SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, April 13, 2011

Cooking the Cuckoo's Egg

Posted on 11:57 AM by Unknown
In February I spoke at the DoJ Cybersecurity Conference. My abstract for the talk was the following:

In 1989 Berkeley astronomer Cliff Stoll wrote the most important book in the history of computer incident response, The Cuckoo's Egg. Twenty years after first reading the book, Richard Bejtlich, [then] Director of Incident Response for General Electric, re-read The Cuckoo's Egg in search of lessons for his Computer Incident Response Team (GE-CIRT). In the first ten pages, Bejtlich identified seven lessons for his team, and in the next twenty pages, ten more lessons. By the time he finished re-reading the book, Bejtlich identified dozens of lessons that are key to the incident response process, whether it's 1990, 2000, 2010, or beyond. In this presentation, Bejtlich will share the keys to professional incident response, originally documented by an unintentional computer pioneer.

Since several of you asked for the slides, I uploaded them here (.pdf, 60 slides). I don't usually use slides like this, but I told a story using screen captures from the really old NOVA episode about Cliff Stoll.
Tweet
Email ThisBlogThis!Share to XShare to Facebook
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ▼  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ▼  April (13)
      • Early Review of Ghost in the Wires
      • Review of Windows Internals, 5th Ed Posted
      • Review of Windows System Programming, 4th Ed Posted
      • Review of Windows via C/C++, 5th Ed Posted
      • Review of Beginning Visual C++ 2010 Posted
      • Review of Beginning C Posted
      • Review of Programming Amazon EC2 Posted
      • UBM Cancels GTEC, Bejtlich Considers Alternatives
      • Cooking the Cuckoo's Egg
      • APT Drives Up Bomber Cost
      • Aviation Week on China's Military Capabilities
      • Answering Questions on Reading Tips
      • Review of Web Application Obfuscation Posted
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile