Thursday, July 02, 2009

Still Blogging

When I announced I would join General Electric as Director of Incident Response in June 2007, I had to post a follow-up titled I'm Not Dead. That issue even made it onto Bill Brenner's radar. Two years later I'm still at GE, glad that as of 1 January this year we have a functional and growing Computer Incident Response Team (CIRT) manned by the best incident handlers and support staff you'll find anywhere.

Sometimes work occupies time I would have previously spent blogging, reading, or writing. That's why you'll often see a flurry of blog posts when I have time on a weekend (or now, before a Company holiday). I've fallen far behind in my reading, and my writing is limited to articles. However, I will be collaborating with Keith Jones and team for Real Digital Forensics Volume 2, which should be cool. I don't have a schedule for other books beyond RDF2 at the moment.


Richard Bejtlich is teaching new classes in Las Vegas in 2009. Late Las Vegas registration ends 22 July.

7 comments:

VivekRajan said...

Nice logo. Is that your team's logo at GE ? Does 3/8 communicate the current threat level ?

Richard Bejtlich said...

Good guess, but not correct. Props to the first non-GE-CIRT person to post what 3/8 means... :)

Rocky DeStefano said...

My guess:

http://ws.arin.net/whois/?queryinput=3.0.0.0

OrgName: General Electric
NetRange: 3.0.0.0 - 3.255.255.255
CIDR: 3.0.0.0/8
NetName: GE-INTERNET

inuk-x said...

I like Rocky's answer, but for the sake of being different, I will posit that 3/8 represents Breach 3, Impact 8, probably a very common state on today's networks.

"Breach 3 / Impact 8 / Intruder has established command and control channel from asset with ready access to sensitive data"

secdz said...

3 x 8 = 24 H ... the non-stop team ? :)

John Ward said...

I think its because Rich is only 3/8 my height :)

Or maybe I don't even have 3/8 his security skills :)

Anonymous said...

Since you are still blogging. I have a request. How does one get started with Netflow with no funding?

I have a very large network 100k+ nodes and no funding for a netflow solution. However the Networking guys are willing to turn on netflow on the main internet firewalls if I can figure out what to do with it.

So could you write an article on how to get started with $0 for software and couple of big servers ready to crunch. With the main objective being to identify unknown or dodgy communications.

That would probably reach a few people on this blog.