. I'll do my best in actions when I return.
Besides the coursework and culture, one of my friends suggested I bring extra bourbon for the study groups at night. We used all of mine, and more from others. During the Balcony Summits, we solved world hunger, the crisis in the Middle East, we've fixed Israel, and know how to best assist Japan. Does anyone by chance have Hillary's phone number? I'm sure she'll want to know what we've come up with!
OK all, probably one more post tomorrow with pictures from tonight... final dinner, business attire at the Harvard Faculty Club.
Jeff
Tuesday, March 15, 2011
Tuesday morning.. week 4
Well, we're in the home stretch! It's Tuesday morning and I'm wrapping up my readings for the day and getting my case study prepared for the after-SEF project I'll be working on with my group.
It's been a hell of an experience! We wrapped up last week with a trip to the JFK library, but only after a week of reading, case studies, reading, and more case studies. The schedule is been hectic. They keep us busy from 8AM to early evening most days, with one study groups before class in the morning and many times dinner speakers.
Last night was Jeff Frankel. Jeff was an economic advisor to Clinton. While I didn't necessarily appreciate the message (he was very doom and gloom), nor the slant (he blames everything on everyone but Clinton), it was still interesting having him here, speaking to us over dinner. An interesting thought though... 1/5 of our current budget goes to pay for interest on money borrowed from the rest of the world to pay our bills. I've not confirmed the number, nor audited our budget, but if this is right, it's amazing that we can continue to operate.
We discussed the current budget mess and the continuing resolutions. He told us that even if the planned cuts went through, it accounted for only 6% of the current issue (with the implication that it wouldn't do much good). I'm a bit concerned by this. I had a woman who worked for me in a startup a few years back. She was my most junior person -an intern from a local college. When we started running out of money in the end, she requested to not take a paycheck. She told me "it takes a lot of drops of water to make an ocean, but every one counts.". 6%? That seems like it'd pay interest at least don't you think?
OK, now for more fun topics... pictures of the JFK Library and dinner. We had a great time!
It's been a hell of an experience! We wrapped up last week with a trip to the JFK library, but only after a week of reading, case studies, reading, and more case studies. The schedule is been hectic. They keep us busy from 8AM to early evening most days, with one study groups before class in the morning and many times dinner speakers.
Last night was Jeff Frankel. Jeff was an economic advisor to Clinton. While I didn't necessarily appreciate the message (he was very doom and gloom), nor the slant (he blames everything on everyone but Clinton), it was still interesting having him here, speaking to us over dinner. An interesting thought though... 1/5 of our current budget goes to pay for interest on money borrowed from the rest of the world to pay our bills. I've not confirmed the number, nor audited our budget, but if this is right, it's amazing that we can continue to operate.
We discussed the current budget mess and the continuing resolutions. He told us that even if the planned cuts went through, it accounted for only 6% of the current issue (with the implication that it wouldn't do much good). I'm a bit concerned by this. I had a woman who worked for me in a startup a few years back. She was my most junior person -an intern from a local college. When we started running out of money in the end, she requested to not take a paycheck. She told me "it takes a lot of drops of water to make an ocean, but every one counts.". 6%? That seems like it'd pay interest at least don't you think?
OK, now for more fun topics... pictures of the JFK Library and dinner. We had a great time!
Wednesday, March 09, 2011
General Odiermo, HKS Forum, Cyber...
I had the privilege of getting one of the very limited tickets to see General Ray Odiermo speak tonight.
Gen O is the current commander of the Joint Forces Command in Norfolk, VA. He's an impressive guy to hear speak, but more fun for me was that he speaks very passionately about Cyber!
I am a cyber guy, and work by day at the DoD Cyber Crime Center, and being the only cyber pro in my class at the Kennedy School, found this to be incredibly good stuff.
