Uncategorized

After the February, 2017 S3 incident, Amazon posted this: We are making several changes as a result of this operational event. While removal of capacity is a key operational practice, in this instance, the tool used allowed too much capacity to be removed too quickly. We have modified this tool to remove capacity more slowly…

Read More Learning Lessons from Incidents

At RSA’17, I spoke on “Security Leadership Lessons from the Dark Side.” Leading a security program is hard. Fortunately, we can learn a great deal from Sith lords, including Darth Vader and how he managed security strategy for the Empire. Managing a distributed portfolio is hard when rebel scum and Jedi knights interfere with your…

Read More Introducing Cyber Portfolio Management

In September, Steve Bellovin and I asked “Why Don’t We Have an Incident Repository?.” I’m continuing to do research on the topic, and I’m interested in putting together a list of such things. I’d like to ask you for two favors. First, if you remember such things, can you tell me about it? I recall…

Read More Calls for an NTSB?

Groundrules on Complaining About Security In this article, I want to lead into some other articles I’m working on. In those, I’m going to complain about security. But I want those complaints to be thoughtful and within a proper context. You will hear many of us in security talk about threat models. Adam literally wrote…

Read More Groundrules on Complaining About Security

There are two great blog posts at Securosis to kick off the new year: Tidal Forces: The Trends Tearing Apart Security As We Know It (Rich Mogull) Network Security in the Cloud Age: Everything Changes (Mike Rothman) Both are deep and important and worth pondering. I want to riff on something that Rich said: On…

Read More 2017 and Tidal Forces