08 Dec 2017

Best Security, Business, and Technology Books of 2017

In looking at advances in technology over the past year, I’m reminded of the Lenin quote “There are decades where nothing happens; and there are weeks where decades happen.” It seems that to make the most sense of the top security and business trends you need to have a keen

Read More
21 Feb 2017

The 2017 Red Teamer’s Bookshelf

“It’s been a couple of months since we first announced that Red Team Journal, Redteams.net, and OODALoop would be compiling the latest ‘Red Teamer’s Bookshelf’ jointly. For those of you who’ve been waiting, the list is finally here. It’s larger than previous years, so we’ve organized the titles by category

Read More
07 Feb 2017

Our Science Fiction Cyber Future

“The cybersecurity industry is currently enamored with concepts of autonomous defense, including elements of machine learning, behavioral analytics, and artificial intelligence—and rightly so. Programed to be able to study all vulnerabilities in the public domain, autonomous bots (autbots)—not to be confused with bots simply conducting repetitive tasks like guessing default

Read More
07 Dec 2016

Best Security, Business, and Technology Books of 2016

Dozens of times per year, I get asked to recommend my favorite books so I couldn’t say no when the OODA Loop team asked me to build on Mark Mateski’s popular Red Teaming book list by providing my top 10 books for 2016. I have very eclectic interests, so I’ve

Read More
07 Jun 2016

The Ultimate Targeted Attack: Malvertisments

I’ve been in evil genius mode with Lou a few times on this. The advertising networks provide a tremendous amount of granularity that can be used for very focused attacks. For network defenders, they can also be very useful for attribution operations as well.

Read More
22 Oct 2015

10 Red Teaming Lessons Learned Over 20 Years

I’ve been a red teamer for twenty years now, perhaps even longer, but I didn’t know what to call it until 1995 when I started working with the Department of Defense. I’ve also been fortunate to participate in or lead hundreds of red teams within many divergent disciplines ranging from

Read More
19 Feb 2015

Every Cyber Attacker is an Insider

I recently witnessed the CIO of a publicly traded company dismissing the results of a successful red team to the Board of Directors by stating that the “the test wasn’t realistic as the red team had insider access.” The “insider” access in this instance was a network connection with no

Read More
12 Dec 2014

Terrorism Reference CDROM

This CDROM was created as an academic research resource for those with an interest in terrorism and counterterrorism issues. This edition was developed in collaboration with the American Society for Industrial Security’s (ASIS) National Capital Region for exclusive distribution to the attendees of the 2002 Countering Terrorism Seminar on June

Read More
15 Dec 2013

InfoWar 1992-2012

Matt Devost and Winn Schwartau talk discuss what has happened in the information warfare and cyberconflict space over the past twenty years.

Read More
26 Aug 2013

Destruction and Creation

To comprehend and cope with our environment we develop mental patterns or concepts of meaning. The purpose of this paper is to sketch out how we destroy and create these patterns to permit us to both shape and be shaped by a changing environment. In this sense, the discussion also

Read More