A good hacker knows that a good hack involves three things: 1. Vulnerability 2. Exploitation 3. Maintenance of access Talking to that secretary gave us a lot of information -- the antivirus vendor and version of Internet Explorer being the most important among other things. This tells us...
Read More »

One of the things I like about Alan Paller the individual and the organization he helps lead SANS is they encourage people to write.  They are great motivators, especially if you are pursuing a security certification.  As part of a my 2003 SANS certification I wrote a piece on Quantum Encryption and Quantum Computing and...
Read More »

In September 1997 the US Naval Institute ran an article I wrote titled “The Devil is in the Details: Information War in the Field and Fleet.” Now 13 years later there are a few things I wrote in that article I wish I could take back! But for the most part I believe it...
Read More »

Using wi-fi hotspots at airports, coffeeshops, hotels, conferences or work locations can be a tremendous productivity boost, and your options for connecting to wi-fi are only increasing.  Companies like McDonalds, Starbucks, Panera and Chick-fil-A now offering free connectivity just to help sell their wares. But did you realize that when you connect to a...
Read More »

With this post I would like to provide some personal thoughts on the key things organizations should be doing to enhance security, privacy and functionality of their IT.  This includes some specific recommendations for security solutions, including solutions I’m on advisory boards for (read the disclaimer).  So I better caveat this by saying “please...
Read More »

Even before the U.S. Cyber Command stood up there was wide-ranging speculation about what the command would do, the authorities it would be granted, and the powers it would wield. No amount of insight from those with knowledge of the command will be enough to assuage the concerns of those who feel such an...
Read More »

The White House has issued a draft for comment of a new National Strategy for Trusted Identities in Cyberspace. The strategy draft was introduced by Howard Schmidt in a White House blog: A National Strategy for Trusted Identities in Cyberspace Howard’s introduction included: “Today, I am pleased to announce the latest step in moving...
Read More »

On June 10, 2010, the US Senate Homeland Security and Governmental Affairs Committee (HSGAC) unveiled a major cybersecurity bill designed to modernize, strengthen, and coordinate US Cyber defenses. Senators Collins, Carper and Lieberman introduced this bill with the clear articulation to defend not just federal networks but the Internet itself.  As portion of the...
Read More »

Carahsoft is a unique, trusted firm that helps government find and rapidly acquire the right technologies and helps high tech firms successfully interact with government (which has famously onerous processes for businesses that want to serve the federal mission).  Carahsoft is a client of my firm and one of the things I’m particularly proud...
Read More »

I’m excited to be part of a great new company called Invincea.  They have appointed me to their advisory board along with Bob Flores and Gary McGraw. So I’d like to take the opportunity to provide you with some background on why Invincea is going to be a game changer in the industry. Invincea...
Read More »