Shameless plug: SANS Forensics/IR Summit

I will be participating in a Defense Industrial Base / Law Enforcement / Dept of Defense panel at the SANS WhatWorks Summit in Forensics and Incident Response. The topic, broadly, will be "How are government agencies and contractors responding to large scale intrusions successfully?" Even if you don't do work with or for the government, I would encourage you to attend if you happen to be at the summit. The DoD, and by extension their contractors, see the bleeding edge of new offensive techniques, often years before other commercial sectors. Law enforcement organizations, naturally, become involved and bear witness to the same. If you're interested in how large organizations defend themselves against and respond to attacks that you will likely be seeing in the future, this will hopefully be a good session to attend.

The panel spots will be filled by decision-makers and technical staff alike, from large DIB contractors to DC3 to the FBI.


Identity theft victim no. 52,000,001

No matter what lengths you go to, sometimes it's impossible to prevent identity theft. Countrywide recently disclosed that 2 million of its mortgage customers may have had their identities stolen - one of which was likely me.

Now, I've always been very paranoid about who does and doesn't get what from me, with the perhaps-naive hope that this would at least mitigate the risk. I consider myself to be well educated on the topic. But in the back of my mind, I always knew I was at risk - after all, I worked at a financial institution for years. I saw just how secure it was, and by proxy the data of its customers.

When companies such as these - whose data helps define our identities - can't secure their systems, absolutely anyone can be a victim. This is why stronger legislation and repercussions are necessary for violations: they are the only thing that will force companies' hands in taking these issues, which the public is utterly defenseless on, seriously.


Over-visualization fun

I'm a very big - nay, a huge t-shirt fan. I'll admit, I even subscribe to a t-shirt blog. If I attended meetings, it'd be an illness.

Threadless is a tee site I'm particularly fond of. While browsing their seemingly bottomless vault of shirts for sale, I came across this one. It hit home for a number of reasons.

Over the past few weeks I've struggled with the problem of visualizing a massive amount of data relating to some security incidents. This has proven a worthy endeavor not only in illustrating causality that isn't apparent in the raw data itself, but also in communicating to management various parts of the "story," letting them draw their own conclusions. I'll hopefully get to writing about a couple of techniques (no data, naturally) that have been particularly helpful in the coming weeks.

In a number of cases, the approaches I've taken have failed, most due to "over-dimensionality;" trying to cram too many variables into the diagram. What resulted was cool, but required far too much explanation - much like the visualization in this picture. The data itself in this case is likely meaningless, but it's a good example of what can result when analysts are overly ambitious in attempting to communicate findings. It's easy to do. When we understand all of the data we have, thanks to many long hours of study and analysis, we feel every detail is important because we understand its contribution. But in telling the story, guiding readers to a conclusion, or illustrating causality, many times it is necessary to gloss over detail that can be spoken to or revealed if additional questions arise.

I've found that studying Tufte's literature has been a great help in improving my skills in visualization throughout the course of this calendar year, and while I appreciated this skill before, I now realize how critical it is to this profession. I'd encourage everyone in InfoSec to find a way to sharpen their skills in data visualization. It will pay dividends in your career you didn't expect.

With special thanks to my boss for initially inspiring me to investigate this topic more thoroughly.