Showing posts from 2017

Practical advice for real world problems

Practical advice for real world problems Introduction Have you ever been trying to solve a systemic problem, like users getting infected by malware, and the only advice you get is completely impractical, such as to instruct users to not click on links or open attachments? This seems to be one of the top security recommendations lately, as if the solution was so simple. The good news is that there are some practical solutions out there for nearly every organization. The key is to figure out your core goals, determine what solutions supposedly work in your environment, and then test them to make sure they actually do what they say on the tin. It’s going to take more than a single blog post to explain everything, but we wanted to start by going over a concrete example and then future posts can generalize. The problem Our example will be to cover the damage done by people getting phished and downloading malware (either from an attachment, or by clicking a link and downloading some

Blockchain Technology

Blockchain Technology Financial technology (Fintech) has a long history of innovation, but there have been interesting changes now that Bitcoin has demonstrated the possibility of having a trustworthy system even when dealing with untrusted parties. It has taken Bitcoin quite a few years to earn the level of trust and acceptance it has today, but it serves as an existence proof that this level of trust is both technical and socially possible. This is what the altcoins and other blockchain technologies are banking on. They want to be viewed as being secure and trustworthy just because they share some things in common with Bitcoin, such as a distributed ledger. Filecoin allegedly raised over $257 million despite the fact that Storj, Sia and MaidSafe already had working products for distributed data storage on a blockchain. It’s unclear why investors chose Filecoin. Perhaps they feel that there needs to be big money behind a technology so it can be promoted and become the dominant so

The Launch of SCYTHE and CROSSBOW

The Launch of SCYTHE and CROSSBOW When I started  GRIMM , I had a vision to tackle the greatest cybersecurity challenges that face our clients, industry, and the greater business and government communities. Five years later, we have grown into a dynamic and passionate team that strives to make a better, more secure world through the independent research and the services we provide to clients. GRIMM takes deep pride in its dedication to education, innovation, and technical problem-solving. We go to great lengths to arm our entire team with the resources and freedom to tackle the pressing security challenges in an increasingly connected world. Its this pride in the business, spirit of achievement, and dedication to security that has driven our company toward major success. As a result of all our hard work, I’ve announced today that we’ve officially launched a new company,  SCYTHE , to roll out,  CROSSBOW , a first-of-its-kind security assessment, and validation platform. To ad


#BestTechWorkCulture Last night, GRIMM attended the 3rd Annual DC  Timmy Awards . The Timmy Awards recognize and celebrate the technology work culture that actively promote creativity, innovation, and learning in the DC area. GRIMM was named a finalist leading into the event and we’re thrilled to have been ultimately recognized as the First Runner-Up for Best Tech Work Culture! The evening was filled with energy and camaraderie as companies across the region came together to celebrate the innovative leadership embodied by the greater DC tech community. We were thrilled to be recognized among so many other great organizations in the region, especially as we continue to raise the collective profile of the DC tech scene. When I started GRIMM, I had a vision to tackle the greatest cybersecurity challenges that face our clients, industry and the greater business and government communities. Five years later, we have grown a dynamic and passionate team who strives to make a better wo

HAX and GRIMM’s Internship Programs

HAX and GRIMM’s Internship Programs One of the reasons I chose to come to GRIMM after leaving federal service earlier this year was because of one of the core principles held by the rest of the GRIMM Leadership team. That is the importance of educating the general public on the inherent cybersecurity risks in nearly everything touched on a daily basis, and of enabling future generations of cybersecurity experts, software developers, and computer engineers to solve these security challenges, as well as those of the future. Having been intimately involved with these challenges, as I worked on workforce development and training at the Department of Defense for the better part of the past decade, with an increasing global skill shortage to boot, this isn’t exactly an easy task, but something at GRIMM we try to chip away at. One of the tactical ways we do this is with a robust internship and mentorship program. This past summer, GRIMM had five amazing interns – three in our Northern Vi

A Three-Step Approach to Threats: What All Organizations Should Know (but Equifax Doesn’t)

A Three-Step Approach to Threats: What All Organizations Should Know (but Equifax Doesn’t) Within the context of historical cyber breaches, this can be classified as a massive attack: Equifax, one of the “big three” credit-rating agencies, announced earlier this month that  hackers gained access  to the Social Security numbers, credit card data, driver’s licenses, home addresses and other personally identifiable information (PII) of up to 143 million Americans. Some  two-dozen class-action lawsuits  (and counting?) followed, along with stinging criticism from consumer groups and congressional leaders. A vulnerability in the open-source framework, Apache Struts, is believed to be one of the causes of the hack. When using open-source products, you need to look beyond the immediate free price to the long-term implications: how will you maintain their function and security. Part of this is a commitment to actively participate in the community to contribute to the software’s continued