Saturday, April 22, 2017

OODA Framework for TI / DFIR / CSIR Process Engineering

THE OODA Loop ( can be used to develop workflows for TI / DFIR / CSIR, including leveraging TIMP implementations, like MineMeld (

Friday, April 7, 2017

Offensive Security vs. Enhanced (Defensive) Security

Offensive / obfuscation tools (e.g., honeypots, bastion hosts, anti-reconnaissance: Microsoft NetCease) and techniques are now gaining more attention as of late.

So, while next-generation (defensive) security tools and techniques (e.g., behavioral analytics: UBA / UEBA via Cisco StealthWatch, binary sandboxing, advanced threat protection: ATP) are all the craze, InfoSec leadership will have to address prioritization for budgets and bodies.

Said prioritization may be assisted by identifying the defense-in-depth posture, as well as the threat environment.