Security Laboratory
Welcome to the Security Laboratory. I'm Stephen Northcutt and like many of you I am a manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security as well as the people side of the job. The "Security Labratory", for you creative spellers, is an informal set of articles and whitepapers, almost a blog, about security, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Security 401 Security Essentials and the GIAC Security Essentials Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear from you. Feel free to drop us a note at stephen@sans.edu.
Click here to subscribe to the Security Laboratory Article Feed
Featured Links
- Forensics Summit 2008, Vegas : Oct 10 - 20 : Las Vegas, NV
- Monterey 2008, California : Oct 31 - Nov 6 : Monterey, CA
- San Antonio 2008 : Nov 8 - 13 : San Antonio, TX
- Vancouver 2008 : Nov 17-22 : Vancouver, BC
- Cyber Defense Initiative, DC : Dec 10 - 16 : DC, DC
- Security West 2009, Las Vegas : Jan 24 - Feb 1 : Las Vegas, NV
Security Laboratory: Thought Leaders
Chris Pogue, Senior Security Analyst
Created July 8th, 2010
By Stephen NorthcuttChris Pogue is a Senior Security Analyst for the Spiderlabs Incident Response and Digital Forensics team at Trustwave. He has over ten years of administrative and security experience including three years on the IBM ISS X-Force Emergency Response Services Team, five years with IBM’s Ethical Hacking Team, and 13 years of Active Military service in the US Army Signal Corps.
John Kanen Flowers
Created May 26th, 2010
By Stephen NorthcuttJohn is a truly unique security thought leader. He has been involved in a number of start ups and is currently working on something fairly radical カネ|box (or kane|box).
Kees Leune, Leune Consultancy, LLC
Created February 13th, 2010
By Stephen NorthcuttKees has made many contributions to the information assurance community, but one, the use of rubrics to help guide the peer review of GIAC Gold papers means a lot to me. It means a lot to you as well, because it created a state change for higher quality in the Gold program. So those of us at the Security Laboratory are excited that he has chosen to be a part of the SecurityThought Leadership Project.
Joel Yonts, CISO
Created February 12th, 2010
By Stephen NorthcuttJoel Yonts is a seasoned security executive with a passion for information security research.He has over 20 years of IT experience with certifications in the areas of Security Leadership, Computer Forensics, Malware Analysis, Incident Handling, and Reverse Engineering. His research interests include malware analysis and defense, computer forensics, and enterprise security.
Maury Shenk, TMT Advisor, Steptoe & Johnson
Created January 31st, 2010
By Stephen NorthcuttMaury Shenk, TMT Advisor at Steptoe and Johnson, working with a focus on intellectual property, information security and encryption issues, has agreed to be interviewed for the Security Thought Leadership project, Maury has also recently embarked on a consultancy business to build on new approaches for realizing value in technology and intellectual property He has agreed to be interviewed for the Security Thought Leadership project, and we certainly thank Maury for his time.
Chris Wysopal, CTO, Veracode
Created January 27th, 2010
By Stephen NorthcuttVeracode’s CTO and Co-Founder, Chris Wysopal, was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers and a member of L0pht Heavy Industries, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is the author of “The Art of Software Security Testing” published by Addison-Wesley.
Amir Ben-Efraim, CEO, Altor Networks
Created November 25th, 2009
By Stephen NorthcuttAmir Ben-Efraim, CEO and co-founder of Altor Networks has agreed to be interviewed for the Security Thought Leadership project. His company's booth at RSA2009 piqued my interest because they deal with one of my favorite subjects, Defense-in-Depth, but specifically in the virtual environment.
Ed Hammersla, COO, Trusted Computer Solutions
Updated November 19th, 2009
By Stephen NorthcuttVersion 2.0
Ed Hammersla has a background in trusted systems, as in the Orange Book. He understands the mechanics of low to high information transfer.
What is a Security Thought Leader
Updated November 18th, 2009
By Stephen NorthcuttWith the Security Thought Leader project Stephen hopes to introduce you to some really great men and women. A security thought leader can be defined by certain criteria: a person who is recognized by their peers as a thought leader, who passes their information on to help others, who has innovative ideas, and who shares ideas as actionable distilled insights.
Amit Klein, CTO, Trusteer
Created September 27th, 2009
By Stephen NorthcuttAmit Klein, CTO of Trusteer, a provider of web browser security technology, tells us about himself and his current project, Rapport. It is designed to secure online transactions between compromised desktops and trusted financial websites.
Framework for Security Thought Leader Interview
Created August 26th, 2009
By Stephen NorthcuttStephen could certainly use your help in finding security thought leaders. If you know someone special that has made a major contribution to the field, please download our Security Thought Leader Interview framework, we'd love to learn more about them.
