Ad hoc operations in the SOC can lead to pain | Me on IDG.TV

June 17th, 2016 § Comments Off on Ad hoc operations in the SOC can lead to pain | Me on IDG.TV § permalink

At CircleCityCon, CSO’s Steve Ragan chats with Paul Jorgensen, host of the PVC Security Podcast, about ad hoc processes within many security operations centers (SOCs) and how organizations can prevent these types of mistakes.

Source: Ad hoc operations in the SOC can lead to pain | IDG.TV

I relished talking with Steve Ragan at CircleCityCon in Indianapolis last weekend (Saturday 11 June 2016). He recorded us in a bite-sized elevator-pitch of a summary of a key point or two of my talk, “Top 10 Mistakes in Security Operations Centers, Incident Handling, and Incident Response”.

Yes, our first take failed. We were joined then by Chris Maddalena, my co-host from the PVC Security podcast. Chris couldn’t be bothered to join us for the redo, probably because he was busy winning the whole conference or something.

Not only was I moments away from my talk as Steve mentioned in the open; I left straight from my session to the airport en route to Tokyo for work. You can’t see my luggage lurking behind me in the video.

Many thanks to Steve and for having me on. It was fun, deja vu included.

p.s. – I think the rhyme in the title could have been exploited more #justsayin

Interim Symantec President Says Things, Causes Space/Time Rift To Open

June 17th, 2016 § Comments Off on Interim Symantec President Says Things, Causes Space/Time Rift To Open § permalink

Symantec will be filling an important product gap with its acquisition of Blue Coat Systems, Symantec’s interim president and chief operating officer Ajei Gopal said in an interview with Dark Reading this week.

Source: Symantec’s Purchase of Blue Coat Fills Critical Product Gap, Interim President Says


Symantec was smart to buy my company, Blue Coat, and install me as the new president and CEO of Symantec. And as I’m the new Symantec head honcho I agree with the comments made by the former president and CEO of Blue Coat, the company Symantec just acquired.

And thus the PR multiverse folded in upon itself.

Presentation: Top 10 Mistakes in SOC, IH & IR from @CircleCityCon

June 12th, 2016 § Comments Off on Presentation: Top 10 Mistakes in SOC, IH & IR from @CircleCityCon § permalink

Me at @circlecitycon 2016

Here is the PDF with speaker’s notes of my CircleCityCon 2016 talk: Top_10_SOC_CCC2016

The video of my talk is here.

I thoroughly enjoyed speaking at the conference. Thank you to the audience, who were fantastic. I would be remiss if I did not also thank the CCC organizers for bestowing the honor of speaking upon me.


Weekly Review: week ending 04 June

June 4th, 2016 § Comments Off on Weekly Review: week ending 04 June § permalink

Here’s me returning to the weekly review habit.

I had a busy week, my second in a two-week business Tokyo trip. I found, and my colleagues helped me find, plenty of time for personal fun time.

The first bit of fun I found on Sunday. I wandered through various Tokyo districts recommended to me:

  • Yushima & Nezu, both near to Ueno
  • Ochanomizu & Bunkyo, both near Akihabara
  • Kagurazaka, near central Tokyo

A list rundown isn’t necessary as all five neighborhoods were quaint, quiet, and places I can see myself living. Next trip I’ll check out other options.

The biggest news has to be the trackball I found. It’s made by Elecom, a company lacking a great reputation. Yet they offer what’s essentially a wireless Microsoft Trackball Explorer with extra buttons!

Fixing my return flights is best described as nightmarish. Delta and SkyTeam better integrate their systems than American and the oneworld partners. Topping it off, when I stopped in at the Admirals Club at NRT they wouldn’t take my Alaska Airlines Boardroom membership for lounge access. I purchased my ticket on American. I had a connecting American flight. However, according to their rules I should only gain access if I’m flying on AA metal. The lounge staff was fantastic and granted me access anyway PLUS addressed my seat assignment issue.

I cleared out my expense backlog, long overdue.

I presented my IBM Watson Summit Japan talk about hybrid SOC & cloud technology for about 60 colleagues. I presented a proposal pitch to a customer. Both proved successful and interesting (for me, anyway).

Colleagues pulled me into new customer opportunities. My “dance card” is full. That is a good state of being for a consultant.

The Security Culture Conference in Oslo was the victim of this demand. I have to return to Tokyo the same week. Hard to be in two places at once when you’re not anywhere at all, let alone if they’re on opposite sides of the globe. I had a whole week of vacation around the event planned.