So this guy has got to be 6'5" and as broad as a bull dozer, with a rack of ribbons that pushed his combat infantry badge WAY up on his shoulder, but he speaks of Cyber like it's the next front. He's informed, smart, well spoken, and his last word on the subject --after speaking for almost thirty minutes --was that cyber is the thing. My classmates all looked at me, knowing I was the only cyber guy int he class, and knowing that I also am not afraid to speak, and they knew --we're working hard in this area. I don't talk much about what I do in class, but many know of DCISE and read our products. It's an amazing thing. Many of my classmates have even commented about how much is going on in the area. My roommate -a former P3 pilot and now Navy civilian commented that every high ranking official that comes through speaks of CYBER!
It's a good time to be a geek, and Harvard is creating in me a self-aware, bigger thinker.
I hope to be in this game for a long, LONG, time!
Jeff
Gen O is the current commander of the Joint Forces Command in Norfolk, VA. He's an impressive guy to hear speak, but more fun for me was that he speaks very passionately about Cyber!
I am a cyber guy, and work by day at the DoD Cyber Crime Center, and being the only cyber pro in my class at the Kennedy School, found this to be incredibly good stuff.
So this guy has got to be 6'5" and as broad as a bull dozer, with a rack of ribbons that pushed his combat infantry badge WAY up on his shoulder, but he speaks of Cyber like it's the next front. He's informed, smart, well spoken, and his last word on the subject --after speaking for almost thirty minutes --was that cyber is the thing. My classmates all looked at me, knowing I was the only cyber guy int he class, and knowing that I also am not afraid to speak, and they knew --we're working hard in this area. I don't talk much about what I do in class, but many know of DCISE and read our products. It's an amazing thing. Many of my classmates have even commented about how much is going on in the area. My roommate -a former P3 pilot and now Navy civilian commented that every high ranking official that comes through speaks of CYBER!
It's a good time to be a geek, and Harvard is creating in me a self-aware, bigger thinker.
I hope to be in this game for a long, LONG, time!
Jeff
Tuesday, March 08, 2011
Tuesday
Wow. Long day. Two case studies in Negotiations just took it out of me. We started in our "Extended SEF' groups at 8AM with classes on building teams and negotiations all day, ending with Joe Nye. Joe spoke about his book "Soft Power", hitting on global implications of the media, policy issues (i.e.: China's sensorship of the media), India, and finally, cyber.
While interesting (actually great talks) by the end of the day, after two fairly heavy interactive case studies in negotiation, and then Joe, my head is full. Thankfully we have a light reading assignment for tomorrow. I need the sleep.
That's it for now. I'm taking advantage of the light assignment and heading down!
Jeff
While interesting (actually great talks) by the end of the day, after two fairly heavy interactive case studies in negotiation, and then Joe, my head is full. Thankfully we have a light reading assignment for tomorrow. I need the sleep.
That's it for now. I'm taking advantage of the light assignment and heading down!
Jeff
Sunday, March 06, 2011
Saturday class! Wuhoo!
I'm a little late in posting, but wanted to get my pictures transferred over from yesterday.
So yes, we had class on Saturday. The day started with the remaining discussions of the Federalist Papers (it was kinda dry to have them read to us, but a great topic none the less). The discussions were all surrounding our founding fathers thoughts when they framed, and then tried to ratify the Constitution. The papers were actually a marketing piece put together to try and get New York to ratify the Constitution. It worked! Before heading out for a field trip, we had another class teaching politics in the federal government. The class flew by. As you might imagine, everyone had thoughts on politics. The resulting conversations made the class just fly by!
Noon brought lunch, and then we caught the "Yankee" buses for guided tours of Lexington (remember the shot heard around the world?). The minute men hadn't aged well, but were VERY good.
