Posts

Showing posts from 2016

Check Out My TeePublic Designs

Image
Over the years fans of this blog have asked if I would consider selling merchandise with the TaoSecurity logo. When I taught classes for TaoSecurity from 2005-2007 I designed T-shirts for my students and provided them as part of the registration package. This weekend I decided to exercise my creative side by uploading some designs to TeePublic . TeePublic offers clothing along with mugs, phone cases, notebooks, and other items. Two are based on the TaoSecurity logo. One includes the entire logo, along with the company motto of "The Way of Digital Security." The second is a close-up of the TaoSecurity S, which is a modified yin-yang symbol. Two other designs are inspired by network security monitoring. One is a 1989-era map of MilNet, the United States' military network. This image is found in many places on the Internet, and I used it previously in my classes. The second is a close-up of a switch and router from the TaoSecurity labs. I used this equipment to creat

Five Ways That Good Guys Share More Than Bad Guys

It takes a lot for me to write a cybersecurity blog post these days. I spend most of my writing time working on my PhD . Articles like Nothing Brings Banks Together Like A Good Hack drive me up the wall, however, and a Tweet rant is insufficient. What fired me up, you might ask? Please read the following excerpt: [Troels] Oerting, with no small dose of grudging admiration, says his adversaries excel at something that can’t be addressed with deep pockets or killer software: They’re superb networkers. “ The organized crime groups in cyber are sharing much better than we are at the moment,” says Oerting, a Dane with a square jaw and the watchful eyes of a cop who’s investigated the underworld for 35 years. “They are sharing methodologies, knowledge, tools, practices—what works and what doesn’t.” Statements like these are regularly submitted without evidence. In response, I provide five sources of evidence why organized crime groups do not share more than defenders. 1. Solution pro

Updated PhD Thesis Title

Image
Yesterday I posted Latest PhD Thesis Title and Abstract . One of my colleagues Ben Buchanan subsequently contacted me via Twitter and we exchanged a few messages. He prompted me to think about the title. Later I ruminated on the title of a recent book by my advisor, Dr. Thomas Rid. He wrote Cyber War Will Not Take Place . One of the best parts of the book is the title. In six words you get his argument as succinctly as possible. (It could be five words if you pushed "cyber" and "war" together, but the thought alone makes me cringe, in the age of cyber-everything.) I wondered if I could transform my latest attempt at a thesis title into something that captured my argument in a succinct form. I thought about the obsession of the majority of the information security community on the tool and tactics level of war. Too many technicians think about security as a single-exchange contest between an attacker and a defender, like a duel. That reminded me of a proble

Latest PhD Thesis Title and Abstract

Image
In January I posted Why a War Studies PhD ? I recently decided to revise my title and abstract to include attention to both offensive and defensive aspects of intrusion campaigns. I thought some readers might be interested in reading about my current plans for the thesis, which I plan to finish and defend in early 2018. The following offers the title and abstract for the thesis. Network Intrusion Campaigns: Operational Art in Cyberspace   Campaigns, Not Duels: The Operational Art of Cyber Intrusions* Intruders appear to have the upper hand in cyberspace, eroding users' trust in networked organizations and the data that is their lifeblood. Three assumptions prevail in the literature and mainstream discussion of digital intrusions. Distilled, these assumptions are that attacks occur at blinding speed with immediate consequences, that victims are essentially negligent, and that offensive initiative dominates defensive reaction.  This thesis examines these assumptions t

Lt Gen David Deptula on Desert Storm and Islamic State

Image
This weekend Vago Muradian interviewed Lt Gen (ret) David Deptula, most famous for his involvement as a key planner for the Desert Storm air campaign. I recommend watching the entire video, which is less than 8 minutes long. Three aspects caught my attention. I will share them here. First, Lt Gen Deptula said that Desert Storm introduced five changes to the character of warfare. I noted that he used the term "character," and not "nature." If you are a student of warfare and/or strategy, you are most likely in the camp that says warfare has an unchanging nature, although its character can change. This is the Clausewitz legacy. A minority camp argues that warfare can change both nature and character. Second, turning to the five changes introduced by Desert Storm, Lt Gen Deptula listed the following. 1. Desert Storm introduced "expectations of low casualties, for both sides ." I agree with the expectation of low casualties for the US, but I don'

Why a War Studies PhD?

Image
When I begin receiving multiple questions on a topic, it's a signal that I should write a blog post. Several of you have asked me about my experience as a PhD candidate in the King's College London Department of War Studies . In this post I will try to answer your questions by explaining how I got to this point and my overall impressions about the program. My Academic Background I have bachelor's of science degrees in history and political science from the US Air Force Academy, and a master's degree in public policy from the Harvard Kennedy School. My last formal academic training ended in 1997 when I graduated from the Air Force Intelligence Officers Training Course. Why a PhD? I seriously began considering working on my PhD in 2006, when I was an independent consultant. I've guest lectured at dozens of schools over the years, and taught hundreds of students through my Black Hat courses. I thought the PhD experience would open more doors for future acad

Happy 13th Birthday TaoSecurity Blog

Image
Today, 8 January 2016, is the 13th birthday of  TaoSecurity Blog ! This is also my 3,000th blog post. I wrote my  first post  on 8 January 2003 while working as an incident response consultant for Foundstone. Kevin Mandia was my boss. Today I am starting my third year as Chief Security Strategist at  FireEye , still working for Kevin Mandia. (It's a small world. In April I will hit my five year anniversary with the Mandiant part of FireEye.) In 2015 my blogging frequency increased dramatically, with 55 posts, more than double my 2014 total of 23 and triple my 2013 output of 18. In 2012 I posted 60 stories, so I was close to that level in 2015. It's still nothing like my writing from 2003-2011 however! Why the drop over the years? I "blame" my  @taosecurity  Twitter account. With almost 36,000 followers, easy posting from mobile devices, and greater interactivity, Twitter is an addictive platform. I have authored roughly 16,000 Tweets since first posting in July

2014-2015 Professional Reading Round-Up

At an earlier point in my career, I used to read a lot of technical security books. From 2006 to 2012 I published a series of Best Book Bejtlich Read posts. Beginning in 2013 I became much more interested in military-derived strategy and history, dating back to my studies at the Air Force Academy in the early 1990s. I stopped reviewing books at Amazon.com and didn't talk about my reading. Last week I read Every Book I Read in 2015 by T. Greer, which inspired me to write my own version of that post. I have records for 2014-2015 thanks to a list I keep at Amazon.com. I'm modifying Greer's approach by not including personal reading, but I am adopting his idea to bold those titles that were my favorites. The following are presented such that the most recently read appears first. 2015 Reading (37 books): Restraint: A New Foundation for U.S. Grand Strategy   by Barry R. Posen  *(I'm joining the "restraint" school. I will say more about this in 2016.) Le