Seated next to me on the flight to ORD was a fun 4 year old girl who slept less than her mom did. She, the girl & not the mom, talked to the videos she watched and had trouble sitting still. The poor fellow in front of the girl received the abuse of pushing-feet-on-the-seat. I enjoyed the extra elbow room.

O’Hare is a miserable airport. It reminds me of a quote from “The Silence of the Lambs” movie I’ll paraphrase: “It’s like the elaboration of a bad joke”. It also reminds me of Zork: “You’re in a maze of twisty passages, all alike”. The Admirals Club lounge is old, crowded, and dirty. The staff is nice enough. The remodel cannot come quickly enough.

When I arrived in Detroit there were no Uber cars available. I took a taxi with a driver new to the city, a bad situation when dozing off constantly (me, not the driver).

Ending on a positive note, the weather is nice.

IBM Watson Summit 2016 Japan Talk: Building a Next Generation SOC on Hybrid Cloud

May 26th, 2016 § Comments Off on IBM Watson Summit 2016 Japan Talk: Building a Next Generation SOC on Hybrid Cloud § permalink


The event organizers honored me with an invitation to speak at the IBM Watson Summit 2016 here in Tokyo. My talk, Building a Next Generation SOC on Hybrid Cloud, was (I think) well received.

The talk covered many items: why we build these things called SOC; what is the next generation of SOC; how can we move toward it; how can we leverage a hybrid model and cloud tools to enable the transition. I can’t share the deck. The presentation was not recorded, though cameras captured me in action quite often. Glad I was looking sharp!

It’s been a while since I presented with simultaneous translation into another language. The translators were great. By all accounts they captured not only my words but a bit of my passion and energy.

I’m not sure how my audience received the message. Crowds didn’t up and leave. No one fell asleep, something of a victory for a 4PM talk on day 3. About 130 of an expected 200 showed up. All in all, I think it went well.

I wish there was a question and answer session or a time for Sato-san and me to answer questions one-on-one.

I want to thank my colleague, Sato Takuya, for introducing me and closing out the session. I wish I knew the names of the translators to talk them by name as well.

p.s. – If you are an event organizer and you chose lanyard-attached name tags, please print the information on both sides of the insert card!

Big TWC outage: Fiber cuts take out service for 750,000 in NYC area | Ars Technica

May 10th, 2016 § Comments Off on Big TWC outage: Fiber cuts take out service for 750,000 in NYC area | Ars Technica § permalink

I like how the construction crew waited for my trip to NYC to cut the lines.

Accidental fiber cuts caused by construction workers took out telecommunications service for more than 750,000 customers in the New York City area yesterday.

There’s a technical term for this: fiber-seeking backhoe.

The fiber cuts hit the network of Level 3, an Internet backbone provider, and lasted for hours before being fixed. Problems hit several states: customer reports on DownDetector indicate that outages primarily affected Time Warner Cable (TWC) in New York and Cox Communications in large parts of Connecticut and Rhode Island and small parts of Massachusetts. Level 3’s network serves both TWC and Cox.

Think about this for a moment – one local event impacted people and businesses in 4 states. Remember, Level 3 is an Internet backbone provider. More than cable TV runs over their infrastructure.

The most specific outage numbers came from New York. The New York Department of Public Service (NYDPS) issued a statement saying that “more than 750,000 customers in the New York City area were unable to complete telephone calls.” Most or all of those customers are apparently Time Warner Cable users. Internet and TV service was also affected.

Level 3 confirmed the outage, telling CNN and other media outlets, “Our network is experiencing service disruptions affecting some of our customers with operations in the Northeastern United States due to a fiber cut caused by third-party construction. Our technicians are on site and working to restore service.” Time Warner Cable said the outage was caused by “multiple fiber cuts at one of our network providers.”

The NYDPS statement noted that Level 3 provides service to both TWC and Verizon in New York. But Verizon’s network did not suffer any problems related to the Level 3 trouble yesterday, a Verizon spokesperson told Ars.

Source: Big TWC outage: Fiber cuts take out service for 750,000 in NYC area | Ars Technica

Back in my Network Manager days my team and I spent a lot of effort making as certain as possible our major links – primarily our backbone and Internet connections – were truly redundant and diverse. Not only would we rarely rely upon a single provider (and Level 3 was one of those) but we would require geographic diversity as well.