We got a great history lesson by these *ahem* young minute men, and then jumped back in the Yankee bus for a guided trip to Concord where we were met by the local historian, and our professor, Steve Keller. Steve had the best stories, and took us to Minuteman State Park and Walden Pond. We got a in a bit of hot water at Walden Pond because the snow limited the parkability of those big busses. It was actually kinda funny. When accosted by the short rotund woman in brown, who needed to know who to write the ticket to, he gave another professor's name (Pete Zimmerman). She was happy. We were allowed to leave. Concord was great. Below are two pictures of the monument. The park was covered in heavy melting snow making walking on the trails wet and muddy. Many of my classmates were wearing sneakers, so we didn't go far.
Dinner was at the Colonial Inn.. This is actually the original home of Ralph Waldo Emerson, but obviously dated before him. The Colonial Inn has been operational for over 300 years, and was one of the prime meeting places in Concord, MA. I think the waiter lived through the entire thing, but in the end, it turned out he'd only been with the Inn for 20 years. Regardless, he had the history lesson down pat and kept the wine flowing freely. After dinner several of us retired to the front porch for cigars before getting back on the Yankee Bus for our trip back to Soldiers Field.
Tomorrow brings our first day of negotiation class. I'm here to tell you folks, if you ever get the opportunity to come to SEF, DON'T turn it down. These guys know how do it right. This is the best training I've ever had!
Jeff
So yes, we had class on Saturday. The day started with the remaining discussions of the Federalist Papers (it was kinda dry to have them read to us, but a great topic none the less). The discussions were all surrounding our founding fathers thoughts when they framed, and then tried to ratify the Constitution. The papers were actually a marketing piece put together to try and get New York to ratify the Constitution. It worked! Before heading out for a field trip, we had another class teaching politics in the federal government. The class flew by. As you might imagine, everyone had thoughts on politics. The resulting conversations made the class just fly by!
Noon brought lunch, and then we caught the "Yankee" buses for guided tours of Lexington (remember the shot heard around the world?). The minute men hadn't aged well, but were VERY good.
We got a great history lesson by these *ahem* young minute men, and then jumped back in the Yankee bus for a guided trip to Concord where we were met by the local historian, and our professor, Steve Keller. Steve had the best stories, and took us to Minuteman State Park and Walden Pond. We got a in a bit of hot water at Walden Pond because the snow limited the parkability of those big busses. It was actually kinda funny. When accosted by the short rotund woman in brown, who needed to know who to write the ticket to, he gave another professor's name (Pete Zimmerman). She was happy. We were allowed to leave. Concord was great. Below are two pictures of the monument. The park was covered in heavy melting snow making walking on the trails wet and muddy. Many of my classmates were wearing sneakers, so we didn't go far.
Dinner was at the Colonial Inn.. This is actually the original home of Ralph Waldo Emerson, but obviously dated before him. The Colonial Inn has been operational for over 300 years, and was one of the prime meeting places in Concord, MA. I think the waiter lived through the entire thing, but in the end, it turned out he'd only been with the Inn for 20 years. Regardless, he had the history lesson down pat and kept the wine flowing freely. After dinner several of us retired to the front porch for cigars before getting back on the Yankee Bus for our trip back to Soldiers Field.
Tomorrow brings our first day of negotiation class. I'm here to tell you folks, if you ever get the opportunity to come to SEF, DON'T turn it down. These guys know how do it right. This is the best training I've ever had!
Jeff
Friday, March 04, 2011
Friday... one more day to go before the weekend!
Yes, we have class on Saturday. Two case studies and then a historical walking tour of Lexington and Concord. Why you ask? We're in the modules where we're learning about the framing of the government. We spent time this afternoon in discussions of the Federalist Papers after a morning of organization building and a case study on navigating Fed politics. The lunch speaker today was Shelly Metzanbaum -the Associate Director of OPM's Performance Management program. Interesting stuff.
It was a good day. Dinner was to be in the Penthouse dining room with a guy dressed as James Madison, talking about the papers and framing of the Constitution. I bagged out. I ended up with a massive sinus headache about 2, so I figured I'd try and kick it before the walking tour and dinner out tomorrow. I held out until after the final class before dinner, then headed back.
Tomorrow should be another great day. Going to head to bed early and try and kick this headache.
