Articles

 

  • The Simplest GRC Tool

    In a wonderful reflection written thirty years ago, the great Edsger Dijkstra described an automatic tool that helped him with his groundbreaking work on a compiler for Algol 60, a precursor programming language to just about every language we've had since: "I then allowed myself the luxury of a portable typewriter," he explained, "which I still have. It had square brackets. It had braces too. I could also type - > and = >."

  • Why CISOs Need Private Coaches

    A few years ago, I had the opportunity to spend a delightful afternoon with the great Lou Holtz. I was the warm-up speaker for him at one of the annual General Services Administration (GSA) Conferences in DC.

  • Cyber File Surgery

    Roughly two decades ago, I participated in a cool project with the White House to construct a Y2K Coordination Center. The center, which was situated on I Street in Washington, had the mission to solicit and ingest data, information, and gossip from around the world via fax, email, phone, and web.

  • Cyber Attribution for Enterprise

    In perhaps the greatest scene of any movie ever, Harrison Ford as Indiana Jones watches an expert swordsman on the streets of Cairo swiftly brandish his weapon in advance of an epic fight.

  • Software-Defined Firewalls

    Truly original concepts in cyber security are few and far-between. Instead, our purported advances are usually just incremental improvements on existing solutions.

  • Protecting Our (Digital) Way of Life

    I'm going to list three companies, and I'll ask that you write down the first word that comes to mind as you hear the names: Google. Boeing. Xerox. (I'll pause here, and hum a few bars of the Jeopardy song while you answer.)

  • SOC Analysts on Steroids

    Back in 1998, I wrote a text book called . . . now get this: Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response.

  • Solidifying Email Security

    Sometimes when I need a vivid phrase for describing a cyber security solution in my writing, I'll review the advertising slogans for products that do similar things in non-computing settings.

  • On Software Correctness and Security

    When I was in graduate school, my favorite book was Selected Writings on Computing: A Personal Perspective, by Edsger W. Dijkstra (Springer-Verlag, 1982). Organized as a printed compendium of Dijkstra's best EWD articles - perhaps the earliest blog posts - the book remains a delightful read.

  • Questions for Executives on Cyber

    During my career, it's been my honor to have served alongside some of the most capable and talented corporate executives in the world.

  • Detecting Malicious Imitators

    Over half a century ago, the great MIT researcher Joseph Weizenbaum created a seminal computer program called ELIZA. Named after the Pygmalion character, the software was designed to interact with a human in a way that would give the impression that ELIZA was, in fact, also a living being.

  • To Tell the Truth (Bio Edition)

    For the past seven decades, Americans have enjoyed a television game show called To Tell the Truth. On the show, three contestants appear before four celebrities who try to determine which was the 'actual person' portrayed in a description that was given to the panel.

  • Real-Time Interference for Cyber

    Here are some practical recommendations from an expert on playing defense that I found today in a document on the Internet: To be sound in our defense, we must be able to adjust our defense.

  • Decentralized Authentication for a Passwordless World

    The year was 2013, and Apple had just released iPhone 5S with Touch ID, a fingerprint sensor feature that made unlocking devices as easy as touching glass. Young Brooklyn-born tech entrepreneur, George Avetisov, well-versed in eCommerce and cryptocurrencies, began to connect the dots between the threats he was seeing on the Internet each day-to-day with the exciting advances in biometrics and identity-related protections. Thus was born HYPR.