For example, when I procured redundant backbone connectivity for a co-location center in Detroit, one circuit came from the East around Lake Erie and the other came from Chicago in the West.

In order to achieve this I worked hard on the contract language to place my employer in the best position possible while my engineers made sure the providers understood and deployed what we ordered. Even then, you never know when some rerouting might occur where once diverse paths now traverse a single MUX in an out-of-the-way unstaffed switching station.

Setting aside such edge cases, it is not only possible but the responsibility of an organization to make sure there’s as much Redundancy, Diversity, Reliability, Depth, and Simplicity (RDRDS) in the environment as practical without breaking the bank.

The Role of Highways in American Poverty

May 3rd, 2016 § Comments Off on The Role of Highways in American Poverty § permalink

If part of a body is sick, the whole body can’t be healthy, and many cities across America have parts that aren’t doing very well. But there are regions that are trying to become healthier by coming together, rather than pulling apart. Tearing down a highway can be one way to do this. But it’s not the only way. My colleague Derek Thompson has written about the miracle of Minneapolis, where high-income communities share tax revenues and real estate with lower-income communities to spread prosperity. A year ago, I visited Louisville, where a court ordered the county and city to combine their school districts in order to integrate their schools. Today, Louisville is still trying to keep its county and city schools integrated, even after the Supreme Court told the city it no longer had to do so. In Chicago, a regional housing authority that covers eight counties, including Cook County, is working to move families from the inner city to higher-opportunity neighborhoods. Some cities use inclusive zoning, in which all new construction must include a certain percentage of housing for low-income residents, which means that the wealthy can’t separate themselves from the poor.

Source: The Role of Highways in American Poverty

The Dixie Highway & Me

April 27th, 2016 § Comments Off on The Dixie Highway & Me § permalink


I’m pretty sure my interest in the Dixie Highway began with wondering why there were so many Dixie Highway exits from I-75 in Southeastern Michigan.

My interest in highways and roads started earlier when I was a teen living in Connecticut. Roads and highways throughout New England have colorful histories. Official sites only hint at the local legend and lore. Rich tapestries woven of family histories, geological realities, pre-Revolution decisions, and “because” shaped the paths that became the highways of New England.

Yet that’s not where I started.

Interstate 84 runs through Connecticut connecting Pennsylvania and New York with Massachusetts. It’s a remarkably dull road, no doubt a tribute to its efficiency.

After my family moved to Connecticut in the late 1980s, we traversed that ribbon of concrete many times. I paid keen attention to one sign along the way, a sign that made no sense yet fascinated me to no end.

“I-84 Ends, I-86 to Boston”

It was still I-84 and remains so to this day. Somewhere I have pictures of the I-86 signage in Connecticut, which I think persisted until the 1990s. There’s a whole history behind this – the highway near my house that wasn’t. It kicked off my interest in roads and highways.

Toss in family dynamics – paternal side are Yankees (though didn’t arrive in the US until the 1920-1930s; settling in Michigan, Wisconsin & Minnesota) and maternal side are Dixie (I won’t call them Rebels or Confederates as there’s no documentation my family fought in the Civil War). Come 2000 and I & mine live within a mile of Woodward Avenue.

My interest in the Dixie Highway becomes more clear.

I think.

Me @ CircleCityCon, Talkin’ SOC

April 19th, 2016 § Comments Off on Me @ CircleCityCon, Talkin’ SOC § permalink

Dear Friends,

I’m honored to present at CircleCityCon 2016 on Saturday at 16:00 on “Top 10 Mistakes in Security Operations Centers, Incident Handling & Response” and how to avoid them (

I’m excited by the opportunity and can’t wait to see you there (tickets: Stop by and say ‘hi’!

I might just have a PVC Security cohort or two around, so don’t be surprised if a PVC Security podcast episode happens.

Let’s Encrypt is actually encrypting the whole Web

April 15th, 2016 § Comments Off on Let’s Encrypt is actually encrypting the whole Web § permalink

Let’s Encrypt is actually encrypting the whole Web:


Let’s Encrypt (previously) a joint EFF-Mozilla-Linux Foundation project that lets anyone easily create an SSL certificate for free in minutes and install and configure it so that visitors to their Websites will be shielded from surveillance, came out of beta this week, and it’s already making a huge difference. (more…)

(Via Boing Boing)

Need I say more than I’m a fan & a user? 

%d bloggers like this: