17 Sep 2019

Deception Needs to be an Essential Element of Your Cyber Defense Strategy

In the cyber defense community, we talk about a wide-range of risk mitigating technologies, strategies, and activities.  We talk about attacker deterrence and increasing costs for the attacker.  We invest in endpoint agents, threat intelligence, DLM, and other mitigating technologies on a daily basis.

Here’s why one of the most compelling emerging use cases for increasing attacker costs is through the use of deception.

Read More
13 Sep 2019

Which CIA Executive Impacted Snowden’s OODA Loop?

Edward Snowden’s new book is out next Tuesday, but OODA Loop got an advance copy.  In the book, Snowden identifies two major catalysts that not only pushed him over the edge, but also informed his strategy for how he leaked the highly classified material.  One of them was a complete surprise.

Read More
26 Aug 2019

Here is How the FBI Wants You to Protect Your Audio/Visual Devices from Cyberattack

An FBI bulletin provides an overview and detailed recommendations on how cyberattackers are targeting audio/visual systems to compromise corporate networks along with recommendations on how to prevent such attacks.

Read More
26 Aug 2019

CISA Outlines Agency’s Strategic Intent

The newly formed Cybersecurity and Infrastructure Security Agency (CISA)has released a strategic intent document outlining the agencies role in protecting U.S. critical infrastructure and cyberspace.  It is important for OODA Network Members to track the emergent roles and responsibilities of this agency as it will be a critical component of cyber and infrastructure security moving forward. 

Read More
16 Aug 2019

Def Con is the Most Valuable Security Conference of the Year.  Here’s Why.

There are literally hundreds of cybersecurity conferences hosted around the world each year and as a result it can be difficult to determine which conferences provided the highest value in the domain. 

While each of these events bring community value in their own unique way, Def Con is the most valuable event of the year for the community. Here’s why.

Read More
23 Jul 2019

What You Should Know About China’s “Destruction Warfare” Doctrine

In 1999 a book called “Unrestricted Warfare” emerged from China and over the past two decades it has served as a good guide for how China views conflict and in particular, cyber and economic conflicts.  Businesses that understood Unrestricted Warfare were better enabled to defend their networks and market share.

Twenty years later, the U.S. Department of Defense has released a Joint Staff originated report highlighting the next generation of Chinese doctrine and their concepts of “system attack” and “destruction warfare”.  Here is what you need to know about it.

Read More
09 Jul 2019

Cyber Sensemaking Part Two: Management Lessons Learned and Essential Actions

In Part Two of this series on Cyber Sensemaking, OODA CEO Matt Devost steps through the top management lessons learned and actions that can be taking to drive your cyber risk management program. 

Read More
02 Jul 2019

Cyber Sensemaking – Essential Observations for the Next Five Years

Distilling over 25 years working in the fields of cybersecurity and cyberconflict across a multitude of domains including government, corporate, think tank, and academic this article serves as a foundational distillation of observations that can be applied in any organization. In Part Two of the series, we will look at lessons learned and actions that can be executed by management teams to help manage cyber risk.

Read More
04 Jun 2019

The Hackers Who Saved the World – Interview with Author Joe Menn

I’ve just finished reading an advance copy of Joseph Menn’s new book Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World (Amazon Link) and can recommend highly for OODA Loop members. As the importance of hacker history goes, this was a book that was

Read More
03 Jun 2019

How a Presidential Commission Was Tracking Hackers in 1996

The President’s Commission on Critical Infrastructure Protection is often cited as one of the most important initiatives from the 1990s that advanced our cybersecurity programs in the U.S.  The commission, which looked at cyber threats to critical infrastructure, created a lasting critical infrastructure framework that is still in use today. 

Read More