Ryan McGeehaninStarting Up SecurityPrioritizing Detection EngineeringDetection Engineering is a concept that has emerged in the detection space. It acknowledges the complexity of a detection stack and the…Sep 10Sep 10
Ryan McGeehaninStarting Up SecurityManaging a quarterly security reviewI like an approach that combines my favorite quarterly review practices I’ve been exposed to. Here’s the general meeting structure:Aug 14Aug 14
Ryan McGeehaninStarting Up SecurityFollow-Up: SolarWinds Response to SEC LawsuitSolarWinds has responded on their blog regarding the SEC’s lawsuit against them following their breach. Here is some analysis:Nov 9, 2023Nov 9, 2023
Ryan McGeehaninStarting Up SecurityLessons from the SEC’s Lawsuit against SolarWinds and Tim BrownA few days ago, the SEC filed a lawsuit against SolarWinds and their CISO that shares some similarities with the blameless post-mortem of…Nov 6, 2023Nov 6, 2023
Ryan McGeehaninStarting Up SecurityVulnerability Management: You should know about EPSSThe Exploit Prediction Scoring system (EPSS) is great. You might like it, too, if you deal with large amounts of vulnerabilities.Oct 9, 20231Oct 9, 20231
Ryan McGeehanBeyond Controls: The Power of Risk ScenariosScenarios are an underappreciated way to model infosec risk. A scenario is simply a future, consequential event you write to express a risk…Aug 24, 20231Aug 24, 20231
Ryan McGeehaninStarting Up SecurityTalking about risk with thresholds 🔥Imagine you encounter a fire in the woods. You’d instinctively decide to do one of two things:Mar 20, 20231Mar 20, 20231
Ryan McGeehaninStarting Up SecurityA blameless post-mortem of USA v. Joseph SullivanOur industry deserves a complete retrospective into the incidents behind the criminal case against Uber’s former Chief Security Officer.Dec 8, 20221Dec 8, 20221
Ryan McGeehaninStarting Up SecurityEndpoint Security: Intuition around the Mudge DisclosuresThe Mudge disclosures bring up specific pain points around how endpoint security is measured and communicated and what baselines are…Aug 24, 2022Aug 24, 2022
Ryan McGeehanHow to estimate legal costs from a data breach.We need budget and headcount to mitigate risks. Larger risks should encourage more resources towards mitigation efforts.Nov 15, 2021Nov 15, 2021