infosec

While I don't like "vendor dogpiles" every time there is a mainstream cybersecurity breach, they do serve as good opportunities to change InfoSec paradigms. In this article discusses the value of monitoring with enforcement as well as repairing or creating response processes.

Deck and video of my GrrCON talk.

My presentation deck from Converge Conference can be downloaded here.

Some organizations have chosen to adopt a "plausible deniability" strategy to InfoSec. This article outlines some methods of helping these organizations move to a safer security practice.

3 dangerous "lessons" that have come from Target Breach discussions that we need to quickly unlearn.

With Microsoft discontinuing support of Windows XP, organizations need guidance on how to protect the legacy machines they can't replace.

Using NetFlow for Information Security has some unique challenges that NETOPS tools don't have to deal with. I put Splunk head to head against StealthWatch and lay out methodolgies for testing other tools.