Category Archives: Industry

Mitigating Application DoS: SecTor Conference Talk

rhuber    October 14, 2013

I was recently invited to speak at one of my favorite security conferences, SecTor in Toronto. Many thanks to Risk I/O for giving me some official time to work on this side project over the last month (side note: we are hiring!). This blog post will summarize my SecTor presentation on application Denial of Service attacks. Application DoS has seen… Read more »

Development in the Cloud, or Cumulus Capable Clowders of Cats

jro    September 10, 2013

An old colleague of mine likened managing engineers to herding cats. I’m not so sure about herding engineers, but managing development environments quickly becomes an exercise in organizing chaos. Every engineer has different needs and a different way of doing things. During a recent data-center migration we moved all of our development environments to the AWS Cloud. Since it turned out to be one… Read more »

The Security Circus Comes to Las Vegas

rhuber    July 18, 2013

The end of July will see thousands of security professionals descend on Las Vegas for another round of instruction, information, networking, sales, parties and FUD. This will be the 13th consecutive year I’ve attended at least one of BlackHat, BSides or Defcon events. It is easy to become overwhelmed with so much going on, so here are a few tips for… Read more »

Stop Putting Rocks in the Vault

rhuber    June 6, 2013

Imagine you are handed two items, a rock and a 400-troy-ounce bar of gold, and are tasked with protecting each from theft. You will spend more time considering how to secure the gold than the rock, because you know the underlying value of each. Context matters, yet vulnerability management systems often work under the assumption that all of your assets… Read more »

Open-Source Security Contributions

Mike    May 23, 2013

Today, I want to write a followup to my previous post about open sourcing security. Specifically, it focused on a TED Talk describing an amazing experiment in which a recently diagnosed Mr. Iaconesi had open sourced his medical records in an attempt to decipher his condition using the greater good of the open-source community. Obviously, cancer and security in the technology… Read more »

Data Fundamentalism

Michael Roytman    April 26, 2013

A Tale of Two Uncertainties There are fields where precision is of the utmost importance. In fields of exploration (physics, chemistry, arguably mathematics), we attempt to seek out the truths of the world around us, to get better and better models of what’s going on. In fields of manufacturing (chocolate making, farming, engine casting) precision matters because it produces better… Read more »

The Transformation of Cyber Attacks

Jacques Benkoski    March 26, 2013

This is a guest blog post by Jacques Benkoski, Risk I/O investor and Board member. A complete, global transformation of the landscape in the security software domain is underway. Countless articles have been written about how we have moved beyond the casual attacker cooking a virus for fun and/or profit to something completely different and far more dangerous to the… Read more »

Best Practices = Vanity Metrics

Ed Bellis    March 21, 2013

After recently reading a post from Gary McGraw at Cigital arguing for software security training, I became a bit frustrated with cited “evidence” and posted this out on Twitter and received a short follow up from Lindsey Smith over at Tripwire… Now let me say upfront, I have a lot of respect for Gary and his work AND actually agree with… Read more »

RSA Week Recap

Ed Bellis    March 5, 2013

Well the dust has finally begun to settle after another whirlwind week of activity around the RSA Conference. As in years past, my favorite track turned out to be the hallway track, although admittedly I didn’t get to see many of the talks and avoided the show floor most of the time. One program I was able to not only… Read more »

Register for the Risk I/O Webinar!

Andrea Bailiff-Gush    February 19, 2013

Risk I/O would like to invite you to see our vulnerability intelligence tool in action on Friday, February 22 at 11:00AM PT/ 2:00PM ET. Led by Risk I/O CEO, Ed Bellis, this webinar will provide an overview and demo of Risk I/O. Learn how with Risk I/O you can: Quickly find critical security issues through our Heads Up Display. Identify remediation that… Read more »