A little blog post.
So, it’s been about two years since I added anything to this blog. I’ve been busy!! The awesome folks at SOURCE gave me a speaking slot at SOURCE Boston 2010 and that kicked-off a series of talks on methods consumer-facing companies/websites take to protect customers from online threats. And then later in 2010 was able to participate in some discussions on different types of threat modeling and situations in which modeling techniques can be useful.
In 2011 I wanted to talk about some more concrete topics, and so spent some time researching how threats/impacts can be better measured. This is an area I’d like to spend more time researching, because there’s still a gap between what we can do with the the high-frequency/lower-impact events (which seem to be easier to instrument, measure, and predict) and the lower-frequency/high-impact events (which are very difficult to instrument measure, or predict). –> I think the key is that high-impact events usually represent a series or cascade of smaller failures, but there’s more research into change management and economics to be done.
Later in 2011 I switched over to describing how analytics can be used to study and automate security event detection. I hope in the process I didn’t blind anyone with data science. (haha…where’s that cowbell?) So here’s what I did:
2010.04 – Speaker, SOURCE Boston “Protecting Customers from Online Threats”
2010.05 – Speaker, IT Web Security Summit (South Africa) “Protecting Customers from Online Threats”
2010.07 – Speaker, Black Hat Briefings “Ushering in the Post-GRC World: Applied Threat Modeling”
2010.09 – Speaker, SOURCE Barcelona “Applied Threat Modeling — Live”
2010.12 – Speaker, BayThreat “Working without a (Perimeter) Net: Protecting Customers from Online Threats”
2011.02 – Panelist, RSA (San Francisco) “Risk Management Smackdown”
2011.04 – Speaker, SOURCE Boston “How to Isotope Tag a Ghost (or, Methods for instrumenting indirect threats & impacts)”
2011.06 – Speaker, SOURCE Seattle “Applied Risk Analytics”
2011.08 – Speaker, Metricon 6/USENIX “Operationalizing Analytics”
2011.12 – Speaker, BayThreat “A Million Mousetraps – Using Big Data and Little Loops to Build Better Defenses”
Apparently participating in more public discussions on risk and security raised my profile on the infosec industry radar: in 2010 I was named as one of the Top 10 Sexy Infosec Geeks and in 2011 hit Tripwire Inc’s Top 25 Influencers in Security You Should be following. And just a few weeks ago, I did my first podcast, hanging out with the cool Risk dudes of the Risk Hose podcast! Hi Chris, Jay, & Alex!
Also I did some traveling, moved, changed jobs, and got a dog. Yet, I still drink too much coffee and attempt to rock out on a regular basis.
Under Creative Commons License: Attribution