Chris has over 30 years of experience in defensive information security; 14 years in the defense and intelligence community and 17 years in the commercial industry.
He has designed, built and managed global security operations centers and incident response teams for six of the global fortune-50. As he often says, if you have complaints about today’s security operations model, you can partially blame him. It’s from his first-hand experience in learning the limitations of the man vs. data SecOps model that Chris leads product design and strategy
What if I told you that you could give your front-line security analyst a robot that could automatically tell you which cyber-incidents were spreading, which systems were in question, how dangerous the malware was, how it was detected, and numerous other factors that you would want to know? How would that change your world?
For the last 15 years, Security Ops Centers have been using rules (aka Boolean logic) to describe situations that look like an attack from the logs collected into their SIEM solutions. As an industry-wide standard practice, the intent is to reduce the volume of events to a reasonable level so that a human can effectively analyze them.
Respond Software commissioned the Cyentia Institute, led by founder Wade Baker, to research the tasks conducted in the modern Security Operations Center (SOC). This new report, The Voice of the Analyst Study, focuses on the human side of the SOC/CIRT to build understanding, share insight, and ultimately empower teams to be the best they can be.
I would love to tell you that there was a more formal origin behind the core tenets of the Security Situation Center (SSC), but the truth is, the concept originated from my watching too much Star Trek.
In early 2016, Mike Armistead, Robert Hipps and I founded Respond Software to create something big that would make a difference for the operational security industry. We knew that by leveraging our combined backgrounds we could create a breakthrough solution to bring an end to console monitoring. Yes, you heard this right.