M-unition -

Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff

By on January 30, 2012

Recently Mandiant hosted its first Executive Breakfast briefing event in Houston, Texas.  The event featured former DHS Secretary Michael Chertoff and me, with Michael Graven acting as facilitator.  During the two hour meeting the Secretary and I presented different aspects of digital security challenges and solutions to our attendees. We then participated in a lively question-and-answer session with Michael and the audience.  In this post I would like to mention a few topics that seemed most interesting to the participants based on their questions.

I started my talk by posing three questions to the group:

  1. What would you do if your organization received a notification from an official third party (think Federal Bureau of Investigation or a military intelligence unit) that your organization’s data was in the hands of a foreign adversary?
  2. How, and how often, do you check to see if your organization is compromised?
  3. How many incidents did your organization experience last year, and how did your time from detection to response (and containment) change during the year?

In these questions lie the core to modern digital security.  The first question relates to the fact that the vast majority of targeted persistent threat victims first learn of their plight from a third party.  If you have not experienced this situation before, the worst time to determine how you would react is when you first receive the notification!

The second question involves the difference between the current practices of checking for vulnerabilities versus the more critical, but neglected need to check for compromise.  Many organizations must regularly assess their environments to discover vulnerabilities, but unfortunately finding vulnerability means finding a theoretically exploitable flaw.  Instead, organizations should routinely and constantly evaluate their environment to find compromised systems – vulnerabilities that an intruder exercised to assert his will and accomplish his mission.

The third question represents what I believe is the key security metric for any organization.  Counting incidents and time to respond helps develop a security “scoreboard” that shows, to the best of the security team’s ability, one key aspect of how well the group is performing.   Without this data, it’s tough to know whether the security of the organization is improving or declining.  One can count many other aspects of security, but those tend to be input-centric rather than output-centric like these two measures.

Our next Executive Breakfast Briefing is scheduled for Wednesday, February 22 in Washington, DC. General Michael V. Hayden, former Director of the Central Intelligence Agency and of the National Security Agency/Central Security Service, will provide an overview of how targeted intrusions, including nation-state sponsored attackers such as the advanced persistent threat (APT) are compromising government agencies and the most sensitive corporate information and intellectual property at Fortune 500 companies across the USA.

I will also be attending this event and hope to see you there. You can register for the event here: http://www.mandiant.com/news_events/forms/dc_executive_briefing_2012

If you have any comments or questions, please post them below.

Category: The Suite Spot


    Leave a Comment

Get M-Unition in Your Inbox:

Follow @mandiant

Follow @mandiant on twitter.


From the Front Lines: It's the End of the Year as We Know It - 2014

Wed, Dec 3, 2014

2014 is drawing to a close, which means it’s time for Mandiant’s annual year-end review.

Join Richard Bejtlich, Chief Security Strategist at FireEye, Kelly Jackson Higgins, Executive Editor at DarkReading and Kristen Verderame, Chief Executive Officer at Pondera International as they share highlights from the past twelve months.

Register Today!

Career Opps @ Mandiant

We’re growing fast, but we’re as demanding as ever. Our clients come to us in their hours of need, so we need the best. That means more than just the right education and the right experience in information security.

As Mandiant continues to grow, we are able to offer certain positions in multiple locations. For details on the location(s) of each opening, please refer to the position descriptions.

Click here to view available positions.