Bejtlich Moves On

Exactly six years ago today I announced that I was joining Mandiant to become the company's first CSO. Today is my last day at FireEye, the company that bought Mandiant at the very end of 2013.

The highlights of my time at Mandiant involved two sets of responsibilities.

First, as CSO, I enjoyed working with my small but superb security team, consisting of Doug Burks, Derek Coulsen, Dani Jackson, and Scott Runnels. They showed that "a small team of A+ players can run circles around a giant team of B and C players."

Second, as a company spokesperson, I survived the one-of-a-kind ride that was the APT1 report. I have to credit our intel and consulting teams for the content, and our marketing and government teams for keeping me pointed in the right direction during the weeks of craziness that ensued.

At FireEye I transitioned to a strategist role because I was spending so much time talking to legislators and administration officials. I enjoyed working with another small but incredibly effective team: government relations. Back by the combined FireEye-Mandiant intel team, we helped policy makers better understand the digital landscape and, more importantly, what steps to take to mitigate various risks.

Where do I go from here?

Twenty years ago last month I started my first role in the information warfare arena, as an Air Force intelligence officer assigned to Air Intelligence Agency at Security Hill in San Antonio, Texas. Since that time I've played a small part in the "cyber wars," trying to stop bad guys while empowering good guys.

I've known for several years that my life was heading in a new direction. It took me a while, but now I understand that I am not the same person who used to post hundreds of blog entries per year, and review 50 security books per year, and write security books and articles, and speak to reporters, and testify before Congress, and train thousands of students worldwide.

That mission is accomplished. I have new missions waiting.

My near-term goal is to identify opportunities in the security space which fit with my current interests. These include:
  • Promoting open source software to protect organizations of all sizes
  • Advising venture capitalists on promising security start-ups
  • Helping companies to write more effective security job descriptions and to interview and select the best candidates available
My intermediate-term goal is to continue my Krav Maga training, which I started in January 2016. My focus is the General Instructor Course process required to become a fully certified instructor. I will also continue training in my other arts, such as Brazilian Jiu-Jitsu. Krav, though, is the priority, thanks to the next goal.

My main instructor, Nick Masi (L) and his instructor, Eyal Yanilov (R)
My long-term goal is to open a Krav Maga school in the northern Virginia area in the fall of 2018. Accomplishing this goal requires completing the GIC process and securing a studio and students to join me on this new journey. I plan to offer private training, plus specialized seminars for other executives who feel burned out, or who seek self-defense or fitness. I will also offer classes tailored for kids and women, to meet the requirements of those important parts of our human family.

Anyone who has spoken with me about these changes has sensed my enthusiasm. I've also likely encouraged them to join me at my current Krav Maga school, First Defense in Herndon, VA. Tell them Richard sent you!

Change, while often uncomfortable, is a powerful growth accelerator. I am thankful that my family, and my wife Amy in particular, are so supportive of my initiatives.

If you would like to join me in any of these endeavors, please leave a comment here with your email address, or email me via taosecurity at gmail dot com. Best wishes to those remaining at FireEye!

Comments

Grady said…
Richard, best of luck as you shift into the next phase of life/career. You've had a huge impact on Mandiant/FireEye over the years, and a similarly big impact on me personally. Thanks for recruiting me to Mandiant 5+ years ago! Look forward to seeing what's next for you. Maybe I'll get to take a class at Bejtlich Krav Maga soon...
9:43 AM
Khürt Williams said…
> Helping companies to write more effective security job descriptions and to interview and select the best candidates available.

> Promoting open source software to protect organizations of all sizes.

Yes please!!!

And best of luck on your new adventures. I look forward to reading about them.
9:58 AM
Chris Henson said…
Richard, I've greatly enjoyed all of the information you've shared and I appreciate the effort you've put into getting good info out there to the Security Community. You are right about A players. I actually had the chance to meet and work with Doug Burks on some consulting work he did with our firm for Security Onion. Definitely an A player there. Again, thank you for all of the knowledge shares. Intelligence is how we beat the bad guys!

Great luck in your next endeavors and especially the Krav Maga - that is AWESOME!!
10:24 AM
Unknown said…
Change is good! I hope you enjoy some down time before jumping into the next thing (Krav Maga aside). It was a real pleasure working with you, and I hope to get the opportunity again.
11:54 AM
Anonymous said…
Good luck Richard - it was a pleasure to work with you. Your vision will live on.

