Metric Driven Development

Abstract Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are...

Breaking NBAD & UEBA Talk

Recording of Presentation Downloads My deck on Breaking NBAD & UEBA Talk given at DEFCON & GRRCON (2019) can be downloaded here: download link. The script referenced in the talk can be viewed on the Pastebin dump. Abstract Network Behavior Anomaly Detection...

What’s coming in Precinct 6.0 (Benson)

In the coming weeks, beta testers will begin receiving a sneak peak of Precinct 6.0 (code name: Olivia Benson.) There a number of exciting leaps in our most advanced build. Cassandra - Infinite Storage & Replication A major shift in 6.0 is in the backend database....

Making Thankful Customers

I have so many things to be thankful for this year including my family, our investors, customers, partners, contributors, advisers and employees but after spending a few weeks on the road meeting with awesome customers and prospects, I wanted to take a moment on this...

Math for Calculating Tool ROI

We are often asked how we are able to calculate metrics as described here: And demonstrated/explained here: In this installment I will explain how you can calculate Return on Investment of any security tool using reclaimed FTE labor hours as the purchase...

People > Machines (Part Five)

Human Success via Tools Better detection mechanisms through algorithms (code) & machine learning (pattern recognition) are valuable tools to the human responders. Playbook Automation can reduce the routine and certain tasks an analyst must perform so she can focus...

read more

People > Machines (Part Four)

Playbook Automation in Incident Response An emerging concept in 2017 is “Playbook Automation.” What is Playbook Automation? Playbook automation collects data from different security and logging tools and makes decisions on behalf of the incident responder. Data...

read more

People > Machines (Part Three)

Cognition vs Artificial Intelligence Computer scientists love the idea of artificial intelligence (AI). It is the centerpiece of many mainstream science fiction works. It’s also a preferred buzzword of lazy vendors and marketers. Until computers can convince (trick) a...

read more

People > Machines (Part Two)

Algorithms & Machine Learning Demystified When I was learning how to troubleshoot and repair electronics in the Navy, I would sometimes challenge one of the instructors on how something worked. If I delved into a complicated subject I was often told it worked on...

read more

People > Machines (Part one)

Rise of the Machines Cybersecurity Incident Response has only been a part of human history for a couple of decades. Over the short course of time, industry leaders, analysts and vendors have put a heavy focus on the importance of technology solving problems within the...

read more

Defending the Defunded

There is a cyber poverty mark that plagues the Cyber Security Industry. The global 2000 and the federal government have budgets that allow them to build strong defenses, hire large teams, and perform full and complete investigations. In this talk, we discuss what can...

read more

Learning Foo

Learning Wit Fail fast.  It’s one of the Agile buzz phrases that gets thrown around a lot in software product organizations these days.  Particularly, organizations trying to embrace the Lean/Agile approach to production.  The term ‘fail fast’ is grounded in the Lean...

read more