Daily Archives: May 15, 2018

Bejtlich Joining Splunk


Since posting Bejtlich Moves On I've been rebalancing work, family, and personal life. I invested in my martial arts interests, helped more with home duties, and consulted through TaoSecurity.

Today I'm pleased to announce that, effective Monday May 21st 2018, I'm joining the Splunk team. I will be Senior Director for Security and Intelligence Operations, reporting to our CISO, Joel Fulton. I will help build teams to perform detection and monitoring operations, digital forensics and incident response, and threat intelligence. I remain in the northern Virginia area and will align with the Splunk presence in Tyson's Corner.

I'm very excited by this opportunity for four reasons. First, the areas for which I will be responsible are my favorite aspects of security. Long-time blog readers know I'm happiest detecting and responding to intruders! Second, I already know several people at the company, one of whom began this journey by Tweeting about opportunities at Splunk! These colleagues are top notch, and I was similarly impressed by the people I met during my interviews in San Francisco and San Jose.

Third, I respect Splunk as a company. I first used the products over ten years ago, and when I tried them again recently they worked spectacularly, as I expected. Fourth, my new role allows me to be a leader in the areas I know well, like enterprise defense and digital operational art, while building understanding in areas I want to learn, like cloud technologies, DevOps, and security outside enterprise constraints.

I'll have more to say about my role and team soon. Right now I can share that this job focuses on defending the Splunk enterprise and its customers. I do not expect to spend a lot of time in sales cycles. I will likely host visitors in the Tyson's areas from time to time. I do not plan to speak as much with the press as I did at Mandiant and FireEye. I'm pleased to return to operational defense, rather than advise on geopolitical strategy.

If this news interests you, please check our open job listings in information technology. As a company we continue to grow, and I'm thrilled to see what happens next!

The CTOvision Daily: Keep your finger on the pulse of the tech world

The Daily CTOvision.com is produced for the technology executive who needs to stay in the loop on the latest in technology and concepts for applying IT to address business and mission needs. Our daily provides summaries of all reporting.  If we don’t publish it does not go out, but it is never more than once a day.

We report on: on Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, Cybersecurity and Blockchain and Cryptocurrencies.

We also provide focus on high interest topics, including Science Fiction, Entertainment, Cyber War, Tech Careers, Training and Education and Tech Tips.

To sign up for the CTOvision Daily see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Daily: Keep your finger on the pulse of the tech world appeared first on The Cyber Threat.

State of Software Security: Insight Into Government Sector Application Security And Guidance For Policy Makers

In 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of two massive data breaches. These breaches are thought to be a result of gaining valid user credentials to the systems they were hacking through social engineering, as well as through a malware package which installed itself within OPM’s network and established a backdoor. Attackers then escalated security privileges to gain access to a number of OPM systems. The first attack resulted in the theft of approximately 21.5 million records of people who had undergone background checks – though they may not have been current or former government employees. In the second breach, the personnel data of 4.2 million people had been stolen. Think: full name, birth date, home address and Social Security Number.

While there are no silver bullets for solving today’s cybersecurity problems, its clear government organizations have a long history of vulnerabilities and breaches. In fact, government organizations continue to underperform those in other industry sectors when it comes to the security of its software, according to our State of Software Security 2015 report. We continue to see the same trend year-over-year with only slight improvements. In the State of Software Security 2017 report, applications developed by government agencies remain the least secure of all industry groupings, measured by pass rate against OWASP Top 10 policy. Further, applications also had the highest flaw prevalence of any industry group for cross-site scripting (49 percent), SQL injection (32 percent), and cryptographic issues (48.3 percent). To dive deeper into the findings, please download the State of Software Security 2017: Government Sector infosheet.

There are several reasons that government software continues to be insecure, including the fact that it is still developing applications with older programming languages known to produce more vulnerabilities, and they’re not always fixing the flaws that they find. It’s also likely that the relative inability to be agile and to try new things, as a result of strict acquisition regulatory practices, prevents government engineers from implementing a DevSecOps approach to development. Certainly, the need to align with compliance requirements may not always reflect modern best practices, and may prevent procurement personnel from utilizing feedback loops and nimble, iterative processes.

Through our conversations, we understand that the government sector is trying to improve its processes and learn from the private sector. The Modernizing Government Technology Act, which was signed into law last year, has made a point of prioritizing both security and agile management practices as government looks to refresh its IT infrastructure. We also appreciate that there are many layers to the changes that need to be made, ranging from creating a culture of security to helping those in procurement to have access to the technical expertise when selecting vendors. If you work in the government sector and you’re not sure where to start with appsec, our Policy Maker’s Guide to Application Security can help get you up to speed on the basics, and provides guidance for policy makers interested in securing the world’s software.