Fish in a Box
The Haystack and the Needles: Why Lossless Cybersecurity Analytics Require Deterministic Pipelines
Blaster, Mythos, and the Patching Tempo We're About to Need
The Nuclear Code Fork
Tokens, Time and the New Math of Getting Things Done
Empathetic Processing and Temporal Link Analysis: Research Pathways for AI in Cyber Defense
Artificial Narrow Intelligence (ANI) in Cybersecurity
BSidesSPFD - SECOPS Driving Prosecution via a Global CyberGrid
In a 2021 DarkReading article titled Handcuffs over AI, I describe the importance focusing on the outcome of increasing deterence in cybercrime. The presentation can be downloaded here.
Profit and Loss (PNL) of Cyber Security
The purpose of a CISO and a cyber program is to reduce the costs associated with cybersecurity. I said this to colleagues at a social mixer this week and their heads almost exploded. “Shouldn’t we be trying to stop and mitigate risk?” “We need to spend more money on cyber, not less.” “I can’t believe you, of all people, think we need to be doing less!”
Audacious Proposal
“Do you want to give up and let the bad guys win?” I want businesses to understand that cybercrime is a part of business in the exact same (not metaphorical) way as shoplifting, employees stealing office supplies, customers slipping on the floor, vandalism, executives abusing power against employees, hurricanes, power failures, earthquakes, flooding and taxes.
The goal in all risk management is to reduce the costs associated with the mishaps not to make them impossible.