2020 FBI Internet Crime Report

The 2020 Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3) has been released and can be viewed here: https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf. I highly recommend all in SECOPS take a moment to grok the content. I’d like to...

Eventual Consistency in Business Meetings

Brewers CAP Theorem Computer Scientist, Eric Brewer, stipulated in the theorem that carries his name that you can have two out of three guarantees in distributed data storage with the guarantees being consistency, availability and partition tolerance. The limitations...

WitFooPi – Precinct on a Raspberry Pi 4

Deploying WitFoo Precinct on a Raspberry Pi 4 for portable testing, training and education purposes is now possible.

Our Move from Elastic to Cassandra

How WitFoo Development moved from Elastic to Apache Cassandra for a superior technology and license.

Fake Cybersecurity Awards

Cybersecurity expert, Chris Roberts, lamented earlier today in a LinkedIn post that he was offered a cybersecurity award for the low price of $1,200. His outrage prompted me to realize that most cybersecurity professionals and decision makers do not get the...

Triangulating a Sustainable Revolution

By the end of 2015 it was clear to me that the craft of cybersecurity was broken. My mind continuously compared SECOPS with other mature crafts that I had observed and executed, and it bothered me to the point of stealing peace and sleep. I decided I was going to...

read more

The Rock & Roll of Startup Development

Rock On For the last 4-5 years of running with the WitFoo revolution, I have constantly had to defend our small team. In the early days, potential investors would remark, “You can’t get all this done with such a small team.” Now that we have accomplished building the...

read more

An Ounce of Prevention is Worth a Pound of SOAR

To the Surgeon Later today I am headed to see my surgeon to schedule a proceedure. I need to have a surgery that is going to leave me off my feet for a week or more. My family will have to pick up the slack at home and my co-workers will have to take on my share of...

read more

2020 Conference & Security Meeting Talks

Last year, I spoke at 26 security meetings and conferences. I learn the most when I'm in the field with my heroes. If you have a local meeting or conference that would benefit from any of these topics, let us know and I'll do my best to show up.   Bio CHARLES...

read more

Metric Driven Development

Abstract Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are...

read more

Breaking NBAD & UEBA Talk

Recording of Presentation Downloads My deck on Breaking NBAD & UEBA Talk given at DEFCON & GRRCON (2019) can be downloaded here: download link. The script referenced in the talk can be viewed on the Pastebin dump. Abstract Network Behavior Anomaly Detection...

read more

What’s coming in Precinct 6.0 (Benson)

In the coming weeks, beta testers will begin receiving a sneak peak of Precinct 6.0 (code name: Olivia Benson.) There a number of exciting leaps in our most advanced build. Cassandra - Infinite Storage & Replication A major shift in 6.0 is in the backend database....

read more