The Cyber Kill Chain or: how I learned to stop worrying and love data breaches

Pulling off a heist is no easy feat – and in order to prevent theft, you best understand the plan of attack. Like any good ol’ traditional heist, there are multiple stages to consider in a cyber-attack. To help prevent…

The Pyramid of Pain

To illustrate this concept, I have created what I like to call the Pyramid of Pain.  This simple diagram shows the relationship between the types of indicators you might use to detect an adversary's activities and how much pain it will cause…

The Information Security Leader, Part 1: Two Distinct Roles, Four Fundamental Questions and Three Persistent Challenges

If you always do what you’ve always done, you’ll always get what you’ve always got.” This kernel of wisdom comes from a certain high-tech headhunter in the late 1980s, who passed it on as she was helping her candidates prepare…