An Interview with Ron Gula from Tenable about the role of a vulnerability scanner in protecting sensitive information
Updated August 13th, 2009
By Stephen NorthcuttVersion 2
Tenable's Ron Gula gives us an update on Nessus which now performs many of the industry standard web application tests such as SQL injection and Cross Site Scripting analysis. This, combined with Tenable's database, application and operating system configuration audits, can provide a much deeper form of analysis than pure black-box testing.
A. N. Ananth, CEO, Prism Microsystems, Inc.
Created August 7th, 2009
By Stephen NorthcuttA.N. Ananth, CEO of Prism Microsystems, Inc. was one of the original architects of the EventTracker product offering, Prism’s enterprise log management solution.
Lance Spitzner, The Honeynet Project, founder
Updated May 11th, 2009
By Stephen NorthcuttLance Spitzner of Honeynet fame has agreed to a Thought Leadership interview and we certainly thank him for his time.
Ivan Arce, CTO of Core Security Technologies
Updated May 6th, 2009
By Stephen NorthcuttVersion 1.1
Ivan Arce, Chief Technology Officer of Core Security Technologies, sets the technical direction for the company and is responsible for overseeing the development, testing and deployment of all Core products. He talks with us here about the recent update to their product to include web application testing, the latest web attack techniques, and his security philosophy.Jeremiah Grossman, Founder and CTO of WhiteHat Security
Updated April 24th, 2009
By Stephen NorthcuttJeremiah Grossman, founder and CTO of WhiteHat Security, talks with Stephen Northcutt about the state of web application security as well as WhiteHat's approach to website vulnerability assessment and management.
Mike Yaffe, Director of Product Marketing, Core Security Technologies.
Created April 15th, 2009
By Stephen NorthcuttMost of the interviews that we have done in this series have been focused on technical people, but we believe Mike Yaffe is a game changer.
Chris Petersen, Chief Technology Officer, LogRhythm
Created March 13th, 2009
By Stephen NorthcuttChris gives us his vision on the current state of log and event management as well as some specifics about LogRhythm.
John Pirc, IBM, ISS Product Line & Services Executive: Security and Intelligent Network
Created February 17th, 2009
By Stephen NorthcuttJohn Pirc from IBM's Network Security Solutions has agreed to be interviewed by the Securitylab; we certainly thank him for giving us his time to discuss security and the Intelligent Network.
Leigh Purdie, InterSect Alliance, co-founder of Snare: Evolution of log analysis
Created January 28th, 2009
By Stephen NorthcuttWe asked Leigh Purdie if he would give us an update on Snare and log analysis, as a follow to our interview with him in March, 2008, and we certainly thank him for his time.
Bill Worley, Chief Technology Officer, Secure64 Software Corporation
Created December 9th, 2008
By Stephen NorthcuttAt larger conferences, the SANS Institute has a vendor show, and I like to attend to find out about new companies and new technology. There was a vendor at our last show in Las Vegas, Secure64. I had never heard of them, so I wandered over and we had a great chat. They are a DNSSEC vendor who sells a product based on the HP Itanium architecture. The more they talked, the more I learned about an incredible guy, a security thought leader named Bill Worley, so please let me introduce you to Bill.
Doug Brown, former Manager of Security Resources, University of North Carolina at Chapel Hill
Created October 30th, 2008
By Stephen NorthcuttOne of the important concepts that we want to explore in security thought leadership is the idea of group or team thought leadership. And so we are looking for examples of teams that exhibited security thought leadership. Doug Brown, former Manager of Security Resources, University of North Carolina at Chapel Hill, was on a team that exhibits many of the characteristics of security thought leadership.
Amrit Williams, Chief Technology Officer, BigFix
Created June 30th, 2008
By Stephen NorthcuttAmrit Williams, Chief Technology Officer at BigFix, was formerly a research director in the Information Security and Risk Research Practice at Gartner, Inc. He is certainly a security thought leader and if you have not been introduced to him before, we are sure you will find he has some interesting out of the box opinions.
Andrew Hay, Q1 Labs
Created May 13th, 2008
By Stephen NorthcuttAndrew Hay, one of the authors of the popular OSSEC Host-Based Intrusion Detection Guide and upcoming Nagios 3 Enterprise Network Monitoring book has agreed to be interviewed for the SANS Security Thought Leader series.
Gene Schultz, CTO of High Tower
Created April 4th, 2008
By Stephen NorthcuttThe Security Laboratory is pleased to interview Dr. Gene Schultz, one of the most experienced security practitioners in the field.
Tomasz Kojm, original author of ClamAV
Created April 3rd, 2008
By Stephen NorthcuttTomasz Kojm is the original author of ClamAV, an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.
Bill Johnson, CEO TDI
Created April 2nd, 2008
By Stephen NortcuttBill Johnson, CEO TDI, was the first person in the industry, that I am aware of, to sound the clarion call that we might be vulnerable to attacks via the Baseboard Management Controller (BMC). That certainly qualifies him as a security thought leader, and we thank him for his time.
