Menu

Blogs

Showing Blog Posts: 1–10 of 44 by Gib Sorebo

Gib Sorebo

Gib Sorebo

Leidos

  • Why Threat Matters for Critical Infrastructure

    by Gib Sorebo on December 15, 2015

    As the drumbeat of cybersecurity breaches seems ever-present in the media, we’re starting to see some real attention being paid to this function in a number of verticals, and a willingness to go beyond their regulatory compliance obligations. For example, large retailers have reorganized their security teams and made significant investments in personnel and technology. Healthcare organizations, …

  • Getting “Eyes on the Glass” for Critical Infrastructure

    by Gib Sorebo on January 29, 2015

    It’s sort of ironic that the sector with the most 24x7 control rooms, still struggles with monitoring for cyber attacks. However, the critical infrastructure sectors, for the most part, change slowly. And while they have always appreciated the need to monitor operations around the clock, those operations had been largely self-contained with limited exposure to outside networks. Consequently, …

  • The Sorry State of Cybersecurity Threat Intelligence

    by Gib Sorebo on January 21, 2015

    During the opening montage of every Law and Order episode is the statement (by now probably burned into all our collective consciousness): “In the criminal justice systems there are two separate yet equally important groups, the police who investigate crimes and the district attorney who prosecutes the offenders. These are their stories.” What is typically left out of both the TV show and the real…

  • Are You Building a Cybersecurity Ecosystem or Just a Bunch of Controls?

    by Gib Sorebo on January 14, 2015

    With all the emphasis on cybersecurity frameworks over the last couple years, it probably shouldn’t surprise anyone that a lot of organizations find themselves working off checklists of cybersecurity controls that they assume will give them better security. What is often missed is that these controls need to work together as an integrated system. For thousands of years, we’ve understood this in…

  • What the Sony Hack Means for Critical Infrastructure

    by Gib Sorebo on January 8, 2015

    Given the number of major breaches making the news, not only do they begin to blur together, but it also becomes easy to underappreciate the significance of each one. The Sony hack may have gotten lost in the crowd if it weren’t for the way Sony responded, by cancelling or postponing the release of “The Interview.” Moreover, the source of the attack was not some garden variety criminal hacker or…

  • No ROI Means No Priority: The Fallacy of Why Cybersecurity Doesn’t Get the Attention It Deserves

    by Gib Sorebo on October 13, 2014

    For years, cybersecurity professionals and many IT specialties have lamented that our concerns don’t get enough attention and (more importantly) funding from senior management. We complain that we’re relegated to one of many back office functions like procurement, human resources, or facilities, functions that we, ironically, treat with the same level of boredom and disdain that we feel are…

  • The Internet of Things: The Death of General Purpose Computing?

    by Gib Sorebo on September 29, 2014

    Ever try to send a text from your laptop while you’re on the go? Theoretically you could with the right hardware and software, but why would you? Laptops aren’t meant to be that mobile or that convenient. The text message, with its 140 character limit, was the quintessential application, and for a while the only one, for cell phones. Similarly, the thought of writing a ten page document on a…

  • Can’t We Just Learn to Share?

    by Gib Sorebo on July 25, 2014

    It seems that lesson about sharing we all learned in kindergarten appears to be front and center in the debate about information sharing as it relates to cybersecurity vulnerabilities, threats, incidents, and who knows what else. In its perpetual desire to appear to be doing something about cybersecurity, Congress has once again embarked on another ill-fated effort to pass cybersecurity…

  • HITRUST or High Risk? The Health Information Trust Alliance’s Common Security Framework

    by Gib Sorebo on May 14, 2014

    Over the last few months, I’ve written frequently about cybersecurity frameworks, such as the new Framework for Improving Critical Infrastructure Cybersecurity. As a way to generate discussion, engage a non-technical audience, and serve as a starting point for tackling an organization’s cybersecurity risks, it is a useful document. But as its authors readily admit, it is not intended to be a…

  • The Cybersecurity Skills Gap: A Real or Manufactured Crisis?

    by Gib Sorebo on May 5, 2014

    Over the last few years, we’ve been bombarded with messages proclaiming a cybersecurity skills gap and associated statistics of positions going unfilled. For example, Cisco’s Annual Security Report estimated there were more than a million unfilled positions for security professionals world-wide. The Defense Department has said it plans to triple the number of “cyberwarriors” it employs by 2016 to…

This document was retrieved from http://www.rsaconference.com/blogs/by/21/sorebo on Tue, 09 Feb 2016 00:31:40 -0500.
© 2016 EMC Corporation. All rights reserved.