An Ounce of Prevention is Worth a Pound of SOAR

To the Surgeon Later today I am headed to see my surgeon to schedule a proceedure. I need to have a surgery that is going to leave me off my feet for a week or more. My family will have to pick up the slack at home and my co-workers will have to take on my share of...

2020 Conference & Security Meeting Talks

Last year, I spoke at 26 security meetings and conferences. I learn the most when I'm in the field with my heroes. If you have a local meeting or conference that would benefit from any of these topics, let us know and I'll do my best to show up.   Bio CHARLES...

Metric Driven Development

Abstract Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are...

Breaking NBAD & UEBA Talk

Recording of Presentation Downloads My deck on Breaking NBAD & UEBA Talk given at DEFCON & GRRCON (2019) can be downloaded here: download link. The script referenced in the talk can be viewed on the Pastebin dump. Abstract Network Behavior Anomaly Detection...

What’s coming in Precinct 6.0 (Benson)

In the coming weeks, beta testers will begin receiving a sneak peak of Precinct 6.0 (code name: Olivia Benson.) There a number of exciting leaps in our most advanced build. Cassandra - Infinite Storage & Replication A major shift in 6.0 is in the backend database....

GA ISSA Talk: People > Machines

I am looking forward to speaking at the Georgia Annual ISSA Meeting on 11/15. The blog series that the talk is based on is below. Part One: History Part Two: Algorithms & Machine Learning Part Three: Cognition vs AI Part Four: Playbook Automation Part Five: Humans...

read more

Lessons in InfoSec Graph Theory

One of the areas we research heavily at WitFoo is how to reduce the number of investigations our customers have to perform each day. Internally, we call this the "n" problem. Another area of focus is how to reduce the amount of time our customers spend on each...

read more

People > Machines (Part Five)

Human Success via Tools Better detection mechanisms through algorithms (code) & machine learning (pattern recognition) are valuable tools to the human responders. Playbook Automation can reduce the routine and certain tasks an analyst must perform so she can focus...

read more

People > Machines (Part Four)

Playbook Automation in Incident Response An emerging concept in 2017 is “Playbook Automation.” What is Playbook Automation? Playbook automation collects data from different security and logging tools and makes decisions on behalf of the incident responder. Data...

read more

People > Machines (Part Three)

Cognition vs Artificial Intelligence Computer scientists love the idea of artificial intelligence (AI). It is the centerpiece of many mainstream science fiction works. It’s also a preferred buzzword of lazy vendors and marketers. Until computers can convince (trick) a...

read more

People > Machines (Part Two)

Algorithms & Machine Learning Demystified When I was learning how to troubleshoot and repair electronics in the Navy, I would sometimes challenge one of the instructors on how something worked. If I delved into a complicated subject I was often told it worked on...

read more

People > Machines (Part one)

Rise of the Machines Cybersecurity Incident Response has only been a part of human history for a couple of decades. Over the short course of time, industry leaders, analysts and vendors have put a heavy focus on the importance of technology solving problems within the...

read more

Defending the Defunded

There is a cyber poverty mark that plagues the Cyber Security Industry. The global 2000 and the federal government have budgets that allow them to build strong defenses, hire large teams, and perform full and complete investigations. In this talk, we discuss what can...

read more