The following abstracts are available for delivery at security meetings and conferences. Additionally, archived talks outlined in the 2021 Talks are also available.

Bio

Charles Herring is co-Founder and Chief Technology Officer at WitFoo. WitFoo was founded to enable the sharing of information and operations across the craft of Cybersecurity. Charles leads research and development of the WitFoo Precinct platform that utilizes Apache Cassandra as a fundamental component in its architecture. Precinct ingests trillions of messages each day across hundreds of clusters to detect cybercrime and provide secure methods of sharing data and operations across corporations, organizations, law enforcement, national security and insurers.

Log4J/LogShell (CVE-2021-44228) exploit IOC have been published by Cisco Talos (see: https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html). These IOC have been packaged as a WitFoo Actor definition and have been pushed to all production instances of WitFoo Precinct and Precinct Cloud. The definitions were automatically applied at 1404 Eastern Standard time on December 14, 2021. Detections are both forward looking and retrospective across the entire Precinct big-data archive.

Actor functionality has been pushed early (ahead of 6.2 GA release) to allow data to be searched. A quick overview of the functionality can be viewed below.

My presentation for Metric Driven DevOps delivered at the 2021 Georgia ISSA Annual conference can be downloaded here. Abstract is below.

METRIC DRIVEN DEVOPS

Technical Level: Advanced
Audience: Data & System Architects, Developers

Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are thousands of variables that need to be constantly addressed to find the balance that delivers sustainable and secure success. In this session, WitFoo’s chief engineers will outline an innovative approach to secure devops called Metric Driven Development. It will cover the following topics:

Machine Learning Driven Social Engineering talk will be given at GrrCon on 9/16/2021 at 4:30pm.

Abstract

Machine learning (ML) is arguably the most potent advancement in technology since atomic fission with similar benefit and risk extremes. The outcome driven nature of machine learning allows computers to rapidly test theories to find pathways to support specific goals. These approaches applied to social engineering can be used to manipulate human factors for purposes including cybersecurity breach. This session will cover the philosophies, strategies and tactics used to accomplish a successful campaign to recruit human assets to a cause. Factors to mitigate risk in these advanced social engineering attacks will also be examined.

The presentation can be downloaded here.

Brewers CAP Theorem

Computer Scientist, Eric Brewer, stipulated in the theorem that carries his name that you can have two out of three guarantees in distributed data storage with the guarantees being consistency, availability and partition tolerance. The limitations in Brewer’s “CAP” Theorem are not only key in solving modern big-data challenges, they also are critical in solving big-business issues.

Business as a Data Lake

It may be that 6 years running hundreds of experiments across different data philosophies and platforms have created long-term trauma that makes every problem in life look like a big-data problem but I cannot help but notice some parallel lessons between data lakes and organizations.