Chris has over 30 years of experience in defensive information security; 14 years in the defense and intelligence community and 17 years in commercial industry.
He has designed, built and managed global security operations centers and incident response teams for eight of the global fortune-50. As he often says, if you have complaints about today’s security operations model, you can partially blame him. It’s from his first-hand experience in learning the limitations of the man vs. data SecOps model that Chris leads product design and strategy for Respond Software.
Digital interaction has surpassed interpersonal interaction — even grandmothers primarily interact with their grandchildren via iPad. Almost everything we do can be done via an App or online, before long that’ll be the only way we can do anything. We have a word for this and that is “critical infrastructure,” and as a society we
What if I told you that you could give your front-line security analyst a robot that could automatically tell you which cyber-incidents were spreading, which systems were in question, how dangerous the malware was, how it was detected, and numerous other factors that you would want to know? How would that change your world?
For the last 15 years, Security Ops Centers have been using rules (aka Boolean logic) to describe situations that look like an attack from the logs collected into their SIEM solutions. As an industry-wide standard practice, the intent is to reduce the volume of events to a reasonable level so that a human can effectively analyze them.
In 2001, I was a relatively new Security Operations Center manager for IBM’s Managed Security Services Delivery (yay, MSSD!). On a Friday night relaxing at home, I was a few beers into my evening, when the phone rang.
For the last two decades, our industry has tried many different solutions to resolve the SOC analyst scarcity problem, including letting the Network Operations Center (NOC) handle security monitoring, which was a complete failure.