-Veronica
12:26 PM
Steven J. Murdoch said…
Good luck with your future plans. Sounds exciting!
12:49 PM
Richard Park said…
Richard, good luck with the next step on your journey. I've always been encouraged about how you never rest on your laurels but you continue to develop your skillsets and interests. It could be tempting to remain in your senior role indefinitely but you choose to put that aside and do what's most important to you.

I'm really glad I decided to take one of your last TaoSecurity classes in Chicago in 2007. Not only did it help me to get my job at Sourcefire, it also convinced me that any serious security analyst needs to use NSM. And just as important, I learned who Elvis's karate instructor was and what style of karate he used. :)
12:59 PM
Noorisha said…

Richard, I was already a bit starstruck when I met you at blackhat. Extrusion detection and the Tao had left me in awe. This decision of yours has increased my admiration and respect for you further.

The ultimate future of security technology must be open source solutions with an active community and a healthy commercial support ecosystems. I will keep my eyes open for opportunities to support in whatever way I can.

Not much krav maga in Dubai, but when you open your school, I will make the pilgrimage. Best of luck in all your endeavors.


2:06 PM
Unknown said…
Richard,

You will be sorely missed. I always appreciated your deep expertise and professionalism and wish we were able to spend more cycles together. Wish you the best in your next endeavors!

-Tony C
7:04 PM
Unknown said…
Richard I wish you all the best in the next chapter of your career. Based on my experience with you at GE I am positive that the krav maga community will greatly benefit from your passion and expertise. I look forward to catching up with you soon and thank you for all that I've learned from you over the years.

--Scott
1:52 PM
Dani said…
Richard,
Thank you for giving so much to the Security community, especially to those that you've mentored. It's been a privilege supporting you, our awesome team and the mission. You've left key indicators of success in this field. We know where you've been and where to find you :)

Can't wait to see all you do with Krav Maga.

Dani
11:59 AM
Unknown said…
Richard - Good luck to you! Thank you for inviting me to participate in one of your SANS APT panels and helping me at the DoD Cyber Crime Conference when I was unexpectedly called back to testify before the House of Representatives in the middle of the conference.

Thanks again!

Stephen
2:01 PM
Post a Comment

Popular posts from this blog

Zeek in Action Videos

Image
This is a quick note to point blog readers to my Zeek in Action YouTube video series for the Zeek network security monitoring project .  Each video addresses a topic that I think might be of interest to people trying to understand their network using Zeek and adjacent tools and approaches, like Suricata, Wireshark, and so on.  I am especially pleased with Video 6 on monitoring wireless networks . It took me several weeks to research material for this video. I had to buy new hardware and experiment with a Linux distro that I had not used before -- Parrot .  Please like and subscribe, and let me know if there is a topic you think might make a good video.
Read more

MITRE ATT&CK Tactics Are Not Tactics

Image
Just what are "tactics"? Introduction MITRE ATT&CK  is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March 2020 says the following: At a high-level, ATT&CK is a behavioral model that consists of the following core components: • Tactics, denoting short-term, tactical adversary goals during an attack; • Techniques, describing the means by which adversaries achieve tactical goals; • Sub-techniques, describing more specific means by which adversaries achieve tactical goals at a lower level than techniques; and • Documented adversary usage of techniques, their procedures, and other metadata. My concern is with MITRE's definition of "tactics" as "short-term, tactical adversary goals during an attack," which is oddly recursive. The key word in the tacti
Read more

New Book! The Best of TaoSecurity Blog, Volume 4

Image
  I've completed the TaoSecurity Blog book series . The new book is  The Best of TaoSecurity Blog, Volume 4: Beyond the Blog with Articles, Testimony, and Scholarship .  It's available now for Kindle , and I'm working on the print edition.  I'm running a 50% off promo on Volumes 1-3 on Kindle through midnight 20 April. Take advantage before the prices go back up. I described the new title thus: Go beyond TaoSecurity Blog with this new volume from author Richard Bejtlich. In the first three volumes of the series, Mr. Bejtlich selected and republished the very best entries from 18 years of writing and over 18 million blog views, along with commentaries and additional material.  In this title, Mr. Bejtlich collects material that has not been published elsewhere, including articles that are no longer available or are stored in assorted digital or physical archives. Volume 4 offers early white papers that Mr. Bejtlich wrote as a network defender, either for technical or pol
Read more