Chris has over 30 years of experience in defensive information security; 14 years in the defense and intelligence community and 17 years in commercial industry.
He has designed, built and managed global security operations centers and incident response teams for eight of the global fortune-50. As he often says, if you have complaints about today’s security operations model, you can partially blame him. It’s from his first-hand experience in learning the limitations of the man vs. data SecOps model that Chris leads product design and strategy for Respond Software.
The realities of security monitoring and the promise of SIEM? In enterprise IT, data is collected from any number of IT and security devices, and then used to monitor, protect, understand and manage our technology-enabled businesses. Due to the ever-expanding attack surface, the amount of data collected today is overwhelmingly unmanageable, and ironically, we only
The introduction of virtual analysts, artificial intelligence and other advanced technologies into the Security Operations Center (SOC) is changing how we should think about maturity models. AI is replacing traditional human tasks, and when those tasks are automated the code effectively becomes the procedure. Is that a -1 or a +10 for security operations? Let’s
Digital interaction has surpassed interpersonal interaction — even grandmothers primarily interact with their grandchildren via iPad. Almost everything we do can be done via an App or online, before long that’ll be the only way we can do anything. We have a word for this and that is “critical infrastructure,” and as a society we
What if I told you that you could give your front-line security analyst a robot that could automatically tell you which cyber-incidents were spreading, which systems were in question, how dangerous the malware was, how it was detected, and numerous other factors that you would want to know? How would that change your world?
For the last 15 years, Security Ops Centers have been using rules (aka Boolean logic) to describe situations that look like an attack from the logs collected into their SIEM solutions. As an industry-wide standard practice, the intent is to reduce the volume of events to a reasonable level so that a human can effectively analyze them.
In 2001, I was a relatively new Security Operations Center manager for IBM’s Managed Security Services Delivery (yay, MSSD!). On a Friday night relaxing at home, I was a few beers into my evening, when the phone rang.