Triangulating a Sustainable Revolution

By the end of 2015 it was clear to me that the craft of cybersecurity was broken. My mind continuously compared SECOPS with other mature crafts that I had observed and executed, and it bothered me to the point of stealing peace and sleep. I decided I was going to...

The Rock & Roll of Startup Development

Rock On For the last 4-5 years of running with the WitFoo revolution, I have constantly had to defend our small team. In the early days, potential investors would remark, “You can’t get all this done with such a small team.” Now that we have accomplished building the...

ExploitCON West 2020 Slides – Metric Driven SECDEVOPS

Slides of our talk can be downloaded here. Details on the session are available here: https://exploitcon.com/#/west AGENDA Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting...

WitFoo Global Community Indicator of Compromise (IOC) Feed Demo

WitFoo’s Global Indicator of Compromise feed is a secure and reliable way for the WitFoo community to share intelligence about emerging threat sources. The feed is updated in near-real time as attacks occur across the WitFoo Community. It consists of the IP address...

Secure360 2020 Slides – Metric Driven SECDEVOPS

Session materials from Secure360 2020 session on Metric Driven SECDEVOPS by Charles Herring and Ryan Self.

Triangulating a Sustainable Revolution

By the end of 2015 it was clear to me that the craft of cybersecurity was broken. My mind continuously compared SECOPS with other mature crafts that I had observed and executed, and it bothered me to the point of stealing peace and sleep. I decided I was going to...

read more

The Rock & Roll of Startup Development

Rock On For the last 4-5 years of running with the WitFoo revolution, I have constantly had to defend our small team. In the early days, potential investors would remark, “You can’t get all this done with such a small team.” Now that we have accomplished building the...

read more

An Ounce of Prevention is Worth a Pound of SOAR

To the Surgeon Later today I am headed to see my surgeon to schedule a proceedure. I need to have a surgery that is going to leave me off my feet for a week or more. My family will have to pick up the slack at home and my co-workers will have to take on my share of...

read more

2020 Conference & Security Meeting Talks

Last year, I spoke at 26 security meetings and conferences. I learn the most when I'm in the field with my heroes. If you have a local meeting or conference that would benefit from any of these topics, let us know and I'll do my best to show up.   Bio CHARLES...

read more

Metric Driven Development

Abstract Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are...

read more

Breaking NBAD & UEBA Talk

Recording of Presentation Downloads My deck on Breaking NBAD & UEBA Talk given at DEFCON & GRRCON (2019) can be downloaded here: download link. The script referenced in the talk can be viewed on the Pastebin dump. Abstract Network Behavior Anomaly Detection...

read more

What’s coming in Precinct 6.0 (Benson)

In the coming weeks, beta testers will begin receiving a sneak peak of Precinct 6.0 (code name: Olivia Benson.) There a number of exciting leaps in our most advanced build. Cassandra - Infinite Storage & Replication A major shift in 6.0 is in the backend database....

read more