Ten years ago, I took on the role of Chief Information Security Officer with the City of Seattle.
After 20 years of security consulting, mainly with the private sector, and ultimately as the Managing Consultant for VeriSign Global Security Consulting, I wanted to work IT security from a different focal point. As soon as I got there, I came to the following realizations (among others):
- Local governments provide mission-critical services and infrastructure that sustains lives, and quality of life in the communities they serve—and it’s all enabled by information technology.
- IT security preventive controls are generally in place, but monitoring the network for signs of compromise is either not occurring or needs improvement.
- It is remarkably difficult—if not impossible—for local government to attract and retain security professionals.
Realization 1 resulted in the start-up of CI Security as a professional services firm, with a mission to serve organizations that are underserved with respect to security, yet critical in terms of the services and infrastructure they provide.
Realization 2 directed the company’s commercial focus on a managed detection and response solution – controls that are largely unaddressed, yet which serve to minimize the impact of these events.
Realization 3 helped to initiate an effort to improve the knowledge base and availability of IT practitioners available to local government. This included both the PRISEM regional monitoring project (now reformed as PISCES), and the daily IT Security News Blast.
Origins of the “Daily Blast”
Originally, the Blast was just for IT staff in the Agencies of the City of Seattle, with the focus of continuous situational awareness and unrelenting exposure to the lexicon of security. Having one place to go consistently every day to find out who's been hacked, what criminals and governments are doing, and how privacy interacts with security ended up landing better with readers than the intended effect. I won't take credit for it, but I will point out that several of my colleagues during that time left IT proper for information security roles, and they have done exceedingly well.
Eventually, through interactions with regional universities and community colleges, the Blast started to get wider distribution. Through collaboration with the military and Department of Homeland Security, the Blast started going to recipients in state and federal government. At some point, it went international.
Still Sending IT Security News, 10 Years Later
Today, the Blast is delivered every morning to subscribers in a dozen countries, the National Cybersecurity Communication and Integration Center (NCCIC), lawmakers in state and federal government including a number of senators' staffs, and to IT practitioners in both public and private sectors and students in nearly every US state. It started as simple distribution lists managed by the City's Exchange server, but it's so big now that we have to use a service to manage the thing (and a new service is on the horizon - early heads up on that).
Yes, I do the Blast myself (I get asked this a lot). I have news filters that flag certain strings, and I evaluate all those articles for curation - rejecting about 75% of them. I also go through the usual suspect sites like SC Security, The Register, et al.
Sometimes it’s a pain to do it in hotel rooms and on planes, but since threat actors and the news cycle share the same non-stop schedule—I’ll keep doing it. Eventually I may need to cede the activity to something more automated, but for the time being, I'm pretty sure that it requires someone with some experience to avoid those, "Local Expert Says Use Anti-Virus" articles.
Happy 2019, and you'll be hearing from me.
- Threat Intelligence
- Happy Hour
- Security Awareness
- Public Sector
- Financial Services
- Press Release
- News Response
@detectrespond | Feb 22, 2019CI Security’s human ‘threat detectors’ know what they are looking for when it comes to breached systems. Ramel, forensics expert, is one of them—find out why he loves helping our customers. https://t.co/ZMA2JMLykX - via @khanacademy #informationsecurity #cybersecurity #FactFriday https://t.co/x0D6eZQiAx
@detectrespond | Feb 21, 2019In Vermont, the @bfp_news called on #CISO @seattlemkh to get his take on the state's new ban on agencies and IT vendors using products made by @kaspersky Anti-Virus and Huawei. https://t.co/i1RvO03Z5w #InformationSecurity #cybersecurity #ThursdayThoughts https://t.co/sNQtH6eHs8
@detectrespond | Feb 21, 2019The 3-minute #IoT Security Assessment. Get your confidential report card. Find out how to get an A+ https://t.co/jMVGbxZhZk #IoTsecurity #InfoSec #cybersecurity #ThursdayThoughts
@detectrespond | Feb 21, 2019In today's #cybersecurity news: In WA State, ~1M people found out some of their PHI was exposed online by UW Medicine. @komonews interviewed CTO Mike Simon for his expert opinion. https://t.co/fUYKClgjMD #InfoSec #InformationSecurity #mdr #ThursdayThoughts https://t.co/tU7PJxfcWn