Posted in Badstone, Bright Shadows, Challenges, DVL, DVWA, Date Sets, De-ICE, Enigma, Forensics, HBH, HTS, Hackerdemia, ISC, Moth, Mutillidae, Network Warfare, OWASP, OpenPacket.org, OverTheWire, StS, Vulnerability, Wargames, Web Application, WebGoat, pWnOS, pcapr, w3af on Aug 23rd, 2009
Security training is very important for any organization. When developing a training program, do not forget about the security staff. I am all for sending people to SANS and other company’s security courses. Once your people come back, how will they practice what they have learned? Hopefully, everyday at work does not involve tracking inventive [...]
Read Full Post »
Posted in Aneesh Chopra, CCE, CPE, CVE, CVSS, Cloud Computing, IDS, Management, Metrics, NCP, NIST, OVAL, Policies, Risk, SCAP, Vulnerability, XCCDF on Aug 9th, 2009
“While the NSA has a great red-team (think pen-test) capability, they had a major change of heart and realized, like the rest of the security world (*cough* Ranum *cough*), that while attacking is fun, it isn’t very productive at defending your systems – there is much more work to be done for the defenders, and [...]
Read Full Post »
Posted in ANL Federated Model, Bro, CAMNEP, CPP, Defense in Depth, IDS, Reputation, Risk, SlideCasting, SlideShare, Snort, TVA, Trust Management, Visualization, Vulnerability on Jun 6th, 2009
This week I had the pleasure of presenting two talks at the National Laboratories Information Technology (NLIT) 2009 Summit held in Oak Ridge, TN. Everyone involved was great and I had a fun time. Since the presentations have been posted to the NLIT site, I am free to post now.
The original [...]
Read Full Post »
