Menu

Blogs

Showing Blog Posts: 1–10 of 47 by Gib Sorebo

Gib Sorebo

Gib Sorebo

Chief Cybersecurity Technologist, Leidos

  • Why Study Cybersecurity?

    by Gib Sorebo on September 4, 2016

    Recently, I started exploring ways I could be a stronger advocate for a course of study and a career in cybersecurity to students at the University of Chicago, my alma mater. For many attending elite schools, careers in anything information technology strike many as too vocational. In fact, for years, the University of Chicago didn’t even offer an undergraduate degree in Computer Science. …

  • Detecting Attacks Takes More Than Just Having the Latest Tools

    by Gib Sorebo on April 27, 2016

    In this fascinating Peer2 Peer session How Do You Detect Attacks? participants representing enterprise customers, product vendors, and service providers all weighed in on some of the challenges they face detecting attacks. Many were monitoring their networks 24/7 with either in-house staff or managed security services providers. While there was some critique of the products they used and their…

  • There is Such a Thing as Security Return on Investment: Well, Sort of

    by Gib Sorebo on March 1, 2016

    Having spent a fair amount of time with critical infrastructure operators, I’ve gotten used to the groans and eye rolls I receive when I try to explain why they need to spend more money on cybersecurity. Whether it’s to satisfy a compliance requirement or to reduce the risk of a cyber attack by some incalculable amount, the common perception is that we’re getting in the way of a profitable…

  • Why Threat Matters for Critical Infrastructure

    by Gib Sorebo on December 15, 2015

    As the drumbeat of cybersecurity breaches seems ever-present in the media, we’re starting to see some real attention being paid to this function in a number of verticals, and a willingness to go beyond their regulatory compliance obligations. For example, large retailers have reorganized their security teams and made significant investments in personnel and technology. Healthcare organizations, …

  • Getting “Eyes on the Glass” for Critical Infrastructure

    by Gib Sorebo on January 29, 2015

    It’s sort of ironic that the sector with the most 24x7 control rooms, still struggles with monitoring for cyber attacks. However, the critical infrastructure sectors, for the most part, change slowly. And while they have always appreciated the need to monitor operations around the clock, those operations had been largely self-contained with limited exposure to outside networks. Consequently, …

  • The Sorry State of Cybersecurity Threat Intelligence

    by Gib Sorebo on January 21, 2015

    During the opening montage of every Law and Order episode is the statement (by now probably burned into all our collective consciousness): “In the criminal justice systems there are two separate yet equally important groups, the police who investigate crimes and the district attorney who prosecutes the offenders. These are their stories.” What is typically left out of both the TV show and the real…

  • Are You Building a Cybersecurity Ecosystem or Just a Bunch of Controls?

    by Gib Sorebo on January 14, 2015

    With all the emphasis on cybersecurity frameworks over the last couple years, it probably shouldn’t surprise anyone that a lot of organizations find themselves working off checklists of cybersecurity controls that they assume will give them better security. What is often missed is that these controls need to work together as an integrated system. For thousands of years, we’ve understood this in…

  • What the Sony Hack Means for Critical Infrastructure

    by Gib Sorebo on January 8, 2015

    Given the number of major breaches making the news, not only do they begin to blur together, but it also becomes easy to underappreciate the significance of each one. The Sony hack may have gotten lost in the crowd if it weren’t for the way Sony responded, by cancelling or postponing the release of “The Interview.” Moreover, the source of the attack was not some garden variety criminal hacker or…

  • No ROI Means No Priority: The Fallacy of Why Cybersecurity Doesn’t Get the Attention It Deserves

    by Gib Sorebo on October 13, 2014

    For years, cybersecurity professionals and many IT specialties have lamented that our concerns don’t get enough attention and (more importantly) funding from senior management. We complain that we’re relegated to one of many back office functions like procurement, human resources, or facilities, functions that we, ironically, treat with the same level of boredom and disdain that we feel are…

  • The Internet of Things: The Death of General Purpose Computing?

    by Gib Sorebo on September 29, 2014

    Ever try to send a text from your laptop while you’re on the go? Theoretically you could with the right hardware and software, but why would you? Laptops aren’t meant to be that mobile or that convenient. The text message, with its 140 character limit, was the quintessential application, and for a while the only one, for cell phones. Similarly, the thought of writing a ten page document on a…

This document was retrieved from https://www.rsaconference.com/blogs/by/21/sorebo on Thu, 29 Sep 2016 18:05:47 -0400.
© 2016 EMC Corporation. All rights reserved.