• Predictive AI for Endpoints

    Here is a quote from Elon Musk that surfaced about a year ago: "With artificial intelligence, we are summoning the demon." In contrast, around the same time, my good friend Stuart McClure, CEO of Cylance, offered the following comment on his blog: "I ask you to look beyond the robot uprising media memes and consider AI as the problem-solving technology that it is." For the record, I agree with Stuart.

  • What to Tell Your Boss About Supermicro

    Everyone I know believes Supermicro is guilty. The story, which you know by now, is that during the assembly process at this $2B company, oft-called the Microsoft of hardware, a rice-sized Trojan chip was placed onto their motherboards, which are manufactured in San Jose.

  • IoT Micro-Security

    I remember wandering into a conference talk several years ago, where some spy-consultant was explaining how you bug a conference table with a UHF transmitter. Most of the talk didn't stick with me, but I remember that the bug design involved a quick burst of data, followed by a period of quiet.

  • Security Ethics for Robots

    I first heard about Twitter directly from Jack Dorsey. He and I were standing backstage about a decade ago in New York City, chatting about his new service. Hugh Thompson, now CTO of Symantec, was also there, and after Jack rushed off to prepare for his on-stage interview, I made one of the dumbest comments in the history of technology: "Hugh," I said confidently, "I don't see how that Twitter thing can be successful." There - I admit it.

  • The Simplest GRC Tool

    In a wonderful reflection written thirty years ago, the great Edsger Dijkstra described an automatic tool that helped him with his groundbreaking work on a compiler for Algol 60, a precursor programming language to just about every language we've had since: "I then allowed myself the luxury of a portable typewriter," he explained, "which I still have. It had square brackets. It had braces too. I could also type - > and = >."

  • Why CISOs Need Private Coaches

    A few years ago, I had the opportunity to spend a delightful afternoon with the great Lou Holtz. I was the warm-up speaker for him at one of the annual General Services Administration (GSA) Conferences in DC.

  • Cyber File Surgery

    Roughly two decades ago, I participated in a cool project with the White House to construct a Y2K Coordination Center. The center, which was situated on I Street in Washington, had the mission to solicit and ingest data, information, and gossip from around the world via fax, email, phone, and web.

  • Cyber Attribution for Enterprise

    In perhaps the greatest scene of any movie ever, Harrison Ford as Indiana Jones watches an expert swordsman on the streets of Cairo swiftly brandish his weapon in advance of an epic fight.

  • Software-Defined Firewalls

    Truly original concepts in cyber security are few and far-between. Instead, our purported advances are usually just incremental improvements on existing solutions.

  • Protecting Our (Digital) Way of Life

    I'm going to list three companies, and I'll ask that you write down the first word that comes to mind as you hear the names: Google. Boeing. Xerox. (I'll pause here, and hum a few bars of the Jeopardy song while you answer.)

  • SOC Analysts on Steroids

    Back in 1998, I wrote a text book called . . . now get this: Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response.

  • Solidifying Email Security

    Sometimes when I need a vivid phrase for describing a cyber security solution in my writing, I'll review the advertising slogans for products that do similar things in non-computing settings.

  • On Software Correctness and Security

    When I was in graduate school, my favorite book was Selected Writings on Computing: A Personal Perspective, by Edsger W. Dijkstra (Springer-Verlag, 1982). Organized as a printed compendium of Dijkstra's best EWD articles - perhaps the earliest blog posts - the book remains a delightful read.

  • Questions for Executives on Cyber

    During my career, it's been my honor to have served alongside some of the most capable and talented corporate executives in the world.