Jeff
It was a good day. Dinner was to be in the Penthouse dining room with a guy dressed as James Madison, talking about the papers and framing of the Constitution. I bagged out. I ended up with a massive sinus headache about 2, so I figured I'd try and kick it before the walking tour and dinner out tomorrow. I held out until after the final class before dinner, then headed back.
Tomorrow should be another great day. Going to head to bed early and try and kick this headache.
Jeff
Harvard Cyber Security Symposium
Broadcast live today from 12-6:30. I'll be in class, but an interesting roundup of panelists.
http://harvardnsj.com/live/
12-1:
"The future of the Internet" (lunchtime debate) Jonathan Zittrain, Stewart Baker
1:15-2:45:
Privacy concerns in cyberspace: Kevin Bankston (EFF), Dr. Joel Bremmer (former NCIX), David Hoffman (Intel), Susan Landau (Harvard)
3:00-4:30:
Defense and Deterrence in Cybersecurity and Cyber Warfare: Steven Chabinski (FBI), Duncan Hollis (Temple Univ), Martin Libicki (RAND), Noah Shactman (Wired Mag), Eric Rosenbach (Harvard)
5-6:30:
Keynote: Steven Bradbury (DA Atty Gen, DoJ)
Enjoy!
Jeff
http://harvardnsj.com/live/
12-1:
"The future of the Internet" (lunchtime debate) Jonathan Zittrain, Stewart Baker
1:15-2:45:
Privacy concerns in cyberspace: Kevin Bankston (EFF), Dr. Joel Bremmer (former NCIX), David Hoffman (Intel), Susan Landau (Harvard)
3:00-4:30:
Defense and Deterrence in Cybersecurity and Cyber Warfare: Steven Chabinski (FBI), Duncan Hollis (Temple Univ), Martin Libicki (RAND), Noah Shactman (Wired Mag), Eric Rosenbach (Harvard)
5-6:30:
Keynote: Steven Bradbury (DA Atty Gen, DoJ)
Enjoy!
Jeff
Thursday, March 03, 2011
Harvard.. Thursday week 2
Almost half way through the program. Today was a little shorter, but even with the shorter day I ended up a little late this morning. We had a light reading day, so I spent the morning sitting at the kitchen table in the dorm reading forward. Coffee and case studies; the breakfast of champions! About 8:30 I realized I hadn't showered, was engrossed in a case about revamping the MTA, and it was time to go. By 9:00, I was FROZEN from the walk (14 deg F plus a heavy wind) to school (maybe just under a mile??).. headed straight for Dunkin Donuts and then in my seat by 9:10.. not bad, but still, I want every minute I can get out of these people and the program!
Today was a fun treat. I met with the Sr. Researcher for the Minerva project. Minerva is a DoD funded collaborative project between Harvard Kennedy School and MIT's computer science program. The program topics have a familiar ring, except for one very interesting piece (at least through my lense!). They're focusing on cyber in the horizontal as it relates to International Relations. What a concept! A DoD funded cyber project that actually considers international relations issues! I've been asked to present. Likely going to talk about challenges in the heterogeneous global corporate environment --all unclas and should add value. From my perspective, it's also a two slide talk that will last about 45 minutes, so it should be perfect. One benefit here is they use very little in the way of PowerPoint. I'm finding more value in the blackboard discussions than being preached at through PowerPoint. I'll likely do the same thing.. two slides, two sets of graphics; no text.
The day, again, was AMAZING. I can easily declare Gary Orren is by far the best professor I've ever had. I can declare that without even thinking. Gary teaches persuasion. It's a baseline program before heading into negotiation next week, but just the fact that I've now been through six sessions of the mechanics behind good, persuasive communications is something I've never had. Gary gave me new tools, and believe me, I've already started practicing in some of my emails.
Tomorrow is another lunchtime speaker. It's on the agenda as 'special guest'. Not sure what that means, but it seems to mean that HKS doesn't want to advertise the fact that high profile guests will join us at lunch. So more tomorrow. I'm looking forward to the surprise!