Gene Kim, Tripwire
Created March 14th, 2008
By Stephen NorthcuttGene Kim is one of the original authors of Tripwire, a software product used to manage configurations and change. Gene is willing to share his thoughts on virtualization with the Security Laboratory thought leadership series, and we certainly thank him for his time!
Kevin Kenan, Managing Director, K2 Digital Defense
Created March 14th, 2008
By Stephen NorthcuttImperva and a few other vendors are starting to understand the importance of database security and release product, but Kevin Kenan, Managing Director, K2 Digital Defense picked up on this long ago.
Leigh Purdie, InterSect Alliance, co-founder of Snare
Created March 7th, 2008
By Stephen NorthcuttPerhaps, one of the hottest topics in 2008 is log file analysis (who would have guessed). And while the commercial tools are getting a lot of the press, an open source and also commercial tool is ending up on a lot of systems. It is called Snare and Leigh Purdie is the thought leader behind the project. He has been willing to invest the time for a thought leadership interview with the Security Laboratory
Marty Roesch, Sourcefire CEO and Snort creator
Created February 26th, 2008
By Stephen NorthcuttI keep thinking about the news reports that Chinese hackers managed to exfiltrate six terabytes of sensitive data from a large number of systems belonging to the Department of Homeland Security in November 2007. It seems like that would be impossible to do without being detected. But, I have to wonder, since the famous Richard Stiennon paper, Intrusion Detection is Dead, organizations have been replacing IDS with IPS, and maybe, just maybe, they think the devices do their job in some kind of "fire and forget" mode. Sourcefire was kind enough to allow me to interview Snort creator and Sourcefire CEO Marty Roesch on this topic.
Dr. Anton Chuvakin, Chief Logging Evangelist with LogLogic
Created January 28th, 2008
By Stephen NorthcuttDr. Anton Chuvakin from LogLogic is probably the number one authority on system logging in the world, and his employer is probably the leading vendor for logging, so we appreciate this opportunity to share in his insights.
Kishore Kumar, CEO of Pari Networks
Updated January 28th, 2008
By Stephen NorthcuttOne of the ongoing research projects in the Security Laboratory is to work with the thought leaders in information security to get an understanding of their vision for our industry. We have recently had the honor of working with Kishore Kumar, CEO of Pari Networks, and we certainly thank him for his time.
Interview with Dr. Robert Arn, CTO of Itiva
Created November 1st, 2007
By Stephen NorthcuttThe Leadership lab came across an interesting company, Itiva. Their CTO, Dr. Robert Arn, was kind enough to share his time and thoughts with our readers, and we certainly thank him for his time.
Interview with Charles Edge
Created September 15th, 2007
By Stephen NorthcuttCharles Edge talks with Stephen Northcutt about security issues in the Mac world; even though the core OS is pretty safe, there are vulnerabilities that every Mac user should be aware of.
Mike Weider, CTO for Watchfire
Updated July 23rd, 2007
By Stephen NorthcuttStephen Northcutt interviews Mike Weider, CTO of Watchfire, regarding recent trends in web app vulnerabilities as well as his company's solutions for web application security.
Interview with authors of The Art of Software Security Assessment
Updated July 9th, 2007
By Stephen NorthcuttThe Leadership Laboratory recently posted a book review of The Art of Software Security Assessment. The book raises a number of issues that we would love to explore further and the authors, Mark Dowd, John McDonald and Justin Schuh have graciously agreed to an interview. One section was titled Code Auditing and the Development Life Cycle and we used that as the basis of the interview.
Ryan Barnett, Director of Application Security Training at Breach Security, Inc.
Created June 29th, 2007
By Stephen NorthcuttRyan Barnett, Director of Application Security Training at Breach Security, Inc. talks with Stephen Northcutt about the current state of web application security.
Dinis Cruz, Director of Advanced Technology, Ounce Labs
Created June 11th, 2007
By Stephen NorthcuttDinis Cruz, Director of Advanced Technology for Ounce Labs, talks with Stephen Northcutt about the many facets of OWASP, as well as the important questions that need real answers in order to develop secure web applications.
Brian Chess, Chief Scientist for Fortify Software
Created June 9th, 2007
By Stephen NorthcuttBrian Chess, Chief Scientist for Fortify Software, talks with Stephen Northcutt about static analysis and other web application security solutions.
Caleb Sima, CTO for SPI Dynamics
Updated May 29th, 2007
By Stephen NorthcuttStephen Northcutt interviews Caleb Sima about the development of Caleb's company, SPI Dynamics, and the increasing need for solutions for web application security.
An Interview with David Hoelzer, author of DAD, a log aggregator
Created May 1st, 2007
By Stephen NorthcuttAn interview with David Hoelzer describing DAD, an open source Windows event log and syslog management tool that allows you to aggregate logs from hundreds to thousands of systems in real time.
