Brad Garnett

Welcome to my Digital Forensics and Incident Response (DFIR) oasis!

Digital Forensics, Incident Response, Threat Intelligence, and Information Security

Filtering by Tag: Cyber

A Leadership Journey: Part 1/n

October 20, 2022  /  Brad Garnett

Introduction

The world needs more leaders now more than ever. I serve a diverse, global, high-performing organization at a Fortune 100. Every person in my organization is a leader and I am blessed to serve them each day (team, if you are reading this…thank you! I love serving you and our mission. You inspire and motivate me each day!). Yes, everyone is a leader. YOU are a leader!

I also coach a football team where leadership is a core principle that I am teaching my players….not just Xs & Os of American football. Next, I also mentor the next generation of cybersecurity and Digital Forensic & Incident Response (DFIR) professionals. I love sharing my journey and the knowledge I have learned along the way to my mentees. I could not be more excited about the next generation of DFIR professionals. These are just several ways that I show up and look for ways to lead each day.

What is leadership?

First, let’s define leadership. Simply put, it’s a shared set of responsibilities individuals have to each other with a shared mission. Leadership is about adding value and bringing one’s strength to fill a gap, or need amongst individual(s). Think about it…the best teams in the world are collaborative, maintain high trust, and build each other up. This translates into a contagious, forward-thinking culture. As a leader of leaders, there are opportunities everyday to lean in and lead. I am at my best when I am removing obstacles for my team and allowing them to collaborate, innovate, and solve the most challenging problems. What are you doing each day to grow as a leader? Leadership requires growth, nurturing, and yes it even can be a contact sport. It requires personal humility coupled with strong professional will with the continuous desire to improve and learn from successes and missed opportunities. Spend time looking for opportunities to lean in and serve people where you share a joint mission. The world needs more servant leaders in every, single walk of life.

Focus on Opportunities

There are opportunities for every person with a beating heart to lead each day. The world (remember, we view the world in our own paradigm) needs more leaders who are unafraid to lead without a title.

When I am not leading the best DFIR organization on the planet, I enjoy coaching football, flying, and looking for opportunities to serve. I don’t spend much time on social media; however, I do spend my time reading and taking leadership reps to build this muscle. If you want to grow pick up a book and read. Daily, focused attention executed consistently over time will yield outstanding results (I promise). Get comfortable being uncomfortable if you want to grow!! You have to build your leadership muscle each day. Remember, when you are closest to a fear…you ARE growing. Don’t let your brain tell you otherwise…listen to your heart. I challenge my readers to look for daily opportunities to serve. This world is full of opportunities…now get after it and share your story!!

In the next blog post, I will further define what our responsibilities are to each other and peel back some of the finer details I’ve learned along the way.

Comment
tags / Leadership, DFIR, Football, Cyber

TEDxEvansville 2016 Speaker Selection

July 14, 2016  /  Brad Garnett

I am humbled to announce that I've been selected to speak at TEDxEvansville 2016 that will be held Saturday, October 1, 2016! I will share more information as appropriate and as the date gets closer. 

TEDxEvansville received more than 60 written idea submissions from individuals interested in speaking at this year’s event. The TEDxEvansville curatorial team narrowed that list to about 20 individuals who were invited to audition in person, where they shared their ideas and discussed how they would deliver them in an impactful way.

"The responsibility of the curatorial team is to select speakers with fresh, poignant ideas that uphold the mission of TEDx, while at the same time providing the audience with a diverse range of topics," said Jenn Schultheis, TEDxEvansville Curatorial Team Lead. “We were inspired by so many of the speaker applicants this year, making it difficult to narrow the group. Our 2016 Speakers definitely bring 'ideas worth spreading' to life."

TEDxEvansville Press Release: http://tedxevansville.com/news/tedx-evansville-announces-2016-speaker-lineup

For more information, on the awesome speaker lineup visit http://tedxevansville.com/speakers

Comment
tags / Cyber, TEDxEvansville

The Cyber FUD CrowdSpace

January 31, 2016  /  Brad Garnett

Hello Reader,

How would you like your Cyber? The continuous buzzwords and marketing spin infiltrating cyber security "products" is growing rapidly. If a company called, ACME Cyber Inc. developed a unique game-changing product, hopefully the first call would more than likely be to ACME Cyber legal counsel that regularly handles patents, trademarks, and intellectual property (If you are an entrepreneur, get a good patent attorney). (Author's Note: As a forensic consultant, I regularly work with clients and perform digital forensic examinations for IP, breach of contract, etc. If you are a small business owner, make sure you are doing something to monitor your electronic assets, as it'll save you headaches long term).

Yesterday, Brian Krebs published a very detailed report titled, "Sources: Security Firm Norse Corp. Imploding". This blog post is going to focus on what I am referring to as "The People, Process, Product Cyber Pie", with an emphasis on the cyber product FUD.

