Tag: Security

  • Shewhart Control Charts

    Shewhart Control Charts

    As a monitor writer, I want to alert when a value has changed quickly a lot in one direction or another, but i don’t want to set hard-coded thresholds because the value’s range is expected to slowly evolve. My goal is to get useful alerts and avoid false alarms. Examples: What It Doesn’t Do It’s…

  • You’re a CISO? That’s rough, buddy

    You’re a CISO? That’s rough, buddy

    I had the opportunity to speak candidly with several CISOs (Chief Information Security Officer) and CSOs (CISO plus physical security) at RSA this year. I heard lots about challenges, and it’s not surprising that the tenure is so short. There’s a lot to unpack in the data behind those articles, but this is a product…

  • Heisenberg’s World of Uncertainty

    Heisenberg’s World of Uncertainty

    Security analysts can’t ever be certain of what they’re seeing and not seeing. See something, do something My entire career has been in some form of “see what’s important, then do something about it.” It’s Heisenberg’s world though. Collecting and moving data has impact and cost, which can be hard to continue justifying. That often…

  • VMBlog Post on Decentralization

     linking to this piece I wrote for VMblog  Why Decentralized Work Calls for Decentralized Data

  • Security Products, Rules, and Complexity

    Security Products, Rules, and Complexity

    Security products need to detect known knowns, so they build up a corpus of rule content. This corpus grows faster than it shrinks, if it’s maintained at all: new known bad is found at a rapid clip, while software is retired from use very slowly. There are two constraints on security products’ ability to use…

  • Event Suppression Sucks

    Event Suppression Sucks

    I’ve always hated the concept of event suppression in security products. Let’s start with some definitions of suppression, and where better than product documentation? There’s two common reasons for this feature: The first: “I don’t want to see this thing in my console of actionable items because I don’t have the time, knowledge, perspective, or…

  • What Should Go Into a CMDB

    What Should Go Into a CMDB

    It’s not every day that information technology work leads you into philosophy, but designing a configuration management database will do it. Spend a little while thinking about what is known or even knowable about the services you’re trying to provide and the entities that compose them, maybe you’ll end up asking “what does existence even…

  • Two Types of Questioning

    Two Types of Questioning

     Answers to questions can easily fit into two flavors: operationalized and free-form. Classify the use cases: there’s the questions you know how to ask, and the questions you don’t know to ask yet. A question that you know how to ask is operationalized. You’re looking for yes, no, or broken, or perhaps a count. The…

  • Data Value and Volume are Inversely Proportional

    Data Value and Volume are Inversely Proportional

    In 2006, Clive Humby coined the phrase “Data is the new oil”. This is often misinterpreted as “Data powers the economy”, particularly by folks who sell data processing and storage, but it’s useful to see what someone who actually uses data says. In 2013 Michael Palmer, of the Association of National Advertisers, expanded on Humby’s…

  • Penny Wise Hardware

    Penny Wise Hardware

    Thesis: Organizations will continue to squeeze their highly paid people into the worst possible computing environments in order to block any accidental efficiency that might evolve in their organizations. Evidence to support that thesis: Of course the thesis is silly, no one really means to starve their organization. It just happens by accident, through shift…