A good hacker knows that a good hack involves three things: 1. Vulnerability 2. Exploitation 3. Maintenance of access Talking to that secretary gave us a lot of information -- the antivirus vendor and version of Internet Explorer being the most important among other things. This tells us...
Read More »

Using wi-fi hotspots at airports, coffeeshops, hotels, conferences or work locations can be a tremendous productivity boost, and your options for connecting to wi-fi are only increasing.  Companies like McDonalds, Starbucks, Panera and Chick-fil-A now offering free connectivity just to help sell their wares. But did you realize that when you connect to a...
Read More »

The White House has issued a draft for comment of a new National Strategy for Trusted Identities in Cyberspace. The strategy draft was introduced by Howard Schmidt in a White House blog: A National Strategy for Trusted Identities in Cyberspace Howard’s introduction included: “Today, I am pleased to announce the latest step in moving...
Read More »

On June 10, 2010, the US Senate Homeland Security and Governmental Affairs Committee (HSGAC) unveiled a major cybersecurity bill designed to modernize, strengthen, and coordinate US Cyber defenses. Senators Collins, Carper and Lieberman introduced this bill with the clear articulation to defend not just federal networks but the Internet itself.  As portion of the...
Read More »

I’m excited to be part of a great new company called Invincea.  They have appointed me to their advisory board along with Bob Flores and Gary McGraw. So I’d like to take the opportunity to provide you with some background on why Invincea is going to be a game changer in the industry. Invincea...
Read More »

After years of work in mitigating threats to the current version of networking protocols (Internet Protocol version 4- IPv4), network defenders can implement defense in depth by leveraging an array of capabilities like Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems, Security Information and Event Managment (SIEM) tools and Unified Threat Management (UTM) tools.  Capabilities...
Read More »

One of the great technological treasures of the nation is the Software Engineering Institute at Carnegie Mellon. For 25 years they have created software engineering processes, constructs and solutions for enterprises in and out of government. You probably consider them synonymous with CMMI, the Capability Maturing Model Integration for software development. But they are...
Read More »

While rummaging through old files on my hard drive I encountered a piece I wrote in June 2002 which captured in writing something I had been briefing for several years.  I had been briefing “Principles” which I had observed/learned while the J2 of DoD’s JTF-CND and then later J2 of JTF-CNO.   My theory was...
Read More »

Technologists of all sort have been closely tracking events associated with cyber security, and most have been watching the many activities associated with White House efforts to enhance our ability to trust our digital infrastructure. In my view, technologists from academia, startups, IT providers, integrators and large enterprises (including the federal space) need to...
Read More »

I enjoyed listening to the President today as he provided an update on where we are in our efforts to enhance our freedom of action in cyberspace.  All the details are on the White House website and I hope you visit there yourself to download the 60-day cyberspace policy review. Details are here: http://www.whitehouse.gov/CyberReview/...
Read More »