Ok, time for bed. I took about thirty minutes tonight to watch some mindless television and do some reading for pleasure. I took care of tomorrow's readings this morning ;)
Jeff
Today was a fun treat. I met with the Sr. Researcher for the Minerva project. Minerva is a DoD funded collaborative project between Harvard Kennedy School and MIT's computer science program. The program topics have a familiar ring, except for one very interesting piece (at least through my lense!). They're focusing on cyber in the horizontal as it relates to International Relations. What a concept! A DoD funded cyber project that actually considers international relations issues! I've been asked to present. Likely going to talk about challenges in the heterogeneous global corporate environment --all unclas and should add value. From my perspective, it's also a two slide talk that will last about 45 minutes, so it should be perfect. One benefit here is they use very little in the way of PowerPoint. I'm finding more value in the blackboard discussions than being preached at through PowerPoint. I'll likely do the same thing.. two slides, two sets of graphics; no text.
The day, again, was AMAZING. I can easily declare Gary Orren is by far the best professor I've ever had. I can declare that without even thinking. Gary teaches persuasion. It's a baseline program before heading into negotiation next week, but just the fact that I've now been through six sessions of the mechanics behind good, persuasive communications is something I've never had. Gary gave me new tools, and believe me, I've already started practicing in some of my emails.
Tomorrow is another lunchtime speaker. It's on the agenda as 'special guest'. Not sure what that means, but it seems to mean that HKS doesn't want to advertise the fact that high profile guests will join us at lunch. So more tomorrow. I'm looking forward to the surprise!
Ok, time for bed. I took about thirty minutes tonight to watch some mindless television and do some reading for pleasure. I took care of tomorrow's readings this morning ;)
Jeff
Wednesday, March 02, 2011
It's been a hell of a week...
It's just after 10PM. I had a bourbon and cigar on my porch with my roommate (a retired Navy P3 pilot/Commander) and we just found out a classmate was selected for AF Brig General! What a night. What a day.. all of them, just packed.
Anyway, Breakfast at 7, study group from 8-9, and classes every 90, minutes until finishing with dinner and a movie that will be the subject of tomorrow's first class. Reading more case studies than I've ever read before. For tomorrow, it's a civil war case on dealing with communications/persuasion of a mutinous unit.
I've been trying hard to network as best possible with the limited free time, so tomorrow it's the Minerva project --a joint Harvard/MIT program on cyber in international relations. Additionally, have a speech on increasing the tax on cigarettes designed to practice our new persuasive speech frameworks.
This is a great education.. a once in a lifetime experience.
Ok, off to bed. I'm exhausted and have to be up and in by 8:30 tomorrow. Getting a break.
Jeff
Anyway, Breakfast at 7, study group from 8-9, and classes every 90, minutes until finishing with dinner and a movie that will be the subject of tomorrow's first class. Reading more case studies than I've ever read before. For tomorrow, it's a civil war case on dealing with communications/persuasion of a mutinous unit.
I've been trying hard to network as best possible with the limited free time, so tomorrow it's the Minerva project --a joint Harvard/MIT program on cyber in international relations. Additionally, have a speech on increasing the tax on cigarettes designed to practice our new persuasive speech frameworks.
This is a great education.. a once in a lifetime experience.
Ok, off to bed. I'm exhausted and have to be up and in by 8:30 tomorrow. Getting a break.
Jeff
Sunday, February 27, 2011
Sunday night.. heading into week 2!
Just left Spangler. What a great place. It's the main building for Harvard Business School. The Kennedy School folks share the facility for food since the graduate dorms (apartments) are all on the HBS campus on Soldiers Field Road.