                                            Figure 1: The People, Process, Product Cyber Pie

                                            Figure 1: The People, Process, Product Cyber Pie

If you are an information security professional, who works in the trenches then "you've got this!" and you may have developed your own model.  A good friend and colleague (Brian Moran), posted an article on his blog a few weeks ago titled "Cyber Security Snake Oil". Brian M's article highlights an example and recent surge in monetizing publicly available threat intelligence data spun into "cyber product". Yesterday, Robert M Lee also published an excellent follow-up to the Krebs' article on his blog  related to threat intelligence and the lessons learned from Norse. Robert is an ICS/SCADA expert and is a SANS certified instructor. If you are doing cyber threat intelligence you should follow him.

If you are a business owner, executive, or partner it is important for you to understand capabilities and limitations of the security product your vendor is selling you. A security product is only a small piece of your overall cyber security landscape. If you are missing people (most important asset) and/or the established processes, you are doing it wrong. As a consultant, I work with clients (many of whom possess regulated data) who need IT security or forensic technology services. Depending on the case or incident, terminology and a simplistic approach are everything when a client is responding to, or investigating the matter. Whether it's verbal or written recommendations post-incident, the client wants to know what they can fiscally and practically apply to their environment, so they can prevent, or minimize the risk of "badness" moving forward. Aside from the investigatory goals, I also recommend tangible solutions that the client can implement and have a much better security posture moving forward. Every engagement is unique, or in the words of David Cowen, "an amazing adventure". It is a combination of the right people following the established process using "the product" as a tool (not the silver-bullet). Remember, it doesn't matter how many hammers you have, if you don't have people to use those hammers. The same holds true for cyber security. If you are a SBO who doesn't have the resources to obtain an internal IT security team work with a reputable IT security vendor, or contact me. Establish a process and work with these folks to compliment your security product.

Earlier, I mentioned the importance of knowing capabilities and limitations of security products. Businesses rely on trusted relationships with product vendors to ensure procurements occur and the vendor is adequately servicing their needs. Trust, but verify is very important when it comes to cyber security. Every company has many moving organizational parts that affect service levels for end-customers (i.e. your business). Cyber security vendors should be product and subject matter experts, not just product knowledgeable alone. When considering a cyber security product solution consider:

  1. Cost: How much is this going to cost me over a year? 3 years? I would encourage you to avoid long, multi-year contracts where possible. Cyber security changes daily and what might be a justifiable, long term expense today, will be an antiquated solution tomorrow. What additional costs would be involved in the implementation (e.g. training, infrastructure upgrades, etc.) and on-going maintenance? Again, work with a trusted IT security advisor.
  2. ROI: How much will this add to my bottom-line in a year? What about the intangible risks (i.e. "cyber product A" helped prevent a known attack that would've resulted in proprietary/regulated data from being stolen, which is very hard to assign a $ amount. Especially for the known unknowns, such as company's reputation, long-term viability, etc.)?
  3. Flexibility: How easy is the product to implement within your existing infrastructure? Will you be required to upgrade any existing systems within your IT infrastructure? It is important to understand current requirements and how it will effectively integrate into your existing infrastructure.
  4. Metrics: How will you measure the product's success and/or failures? Thwarting an attack would be measured as a success, but what about if it doesn't stop an attack? Does that necessarily make it a failure?  Establish qualitative and quantitative analytics for improving and controlling the overall implementation.

At the end of the day, you have to make an organizational decision on what is best for your business. Do not rely on shiny "cyber product X" alone to solve your IT security issues. When a client tells me that product X is already doing that for them, I usually encourage the client to make sure they are conversationally versed in the products capabilities and limitations. The layered security approach is what we recommend (a firewall alone isn't going to secure your network). Work with your trusted IT security advisor to implement solutions that utilize people, process, and even products. Some of the best product implementations (no endorsements) that are on the market started as internal solutions to solve complex problems, which then became productized as a solution for end-customers. 

Now, a quick word on processes as I know I've just touched on the term. No, there is not a single definition, but they could be workloads, policy/compliance implementations, training, auditing, analysis, incident response, QA/QC tasks, etc. A process can simply be defined as the things your people do to contribute to your overall cyber security posture (i.e. how are your employees {people} using your tools {product} to protect your business). 

 

Now, some light-hearted fun...

If you are charlatan and wish to opine, please visit for free Cyber Attribution Services! Or directly here.

 

In closing, don't cut corners on funding people and processes, while increasing expenditures on "shiny, cyber security products" to outsource your good, hard-working IT security folks! As the old saying goes, "don't bite off more than one can chew." If you are needing services or a consultation, please contact me.

Questions or Feedback? Leave a comment below, tweet, or contact me via email .

All the time for now folks...

Comment
tags / Information Security, Cyber, Digital Forensics