Great investigators know the importance of details but often we go too deep, too quickly. An organized approach to incident response will allow more actionable intelligence to be created in less time.

What distributed denial of service (DDoS) is and how NetFlow can give situational awareness when it happens to your network.

Vendors and Analysts want to have conversations around products. Organizations want to talk about their business problems. Vendors rename their products "solutions" and Organizations start evaluating the products and forget about their business problems. Here is an open letter to both sides.

An average organization will lose more than $10M to cyber crime this year in detectable losses and much more in un-quantifiable damages as trade secrets, customer data and financial records are stolen without detection. It's time to re-evaluate the need for advanced security teams in organizations that want to stay afloat in an age of rampant, sophisticated corporate espionage from attackers ranging from organized crime to nation-states. 

NetFlow when effectively stored makes a great basis for analyzing indicators of compromise (IOC) like those provided in Mandiant's APT1 report.

Summary of the "Network Security School of Ft. Knox" series I penned and the webinar accompanying it.

Some easy and free steps to keeping a Windows laptop free of viruses and other nasties.

When rules restrain retaliation against inappropriate behavior lesser men are able to gain an advantage over greater men. I retell a story of how I tormented an honorable Marine that was ham-stringed by regulation and how the lessons I learned that night in a New Orleans bar can teach us something on when we should strike back against cybercriminals and state sponsored attacks.The Pentagon is currently seeking permission to strike against attackers and I explain why I support the proposal.

Password Day comes but twice a year and this year I've added a couple of new traditions to the celebration. I've crumbled and started using password management and am giving SMS authentication a whirl.