Tarah M. Wheeler

What the DFIR analyst does during an IR engagement (not only equal to a firefighter or detective) is not the same as what the management should do in handling an incident or what the GRC should do in managing an incident. Why do some experts write a playbook to combine every aspect of DFIR for the technical team to follow? Why does the procurement write a tender to ask a service provider certified with CISM/CISSP or equipped with digital forensic tools to do the IR tasks like this?

69

#OSINT isn’t just for experts anymore. Horizon Identity empowers any team to uncover patterns, links, and real-world identity details - without needing OSINT skills or special training. One search bar for access to more than 550 publicly available data sources and more than 1,500 endpoints to make your investigation easy. Learn more here: https://hubs.la/Q03rsWqm0 #cai #investigations #shadowdragon #horizonidentity #pai #osintforgood #realtimeintel

23

We have arrived at a point where even the tools of surveillance need protection from crime. Security is all about layers. This cage represents target hardening, a core principle of situational prevention. This is behavioral conditioning through hardware. From Oscar Newman’s Defensible Space theory to Broken Windows, design influences behavior. This aligns with David Lyon’s theory of surveillance as social sorting — where even the surveillance infrastructure is tiered, protected, and guarded like capital. https://alfredkinoti.com/ #security #securitymanagement #crime #Investigations #compliance

40

4 Comments

DFARS 7012 requires contractors to implement NIST SP 800-171 to protect Covered Defense Information (CDI). DFARS 7019/7020 requires contractors to perform a basic assurance self-assessment and submit a score to SPRS that is within 3 years of contract award. DFARS 7021 specifies the CMMC level required to be awarded a DoD contract. CMMC levels require either self-assessment or third-party assessment. When making the determination of the level required for a contract, there is a memo that outlines the process that must be followed by the DoD program manager to obtain a waiver to "CMMC assessment requirements" for that contract. "Program Managers and requiring activities should identify information security requirements for the types of information most likely to be associated with the planned contract effort. When market research indicates that including a CMMC assessment requirement may impede ability to generate robust competition or delay delivery of mission critical capabilities, the SAE, CAE, or DAE may approve requests to waive inclusion of CMMC assessment requirements. SAEs and CAEs must carefully weigh the risk of potential loss of CUI associated with mission critical capabilities before granting a waiver." Level 1 - "There are no circumstances likely to warrant approval of requests to waive CMMC Level 1 requirements." Level 2 - "In rare circumstances. such as when seeking competition from non-traditional DoD sources. waivers may be warranted for CMMC Level 2 third-party assessment requirements. Such waivers are not appropriate for contracts requiring performance by a cleared defense contractor. Approved waivers on a class basis must include a planned expiration date and guidance for requiring CMMC certification in subsequent solicitations." Level 3 - "In rare circumstances, waivers may be warranted for CMMC Level 3 third-party assessment requirements: such waivers, however, are not appropriate for contracts or work statements requiring access to both unclassified and classified DoD information." Full memo on the process found here, starting on page 6: https://lnkd.in/eeBCW53n #cmmc #dib #dfars

58

12 Comments

Tip: Video and audio analysis techniques for #OSINT are methods and processes used to systematically examine and interpret visual and auditory data from publicly available sources. These techniques involve extracting, filtering, and synthesizing information from videos and audio recordings to gather actionable intelligence. Read more here: https://lnkd.in/er8e6bZt

137

8 Comments

After DHS did not renew its funding contract for reasons unspecified, MITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program was slated for an abrupt shutdown on April 16, which would have left security flaw tracking in limbo. CISA stepped in to provide a bridge. A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.” Sources say the contract extension will last 11 months. Yosry Barsoum, vice president and director of the Center for Securing the Homeland at MITRE, commented: “Thanks to actions taken by the government, a break in service for the Common Vulnerabilities and Exposures (CVE®) Program and the Common Weakness Enumeration (CWE™) Program has been avoided. As of Wednesday morning, April 16, 2025, CISA identified incremental funding to keep the Programs operational. We appreciate the overwhelming support for these programs that have been expressed by the global cyber community, industry, and government over the last 24 hours. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE and CWE as global resources.” https://lnkd.in/gPhB8vVQ

170

12 Comments

Elicitation is a technique used by threat actors to gather information without the target’s knowledge, using seemingly normal or mundane social and professional contacts. Learn how to identify and mitigate elicitation risks by exploring this recent @DCSAgov bulletin: https://lnkd.in/ed9sq_uz

