Yes, I really said “blogosphere.” It gives me old-skool cred, don’t hate. It’s also apropos, as that was a chic term when I last wrote regularly in the public domain.
After a lengthy hiatus (clearly), I’ve decided to return to publishing my thoughts on my discipline publicly. From 2004-2010, I published my thoughts on blog.cloppert.org. Overlapping that and through approximately 2011, I was a contributing author to the SANS DFIR blog, where I published some early thoughts about “security intelligence” (before Rob Lee and I coined “CTI”), the kill chain, campaigns/intrusion sets, and what was at the time an emergent “advanced persistent threat.”
I’ve tried to pull together as much of my own materials that came to mind on this site, and assemble a sketch of some important references that I’ve found influential in my own professional development. This is a wholly insufficient list; as I think of things to add, I will do so and call them out in my blog here. I hope you find them helpful. After a few months, when I’ve assembled what I feel is a more comprehensive list of my own work as well as that of others, I’ll solicit input on what I have. For now, you can rest assured that I know it’s not there yet.
I’ll keep this first post short, and wrap up by giving a hat-tip to Crystal Bedell, who interviewed me for the cover story of the latest edition (June-July 2016) of Infosecurity Professional Magazine, (ISC2)’s official print periodical. I’ve done a number of interviews in my career, and found that journalists often have a very difficult time digesting and drawing reasonable conclusions about threat intelligence as a discipline and events that intersect it. Crystal did a fantastic job arguing for tradecraft and methodology over technology to implement threat intelligence in furtherance of network defense. I also find it amusing how – in totally independent and uncoordinated interviews – Robert M. Lee gave her perfectly complimentary comments to my own.
Until next time, happy hunting!