Dave has over 15 years industry experience. He has extensive experience in IT operations and management. Currently, Dave is a Senior Security Advocate for Akamaiand will not be participating in activities that could present a potential conflicts of interest due to this relationship. Dave is the founder of the popular security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave is also has a blog on CSO
Prior to his current role, Dave worked in the finance, healthcare, entertainment, manufacturing and critical infrastructure verticals. He has worked for a defense contractor as a security consultant to clients such as the FBI, US Navy, Social Security Administration, US Postal Service and the US Department of Defense to name a few.
When not at work Dave can be found spending time with his family, playing bass guitar and polishing his “brick of enlightenment”.
He can be reached at dlewis (at) securosis (dot) com.
This year at RSA we will no doubt see the return of Big Data to the show floor. This comes along with all the muscle confusion that it generates – not unlike Crossfit. Before you hoist me to the scaffolding or pummel me with your running shoes, let’s think about this. Other than the acolytes of this exercise regimen, who truly understands it? Say “Big Data” out loud. Does that hold any meaning for you, other than a shiny marketing buzzword and marketing imagery? It does? Excellent. If you say it three times out loud a project manager will appear,
Malware is a pervasive problem in enterprises today. It can often be insidious as hell and difficult to ferret out. But sometimes the response to a malware outbreak defies basic common sense. The CIO for the Economic Development Administration (EDA) thought a scorched earth policy was the best approach…
From the Depart of Commerce audit report (.pdf):
EDA’s CIO concluded that the risk, or potential risk, of extremely persistent malware and nation-state activity (which did not exist) was great enough to necessitate the physical destruction of all of EDA’s IT components. 20 EDA’s management agreed with this risk
Hi folks, Dave Lewis here, and it is my turn to pull the summary together this week. I’m glad for the opportunity. So, a random thought: I have made a lot of mistakes in my career and will more than likely make many more. I frequently refer to this as my well-honed ability to fall on spears.
The point? Simple.
This is a learning opportunity that people seldom appreciate. Much like toddlers, we learn to walk by mastering the fine art of the faceplant. We learn in rather short order that we really don’t care for the experience
From the BBC:
The US government has told thousands of companies to beef up protection of computers which oversee power plants and other utilities.
The action comes after a survey revealed that thousands of these systems can be found online.
The survey was carried out via a publicly available search engine that pinpointed computers controlling critical infrastructure.
This comes as little surprise. I have used Shodan and found a lot of similar issues with externally exposed systems. I spent quite a few years in that sector and have learned that there is an inherent disconnect in how control system operators
It’s just a couple days until RSA Conference 2011. Is this your first time attending the security conference in San Francisco? Having attended for a few years now I can safely say that there are some things you should take into account before you show up. First of all, download the Securosis Guide to RSA 2011 (PDF) or (ePub).
Next you need a plan. After you have completed registration, which I assume by this point you have, consider your options. When you arrive on site at the Moscone Center give yourself a good amount of time to get through registration and
Now that the media has feasted on the Stuxnet carcass, it gives me a moment of pause. What of a different perspective? I know – madness, right? But seriously, we have seen the media in a lather over this story for some time now. Let’s be honest – to someone who has worked in the SCADA community, this really is nothing new. It’s just one incident that happened to come to light.
An alternative angle to the story, which seems to have been shied away from, is under-financed but motivated agents. Technical ‘resources’ with too much free time and a