Stuck in Traffic – What are Supply Chain Attacks?

Archive for the ‘Blogs’ Category

Stuck in Traffic – War Insurance

Posted by

What happens when our insurance provider declares damages were causes by an act of war? Turns out, in many policies, they can avoid paying due to “war exclusions.”

Commentary on The New York Times article: Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong.

Watch more videos on my YouTube channel.

Shall We Play a Game?

Posted by

Presented at BSides SF 2019.

Muscle memory, incident responders will tell you, is crucial to acting quickly in a crisis. Cyber Threat Intelligence informs what we do, but practice ensures we do it well—executing effectively to eliminate the threat and protect the organization. This session provides an approach to developing security exercises and running practice drills. MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) forms the basis of this approach. We will cover the fundamentals of an exercise: selecting the story, identifying the tactics, threat modeling, table top discussions, adversarial emulation, and scoring. The session concludes with advice on creating an overall exercise program, focusing on repetition, momentum, and building muscle. Turn intelligence into practiced action with security game

Watch more videos on my YouTube channel.