Friday, August 15, 2014

Why I Love Cycling

The silent speed of a bike.
The bike is what I need it to be - a place of peace, a place of pain, a place of peace through pain.
It moves me.
There is something about the act of balancing on two wheels that brings about a sense of well being.
It is the most elegant machine man ever made.
It takes me places I wouldn't otherwise go.
Cyclists are just good people.
The rhythm of riding.
Drafting a car down 224 at 48 mph.
The easy access to endorphins a bike provides.
It gets me close to nature.
It makes me feel good.
The camaraderie of riding with friends.
The speed of a good pace line.
The climb up Wolf Creek Pass on an August evening.
The absolute heavenly feeling of coasting down an empty road with no hands and eyes closed.
The youthful, playful feeling it evokes.
The pain.
The peace.
The joy.

Help Wanted: Top-Notch Security Professionals (a manifesto...kind of)

My thoughts on what a top-notch security professional looks like. Contact me if you think you are this professional, or you want to become this professional :-)

Is expert in the field of threat intelligence and response, deeply knowledgable of a wide range of technologies and methods for collecting and acting on threat intelligence. Is expert in networking protocols. Is capable of rapidly crafting custom detection signatures to detect attacks for which no signatures exist. Is capable of creating custom threat intelligence and response systems to fill gaps where commercial systems are sub-optimal or non-existent. Is expert in identifying attacks within network traffic, effectively filtering signal from noise such that false positives and false negatives are very low. Expert in navigating complex enterprise computing and network environments. Is able to discern the magnitude of threats. Is competent in analyzing large amounts of data and building software to automate analysis.

Is self-motivated, requiring only high-level strategic direction.  Does not require day-to-day instruction. Knows what needs to be done based on the strategic objectives and actions of the threat actors and changes occurring in the environment. Initiates projects to progress the effectiveness of the threat intelligence program, inventing and enhancing threat intelligence systems and methods. These systems and methods serve as the foundation through which others fulfill collection, detection, analysis, and response work. Is a source of strong program and technical influence to others in the team. Mentors others in the team in the craft of threat intelligence and response. Has strong connections in the financial threat intelligence industry and leverages those connections to gain better intelligence and to learn better methods of threat intelligence and response. Is an effective communicator, both verbal and written.

Is highly productive in detecting and responding to threats and in creating frameworks that improve the effectiveness and efficiency in which others detect and respond to threats. Capability to rapidly context switch a must.

Typically has 10+ years in information security, with a three or more years in threat intelligence and response. Is highly competent in skills necessary for effective threat intelligence, including network routing, network protocols, system engineering, protocol analysis, attack signature development, coding, and data analysis.