Event and Slides Introduction Welcome to Start with Security. My name is Ian and I’m here to introduce you to some of the free materials that have been produced by […]
This is a super high level presentation about basic threat modeling, SDL, and why a proactive stance is better than a reactive. I thought that it was fun. Threats, Threat […]
The current field of information security is largely one of arcana, vagueness, arbitrary views, philosophy, mountaintop sages, a general lack of reliable data, and legions of vendors selling “best practices.” […]
Toorcamp was many things this year. It was fun. It was uncomfortable. Dustdevils ate things occasionally. It was turbulent due to the trouble with Levitate to get hackers to help […]
I gave a little talk this weekend at the second Seattle Toorcon. Lots of execs have the idea that technology is a cost center and not the bedrock that enables […]
This is a presentation that I gave earlier this week at the ITCi Conference in San Diego, California. It was requested that I speak about security and compliance metrics, and […]
This is no simple task as there is a lot of sales material that will promise anything, but from the presentation of the architecture and real-world benchmarking, a clear image may present itself.Two of the large commercial research firms authored materials were also gathered to assist in this mater, though one of them was shockingly inaccurate, unfamiliar with the history and utility of the tools in practice, and offered some very poor advice in its conclusions. Unfortunately this is all too common in my experience with commercial research, so the wise buyer of capital investment level hardware and software would be best served to spend the time evaluating each architecture, dependancies, and challenges if they are able.That being said, I will begin my presentation: A SIM implementation has the ability to solve a variety of problems at once due to its evolution from a log management platform.