The following abstracts are available for delivery at security meetings and conferences. Additionally, archived talks outlined in the 2021 Talks are also available. Bio Charles Herring is co-Founder and Chief…

The purpose of a CISO and a cyber program is to reduce the costs associated with cybersecurity. I said this to colleagues at a social mixer this week and their…

Log4J/LogShell (CVE-2021-44228) exploit IOC have been published by Cisco Talos (see: https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html). These IOC have been packaged as a WitFoo Actor definition and have been pushed to all production instances…

CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228) was released on December 10, 2021 outlining a vulnerability in Apache Foundation project Log4j (https://logging.apache.org/log4j/2.x/index.html). This vulnerability can be used by a remote attacker to execute code without…

I have been fortunate enough to have the opportunity to spend October on the Big Island of Hawai’i at a friend’s home while we button up the 6.2 release of…

Machine Learning Driven Social Engineering talk will be given at GrrCon on 9/16/2021 at 4:30pm. Abstract Machine learning (ML) is arguably the most potent advancement in technology since atomic fission…