by Charles Herring | Dec 11, 2022 | blog, InfoSec Craft, Inside WitFoo
The following abstracts are available for delivery at security meetings and conferences. Additionally, archived talks outlined in the 2021 Talks are also available. Bio Charles Herring is co-Founder and Chief Technology Officer at WitFoo. WitFoo was founded to enable...
by Charles Herring | Aug 29, 2022 | blog, InfoSec Business
The purpose of a CISO and a cyber program is to reduce the costs associated with cybersecurity. I said this to colleagues at a social mixer this week and their heads almost exploded. “Shouldn’t we be trying to stop and mitigate risk?” “We need to spend more money on...
by Charles Herring | Dec 14, 2021 | blog, Security Breaches
Log4J/LogShell (CVE-2021-44228) exploit IOC have been published by Cisco Talos (see: https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html). These IOC have been packaged as a WitFoo Actor definition and have been pushed to all production...
by Charles Herring | Dec 11, 2021 | blog
CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228) was released on December 10, 2021 outlining a vulnerability in Apache Foundation project Log4j (https://logging.apache.org/log4j/2.x/index.html). This vulnerability can be used by a remote attacker to...
by Charles Herring | Nov 10, 2021 | InfoSec Craft, WitFoo Coding
My presentation for Metric Driven DevOps delivered at the 2021 Georgia ISSA Annual conference can be downloaded here. Abstract is below. METRIC DRIVEN DEVOPS Technical Level: AdvancedAudience: Data & System Architects, Developers Developing software that changes...