Hello reader,

Welcome to another edition of Brad Bits. I am fresh off CyberLawCon, and I wanted to share my experience with you.

Executive Summary

This was the first edition of what will likely be an annual conference that brings experts together from law and cybersecurity to explore the rapid and evolving landscape of cyberlaw. Chris Krebs was the keynote speaker and addressed the following key points in his keynote as it relates to what's driving cyber risk:

• Threat Landscape: from geopolitics to cyber regulation. The complex cyber threat landscape is what keeps us up at night as professionals and how prepared our organizations are to respond to a cyber incident.

• Complexity in the Enterprise: no surprise here, and just as organizations are on a digital transformation that is in overdrive due to Gen AI, organizations’ cyber capabilities, technical debt, and business priorities are not aligned.

• Product Quality: all you have to do is read about the impact of vulnerabilities in the enterprise and how organizations are not prepared for supply chain and third-party risk. This also starts with the Secure Development Lifecycle (SDL) into building great software and great products.

• Business Priorities: IT and security teams not properly aligned with the business. For me, this was a theme throughout the conference and what we can do as practitioners to thread the needle and collaborate across the organization to ensure priorities are aligned. There was even one panel discussion from general counsel at a major technology company that discussed tips on building on those internal personal relationships in the enterprise to drive alignment.

My Key Takeaways

• Collaboration: Business is about connecting with and adding value. Collaboration across stakeholders to drive alignment, influence decisions, and deliver value is intimately connected. Collaboration and communication were themes on all the panels and how lawyers and practitioners in cybersecurity can work together. Several of the lawyer panelists discussed how they focus on being catalysts for their clients and organizations vs blocking an initiative.

• Regulatory and Enforcement Insights: From the SEC, DOJ, and CIRCIA, it was great to hear from the legal community on compliance, avoiding regulatory issues, but also some practical tips for responding to regulators.

• Emerging Tech: Generative AI was the centerpoint for emerging tech. I won't belabor this topic, but the use of Generative AI within the organization and its workforce will present legal challenges.

• Incident Response: My bread and butter. The topics ranged from attorney-client privilege, to pay or not to pay the ransom, and integrating eDiscovery capabilities for Incident Response. I have observed organizations and even the legal community cross the streams on Cyber Incident Response and eDiscovery. It was great to hear from long-time legal vets to remind attendees that these are not the same. I will say the debate between whether to complete a DFIR report, or not to complete a DFIR report nor provide mitigation recommendations continues no matter what side of the aisle you fall on. As an IR expert, I see both sides. In anticipation of litigation and depending on if a prior relationship existed, I can see why a verbal readout of any findings and recommendations may be required. On the flip side, I've had to testify in court on digital evidence before and a forensic report to refer to when I am deposed years down the road or required to testify in court, I want to refer to the forensic deliverable.

In Closing

I am grateful I was able to attend CyberLawCon last week to catch up with old colleagues and meet new folks. It's so refreshing to see the larger legal community really embed themselves in cyber and becoming a conduit to enable the business. Finally, I won't list all of my lawyer friends here, or colleagues I was able to catch up with last week in D.C., but a special shoutout to Eric P and John H for their support and putting on a great conference. Well done! Until next time...

Encore: I am considering a video blog (vlog) to go with my blog posts that would be exclusive for my followers/fans/subscribers. If you are interested, please consider joining my mailing list.

For more information on CyberLawCon, please visit CyberLawCon.com.

It has been several weeks since my last blog post. I have been staying connected, networking, reading, researching, and flying (working on my commercial pilot certificate). I recently completed jury duty, which prevented me from attending the SANS CTI Summit in Washington, D.C. last week. Today’s blog post, I am going to share with you my experience.

This was a unique opportunity, as I am typically excused during “voir dire” given my law enforcement background. Initially, I was disappointed to be selected; however, that quickly changed once the jury selection process began and the judge informed us that it was a civil trial with a brief summary of the case. I was all in.

Attorneys from both the plaintiff and defendant questioned prospective jurors, and by lunchtime, the jury had been selected. After opening arguments by both sides, we had a recess and were sequestered in our jury room. As I began to converse with my fellow jurors and learn about their backgrounds and expertise, I quickly realized the diverse perspectives and skills that each of us would bring to this case. The mission became clear, and each juror understood the weight of their responsibility while acknowledging the privilege of serving. As a U.S. citizen and registered voter, I felt a solemn duty and privilege to fulfill my oath and duties associated with jury service.

In this civil litigation case, the plaintiff, a small business owner, sought compensation for property damages allegedly caused by the defendant, the state, due to the defendant’s disregard for an automatic traffic signal. This traffic accident occurred four years ago during the pandemic, and the case presented an opportunity to examine the impact of supply chain disruptions costs and loss of revenue.

As the jury, we unanimously ruled in favor of the plaintiff in this case and determined the monetary value of the damages. Serving as the presiding juror was an honor, and I am grateful for the opportunity to serve with my fellow jurors. After reaching a verdict, I signed the verdict and informed the bailiff of our decision. Subsequently, we were assembled in the courtroom, and I presented the verdict to the bailiff, who read it aloud to the judge. Our unanimous decision was based on the evidence presented at trial and the facts of the case.

Overall, this experience provided me with valuable insights into a new functional role within the judicial system, which I can now add to my professional resume. I was particularly appreciative of the judge’s time after the verdict to speak with us in the jury room to express gratitude for our service and solicit feedback on our experience.

Are you seeking a DFIR consultant? I am available for consulting or fractional leadership roles. Whether it is an opportunity to establish or refine organizational business objectives, I am open to broader executive level opportunities. Are you new to cybersecurity or seeking guidance and mentorship to navigate your career transition? Let’s connect!

Happy New Year everyone! I hope you enjoyed your holidays with loved ones and are re-energized for the new challenges in 2025. Welcome to my first blog post of 2025. Yes, I am back to blogging after a brief hiatus, but I assure you there’s a good reason. I have been working on my "IR" (not Incident Response) while I have been in career transition. I am happy to announce that I passed my FAA Checkride a couple of days ago and I am now an instrumented rated pilot! I had pure inner joy once my DPE (Designated Pilot Examiner) advised me that I had passed. For me, it was an excellent reminder of how hard I had worked (plus all the folks supporting me), while equally humbling because the more I learn as a pilot, the more I recognize what I do not know, but that keeps pilots alive and humble. I am already working on my next rating and endorsement. Always be learning.

Shoutout to David Cowen! In case you missed it, David is back with his Forensic Lunch and is blogging again as well. David posted on LinkedIn about a blogging challenge and it was the nudge that I needed to knock the dust off this blog.

David hosted Wyatt Roersma who shared some of his research on training AI models. Checkout David's full blog post for details: https://www.hecfblog.com/2025/01/daily-blog-714-forensic-lunch-11025.html

Over the holidays, I began testing EXO Labs solution to start testing AI models on some old hardware that I have and wanted to put to use. I am wanting to build and maintain my own private model for research. You can learn more about exo here: https://github.com/exo-explore/exo

There's a lot of opportunity within DFIR to build models that can be leveraged for DF, IR, TI, and threat research.

Look for ways to truly connect with humans in 2025 and unique ways to combine your skill sets. I am looking for ways to weave and integrate my cybersecurity/ DFIR background with aviation. In the age of AI, it's more critical now than ever, to find unique ways to combine your skills across industries. That’s all for today. Off to fly!