






"Detect/respond" capability is as important as "prevent". Badguys *will* get in to your network: find & remove them #FIRSTcon14
Ozment: Information sharing doesn't help unless recipients have a baseline capability to use the shared info. #FIRSTcon14
Yesterday at #AWSWWPS and it seemed like male to female 25 to 1. At #FIRSTCon14 now and seems like a 30 to 1 ratio. We need women in #STEM
"SOC culture is closed and suspicious by necessity" Not at all! Observe a better SOC. #firstcon14
"You have to do the work and live the life to understand the SOC." Using Anthropology to Study Security #FIRSTCon14
Analysts know more than they can tell: tacit knowledge, held in the community. Need to incentivise sharing #FIRSTcon14
Need to be an analyst to learn what analysts do - participant observation, not flies on the wall #FIRSTcon14
Sochi network: ~4billion flows per day recorded by lancope #firstcon14
"Emerging Trading System Attacks" presented by BT ethical #hacker Konstantinos Karagiannis. #firstcon14 http://ow.ly/yr0ws #security
Number of #firstcon14 sessions saying we don't know how CIRTs work. Really wish they could have observed GE-CIRT a few years ago.
Hi @DavidJBianco & #firstcon14 I tried to capture the operational processes we applied to CIRT ops in ch 9 of my book http://nostarch.com/nsm
@taosecurity #firstcon14 great point! More of these researchers need to read that.
CERTs are a foreign country: to study them, need to be an anthropologist, not a tourist #FIRSTcon14
NBC Universal spent $65m on technology for Sochi Olympics #firstcon14
Cyber exercise to stay fit! Ozment: "to be really good at incident response you must practice" #FIRSTCon14
Security Expert: Industry Is Failing Miserably At Fixing Underlying Dangers: http://go.crn.com/1lnTm2q #cybersecurity #firstcon14
"STIX & CybOX are really complex." Need to build tools that guide user data needs into specific use cases. <-- VERY MUCH THIS! #firstcon14
All props to DHS, but I'm going to be annoyed if every automating/sharing threat Intel preso is "look, we discovered STIX." #firstcon14
"The whole idea that we can patch it later, fix it after publication is simply wrong" @TheRealSpaf #FIRSTCon14
Unless security is baked in at the foundation, it will always be a secondary concern and therefore the weak link in the chain #firstcon14
Here... I patched your patch so you can patch while you're patching your patches #firstcon14
S&T initial CSIRT finding: Non-routine #cyber incidents usually trigger complex collaboration #FIRSTCON14