Anyway, tonight was preparing for a role playing exercise to take place on Thursday morning. I'd mentioned a class on persuasion last week. This is by far, the best class to date.. and I've only been here a week! This is probably the class I needed most, but there are more coming. This week is three more sessions on persuasive comms this week, plus (as if there needed to be a plus!) we start on negotiation! I"m telling you, these guys give us nuts and bolts 'how to' lessons to actually do better communications, and anyone who knows me will tell you it's an area I could do better. I'm filling my toolkit with everything these guys will give me!
So, favorites? Gary Orren on persuasion. Ron Ferguson taught us how to tear apart ANY statistical analysis with fool proof tips to looking at stats with a critical eye. Pete Zimmerman talks of strategy and planning, and although I see myself as a pretty savvy strategist, this guy makes me look like a rank amateur. Steve Keller is on for tomorrow for our second session on building solid performance management plans. Bottom line, this place is cool as hell!
Re the forum? Last week it was Eric Cantor and William Perry. This week we're told it's a 'special guest'. I'm told they only book three days in advance, but it's well worth sitting in seats obviously engineered for college students before the experience the middle aged spread, but it's totally worth it.
Ok all. More to come. This is a once in a lifetime experience and I've got work to do to make sure I make the most of it... although tonight did include bourbon and cigars with my new friend from the UN. He's a political analyst for the the Secretary, and is a terrific conversationist. Does this mean I've been worked over? Probably. It's a good thing I only know about broubon and cigars!
Jeff
Anyway, tonight was preparing for a role playing exercise to take place on Thursday morning. I'd mentioned a class on persuasion last week. This is by far, the best class to date.. and I've only been here a week! This is probably the class I needed most, but there are more coming. This week is three more sessions on persuasive comms this week, plus (as if there needed to be a plus!) we start on negotiation! I"m telling you, these guys give us nuts and bolts 'how to' lessons to actually do better communications, and anyone who knows me will tell you it's an area I could do better. I'm filling my toolkit with everything these guys will give me!
So, favorites? Gary Orren on persuasion. Ron Ferguson taught us how to tear apart ANY statistical analysis with fool proof tips to looking at stats with a critical eye. Pete Zimmerman talks of strategy and planning, and although I see myself as a pretty savvy strategist, this guy makes me look like a rank amateur. Steve Keller is on for tomorrow for our second session on building solid performance management plans. Bottom line, this place is cool as hell!
Re the forum? Last week it was Eric Cantor and William Perry. This week we're told it's a 'special guest'. I'm told they only book three days in advance, but it's well worth sitting in seats obviously engineered for college students before the experience the middle aged spread, but it's totally worth it.
Ok all. More to come. This is a once in a lifetime experience and I've got work to do to make sure I make the most of it... although tonight did include bourbon and cigars with my new friend from the UN. He's a political analyst for the the Secretary, and is a terrific conversationist. Does this mean I've been worked over? Probably. It's a good thing I only know about broubon and cigars!
Jeff
Thursday, February 24, 2011
Harvard.. Thursday
So today was probably one of the best (BEST!!!) lectures I think I've ever heard in any course.. a day full of a 43 year professor (the one who taught Obama!) talking about communications and persuasion. Gary Orren had us for a full day, with a full framework for better targeting and framing communications to persuade others (voluntarily) to change course. WHAT A DAY.
Better? It was topped off with two speakers at the Forum (Agora -- a food market by day, speaking pulpit at night)... unfiltered Q&A. Eric Cantor (http://www.majorityleader.gov/) talking on the budget. The talk was terrific, but HIV activists protested at the end and were walked out. Regardless, an incredibly civil session! Finally topped off the night with a lecture from William Perry. What a day!
Jeff
Better? It was topped off with two speakers at the Forum (Agora -- a food market by day, speaking pulpit at night)... unfiltered Q&A. Eric Cantor (http://www.majorityleader.gov/) talking on the budget. The talk was terrific, but HIV activists protested at the end and were walked out. Regardless, an incredibly civil session! Finally topped off the night with a lecture from William Perry. What a day!
Jeff
Subscribe to:
Posts (Atom)