Tuesday, June 14, 2016

FIRST 2016 - Innovation

Today's keynote at the FIRST conference discussed the importance of innovation in security products and services. Not everyone is a fan of such things.


Innovation, you say?
It's easy to say.
Harder to do when you're spending your day
Fighting the fires and calling out liars
And answering calls from your C-level criers.
We barely have time to kick all the tires
On products we buy
Whenever we try
To solve all our problems
When the budget is high.
(Sometime we barely can even ask why.)
Often we're choosin'
Tools that are proven
By peers who have shown
That they're really worth usin'
And are ones that risk management ain't refusing.
We'd like something new,
Innovation that's true,
But it's rare that it's something we'd purposely do.
Radical changes we often eschew.
Innovation is something, I guess, that we fear.
It's something, I'd say, you'll never find here.

Monday, June 13, 2016

FIRST 2016 - Tabletop Exercises

Performing tabletop exercises to practice and learn more about incident response processes of an organization and to improve those processes is an excellent thing to do. Kenneth van Wyk gave an excellent presentation on how to run tabletop exercises.


Fledgling stretches wings
Learning how to make them work.
SOC testing new tools.

A confident hawk
Dives to catch its fleeing prey.
The IDS fires.

Unseen in the trees,
Trappers wait with heavy nets.
A tabletop drill.

How will the hawk eat
When it's wings and beak are bound?
Prepare for the worst.

Hawk learning to hunt
While tied to the rocky ground.
SOC will be ready.

No matter the wind,
The rain, or the predators.
Business must go on.

FIRST 2016 - The Vulnerability Lifecycle

CERT/CC presented a workshop on coordinating vulnerability disclosure. Understanding the vulnerability life cycle helps when developing a corporate vulnerability management process.

Vulnerabilities live, those wee nasty things.
And all through their lives, oh, the mess that they bring!
First they're discovered through various methods,
Researchers probing and using their big heads
Or accidents happening by users at play
That leave them amazed or completely dismayed.
Once it's discovered, it's time for disclosure,
Which may cause a vendor to lose their composure.
This process requires so much c'ordination
Which reduces the impact and bad situations.
Before things are published, we look for a fix:
Remediation through patches or similar tricks.
Deploy out the changes and work toward removal
Of bugs or the process that earned disapproval.
Not much of a life! Vulns are no fun.
Though they seem to be smiling as they yell and they run.

Sunday, June 12, 2016

FIRST Conference 2016

Many of my InfoSec peers have come to Seoul to attend the 28th Annual FIRST Conference. It should be a fun, busy, and illuminating time! It is my first big conference since leaving my higher ed crew. I hope these folks will party as hard.


Welcome to FIRST!
It's time to get funky.
We've all got some problems
On our backs like a monkey.

Criminals trying to get all our goods.
(Some of them organized, some are just hoods.)
How do we share the intelligence gathered?
What are the details we found really mattered?
What are the tools that we all kinda need?
Who can we turn to when we start to bleed.
Red teams and training and policy work,
Pressos that aim to eat through the murk.

Let us get started. Just dive in and go.
Listen and share, help community grow!

Thursday, March 10, 2016

Boston Security Camp - Afternoon Session

From the afternoon session of the BC Security Camp.


REN-ISAC watches,
Threat sharing flows through their hands,
Tall trees grow stronger.

APT Experiences

Even an oyster,
Old, rotten, may have a pearl.
Must open a phish.

VirusTotal shrugs
At the malware file we found.
Wolves howl outside.

IOCs popping.
The APT evolving.
Wounded lamb crying.

Creating a Good Business Relationship Between IT and Treasury for PCI compliance

One good data breach.
Storm water breaks through a dam.
Beavers must rebuild.

Follow the money.
Stars pointing to Treasury:
A PCI map.

Sharing the burden,
Huddling against the winds
Of attestation.

Database Security

The harsh thunder booms
When audit arrives, seeking
Your database logs.

A giant mountain,
Oracle databases.
Their logs are lava.

Information flows
Meta information grows.
DBA hair grays.

Boston College Security Camp - Morning Haiku

I have the privilege of attending this year's Security Camp hosted by Boston College. This morning's presentations inspired some haiku.

Security Camp.
Talks around the camp fire.
Ghost stories, epics.

Moving to the Cloud - Resistance is Futile

Somewhere in the Cloud,
Raindrops form from falling ice.
Your data in tears.

Backups in the Cloud
Backing up backed up data.
Clouds, rain, ocean, clouds.

Acquiring clouds
And claiming them to be yours.
A game for sad fools.

Information Stewardship Governance Program 

Stewarding data,
Each piece led across the Styx
Or to calm prairies.

Understand your data:
A wolf knows all paths traveled
By each pup and prey.

Acorns stored by squirrels
Remain hidden all winter.
Come spring, they grow large.

Software Identification Tags

What should be patched when
Vulnerabilities drop?
Ask the wind and hope.

Browsing undergrowth,
Doe wishes she knew what's there,
Eating, not searching.

XML flowing,
Tagging the world that it knows.
Each leaf on each branch.

Wednesday, January 6, 2016

CVE Haiku

CVE is a useful bit of infrastructure under the US IT sector's vulnerability management machine. However humble, it is still inspirational.

CVE Haiku

CVE counting.
How many motes of pollen
Drifting o'er a field.

A home for problems:
The tree becomes much greater
When we name the leaves.

No one can tell you
What's vulnerability.
Is each fear unique?