Posts

Showing posts from November, 2014

Response to "Can a CISO Serve Jail Time?"

I just read a story titled  Can a CISO Serve Jail Time? Having been Chief Security Officer (CSO) of Mandiant prior to the FireEye acquisition, I thought I would share my thoughts on this question. In brief, being a CISO or CSO is a tough job. Attempts to criminalize CSOs would destroy the profession. Security is one of the few roles where global, distributed opponents routinely conduct criminal acts against business operations. Depending on the enterprise, the offenders could be nation state adversaries largely beyond the reach of any party, to include the nation state hosting the enterprise. Even criminal adversaries can remain largely untouchable. I cannot think of another business function that suffers similar disadvantages. If a commercial competitor took actions against a business using predatory pricing, or via other illegal business measures, the state would investigate and possibly prosecute the offending competitor. For actions across national boundaries, one might ...

Thank You for the Review and Inclusion in Cybersecurity Canon

Image
I just read  The Cybersecurity Canon: The Practice of Network Security Monitoring at the Palo Alto Networks blog . Rick Howard, their CSO, wrote the post, which marks the inclusion of my fourth book in Palo Alto's Cybersecurity Canon . According to the company's description, the Canon is: a list of must-read books where the content is timeless, genuinely represents an aspect of the community that is true and precise and that, if not read, leaves a hole in a cybersecurity professional’s education that will make the practitioner incomplete. The Canon candidates include both fiction and nonfiction, and for a book to make it into the canon, must accurately depict the history of the cybercrime community, characterize key places or significant milestones in the community, or precisely describe technical details that do not exaggerate the craft. It looks like my book is only the second technical book to be included. The first appears to be the CERT Guide to Insider Threats...