Introduction This article describes the high-level layout of my computing infrastructure at home, facetiously called my “home cloud”. I have been operating some compute resources beyond a desktops for a long time (covering Windows Servers, SunRay setups, fiber-channel arrays, etc.),…
About this time last year I discussed my thoughts on Counterintelligence (CI) and Computer Network Defense (CND). My basic proposition then was that CND is materially identical (or – more precisely – a monomorphism) to a restriction of CI to…
This week, we made some pretty good progress toward formalizing the conceptual threat modeling work at OMG: OMG SysA Meeting On Wednesday the team presented the result of the last 3 months of work on the conceptual threat model (please…
There are a lot of organizational Tactics, Techniques, and Procedures (TTPs) in Counterintelligence (CI) that can inform more efficient Defensive Cyber Operations (DCO) or more generally Computer Network Defense (CND) 1 processes and strategies. While the mapping is not perfect,…
Here is some progress we made recently as part of the OMG threat modeling working group: in order to guide the development of the threat meta mode, we have agreed to scope the work by looking into defining specific use…
We had a number of successful meetings after the OMG Technical Meeting in December, culminating in a Kick-Off Meeting on Jan 6, 2014. At that meeting, we reviewed the current status of the project, and received great guidance and support…
At the OMG Technical Meeting in Santa Clara, CA today I presented some thoughts on creating a comprehensive model for describing information security threats. My session was hosted by the System Assurance Task Force as part of their charter to…
Yahoo has started a program where users may request to have existing account and email names transferred to them. If a requested account has not been in use for an extended period of time, Yahoo will transfer this account to…
Right now, I am looking into alternative multi-factor authentication solutions. There are the obvious contenders such as SecureID or smartcards, but they tend to be on the pricy side, especially if want to use them for your blog, your home…
Starting with the new year, I am working with Demandware as their new Chief Security Officer. In this role I will be responsible for developing and implementing a comprehensive corporate information security governance and management framework, covering all aspects of security…