Discussions about cybersecurity overwhelmingly focus on the recent, which are our responses to the design and engineering decisions of the past. We are right to deal with what is in front of us, but that myopia ensures that we exercise little effort towards crafting our future. We want things to be “better” but what does that mean? Just as important: better for whom? …


This is not a post about FireEye or the breach they suffered.

This is a post about the aftermath of said breach, how it impacts what we do, and those we are trying to help.

Our work as practitioners, executives, advisors, policy-makers, developers, engineers, salespeople…everything just got harder. To the extent that what we were doing in the past worked, those approaches aren’t going to work anymore. …


Jeff Foxworthy jefffoxworthy.com

Is there a talent shortage in security? A lot of people say “yes” simply because they have a metric ton of open job reqs in one hand, and a precious few viable candidates that can meet their wild-*** requirements in the other. But the hiring dynamic is just that, and if there is any chance we can remedy the situation, it’s incumbent upon everyone involved to take a moment to view the issues through a different lens.

So with apologies to Jeff Foxworthy…

  • If your job requirements state that a candidate needs to have more years of experience in a…

BuffZone.com

What parallels can we draw from watching a storied college football rivalry, and how can we use those lessons to improve our ability to defend ourselves in cyberspace?

One of the best things about having gone to a school without sports programs beyond intramurals is that you can spend Saturdays enjoying college football without it endangering your identity (no offense season ticket holders). …


Ransomware Skull and Bones

Your city being held for ransom isn’t the worst-case scenario; what happens after may be the worst case scenario.

So much attention has been paid to “election hacking” and the like in recent years, analysts and commentators have effectively forgotten an equally if not more pressing threat to American government at all levels: ransomware. We cannot fix the reading comprehension problems and poor critical thinking skills of more than half the nation’s population in a meaningful time-frame, but we can make serious progress against those who would make us digital hostages.

Ask the average citizen in your town what they think of when they hear the words “cyberattack” and they’re probably going to talk about the virus of the…


Today’s edition of “how in the world is that possible?” I bring you the curious case of the antique shop. Well, the business is not about buying and selling antiques, its a widget (actual line of business obfuscated to protect the innocent) factory. It employs just over a dozen people, who mainly work with their hands. It is precision work, but fairly dirty. “Skilled labor” is the term I’m looking for.

No, the “antique” aspect of this business is the three computers it uses. They were procured in the early ’00s by a much larger firm, a customer of our…


Leave it to Freshman to be at the right place, at the right time, with a hammer with which to hit the nail on the head. If you don’t know what I’m referring to check out these two posts on so-called security ratings companies and their services. Go ahead, I’ll wait.

Its 2019, and while I shouldn’t be surprised at this sort of nonsense, I am. What really baffles me is that I’m not sure at which point I’m more surprised:

  • That there are people out there who think header scraping or other passive means,absent sufficient context, is data worth…

Billions of dollars are invested in new companies every year, all with the hope of being the next Facebook or Uber. Investing in security companies is up, but the amounts are still trivial when compared to more pedestrian ideas. Improving outcomes in cybersecurity investments is the mission of Alex Kreilein. A veteran of the national security and policymaking space, he puts that expertise, along with serious technical acumen, to help entrepreneurs succeed, and by extension, help us all be more secure.

Darkfield is like a number of other organizations in our field. We’re a cybersecurity accelerator. That basically means that…


Jason Healey

When most people think about cybersecurity, they think about the very technical. But there is a much more academic, even abstract, element to the field that is less widely studied or appreciated. If it is, it is often derided as not serious or practical. Jason Healey is one of the few who have operated at all levels of the field, and who believes that through study at layers above silicon, we will come up with the ideas and theories that will bring about meaningful change. After all, the computer was an idea until the difference engine was actually built.

As…


Government cybersecurity efforts are a study in contrast. It was the government that essentially invented most cybersecurity principles and practices, but it is also the source of epic failures. Brian Concannon helped to investigate cybersecurity failures both for the government and in the private sector. Having worked the same types of problems from both sides of the fence gives him both perspective and a very clear sense of what it takes to make a difference.

Being an entrepreneur, every week is a little different. This week has been all coding. I’m actually making a pivot, which is another common thing…

Michael Tanji

CxO at Senrio, Kyrus Tech, Carbon Black. Former soldier and intelligence officer. Investor and mentor.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store