228

17 Comments

The National Security Agency just released the first two Zero Trust Implementation Guideline (ZIG) documents in their new series: a Primer, and the Discovery phase document. These releases are both substantive documents, building on the National Institute of Standards and Technology (NIST) Cybersecurity and Infrastructure Security Agency and United States Department of War Zero Trust foundations. We will be reviewing these, and talking about them in a live session next week. Look for information on this soon! Links to source documents: https://lnkd.in/ecx-MY9Z #ZeroTrust

18

1 Comment

Most security teams run on a dozen different tools. Crisis detection systems, notification feeds, GSOC dashboards, case management systems, travel risk management platforms, risk models, and site assessment systems. The list goes on. Each one needs location threat intelligence, but few actually have it. That's the problem we built our API to solve. Customers have been loving our API since it was first released, and the use cases keep expanding. Today we're making it official with a dedicated API page on our site that breaks down exactly how security teams integrate Base Operations into their existing tech stack. Here's what it enables: 𝗚𝗦𝗢𝗖 𝘁𝗵𝗿𝗲𝗮𝘁 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴. Feed BaseScore and detailed threat breakdowns directly into your operations center. Your analysts get standardized risk context for every location they monitor without switching tools. 𝗖𝘂𝘀𝘁𝗼𝗺 𝗿𝗶𝘀𝗸 𝗺𝗼𝗱𝗲𝗹𝗶𝗻𝗴. Our API provides BaseScore and 16 standardized threat categories at sub-mile granularity. So you can build crime and unrest threats directly into your risk model across every location. 𝗧𝗿𝗮𝘃𝗲𝗹 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗮𝗻𝗱 𝗱𝘂𝘁𝘆 𝗼𝗳 𝗰𝗮𝗿𝗲. Connect local threat data to your travel management platform so you implement policies effectively and provide recommendations to your people. 𝗦𝗶𝘁𝗲 𝗮𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁 𝗮𝗻𝗱 𝗽𝗼𝗿𝘁𝗳𝗼𝗹𝗶𝗼 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴. Query and compare threat profiles for any location across 5,000+ cities using the same consistent methodology. Most teams complete integration in 5-30 days. No rebuilding your stack. No 12-month data engineering projects. One REST API that connects once and feeds local intelligence everywhere it's needed. Check out the full API page to explore endpoints, specs, and use cases: https://lnkd.in/endwHPcT

19

2 Comments

📢 We issued Emergency Directive (ED) 26-01: https://go.dhs.gov/isY ED 26-01 was issued in response to nation-state affiliated threat actors compromising F5’s systems & downloading portions of its BIG-IP source code—presenting an imminent threat to federal networks using F5 devices. 🛡️ Federal agencies are required to identify, analyze, and mitigate potential compromises immediately, especially if your agency utilizes any of the following F5 products: • Hardware: BIG-IP iSeries, rSeries, or any other F5 device that has reach EOL/EOS • Software: All devices running BIG-IP (F50S), BIG-IP (TMOS), Virtual Edition (VE), BIG-IP Next, BIG-IQ, BNK/CNF 📄 Read the directive: https://go.dhs.gov/isY

550

22 Comments

🚨 New Coast Guard Cyber Reporting Guidance Released 🚨 The Coast Guard just published NVIC 02-24, Change 1, a significant update that clarifies exactly how MTSA-regulated facilities, vessels, and maritime stakeholders must report cyber incidents, reportable cyber incidents (RCIs), breaches of security, suspicious activity, and TSIs. We'll touch on this at our webinar tomorrow (Wednesday, 3 DEC). Register here: https://lnkd.in/eTddVqDN What’s new: ⚓ Immediate reporting of cyber incidents to FBI, CISA, and the COTP ⚓ Clear definitions separating cyber incidents vs. RCIs ⚓ Updated examples of what counts as a reportable event (IT, OT, ICS, drones, unauthorized access, etc.) ⚓ Guidance aligned with the July 16, 2025 Coast Guard Cyber Rule If you operate a port, terminal, vessel, or OCS facility, this NVIC is likely to affect your security plan and incident response playbooks. If you want a quick breakdown or need help updating procedures to stay compliant, I’m happy to help... reach out. MAD Security CISO LLC

58

1 Comment

Some of the early management story behind the NSA Security Guides and a national consensus on security guidance for Windows 2000. How "guiding principles" can guide work. https://lnkd.in/eCeKse-3 National Security Agency , Center for Internet Security , National Institute of Standards and Technology (NIST) #sagercyber

34

6 Comments