Chris's CYBR650 Blog

Levels of Learning Thanks to Professor Woerner for sharing the post concerning getting stuck in coursework and other challenges. In this cybersecurity  field, specifically when learning this field through school and certifications, I often wonder away from the critical thinking and creative mindset. Too often looking for a specific answer to a direct question. The answers in these environments are often clear-cut...if X happens, then you must do Y.  A majority of the courses are like this, but as you mentioned, the real world is hardly ever organized as such. You need the foundational knowledge so you can think and act critically in an uncertain environment. You shared your “use your resources” line from ROTC, I have a similar one we learn at Senior NCO Academy in the Air Force. Leaders must be able to “operate critically in complex and ambiguous environments”.   Just as you mentioned, and similar to the Wired.com article...

High Tech, Low Tech, or No Tech…There are countless paths to compromise   There was a lot of great information on analyzing threats during this week’s readings. As I am also taking the Risk Management course, I have seen several different approaches to identifying threats, and multiple takes on how to threat model. Interestingly enough, one of the more interesting reads this week was from 1999. In a Schneir on Security article about modeling security threats, Bruce Shneir dropped a very interesting line. He said “i n truth, unbreakable security is broken all the time, often in ways its designers never imagined. ” That really is the name of the game. We obviously can’t imagine everything when it comes to threats, but that really should be the goal. No stone unturned, and no idea too farfetched. Who are you securing your system from? That article was about attack trees, which is a topic I find to be an excellent method to provoke brainstorming about “the art of the possible” ...

Properly Assessing Current Threats (Image retrieved from Kaspersky Cyber Threat Real-time Map: https://cybermap.kaspersky.com/)  I had some great feedback on one of my initial assignments from a fellow student today. I had mentioned that the deliverable from a process step would be a “Threat List”. This is easy to handwave when writing papers or speaking about high level processes. Sure, just go grab the threat list and see what could be attacking us. Well it certainly isn’t that easy. A threat list is only as good as the date the snapshot was taken. The issue is that the landscape evolves, sometimes quickly. When something devastating like WannaCry starts making the rounds, do you want to read about it a few days later? No chance. You need to know as soon as is possible, because your risk management could be shot if a new exploit is circling the globe and you don’t know your enterprises vulnerability to it. Many steps have to be taken, sometimes quickly and dec...

Hello all, welcome to my blog covering the final course in the Bellevue Cybersecurity Master's program. This has been quite a journey, starting back in the Winter of 2014. I am fully aware that four years is kind of excessive to complete 12 classes, but I went through at a pace that allowed me to enjoy life and accomplish other goals at the same time. My original goal was to complete my MS degree before retiring from the Air Force. Well, I hit that retirement button yesterday, requesting a retirement date of next year. So pending the results of this course (and the concurrent Risk Management course), mission accomplished! A bit about me. I am 37 years old and currently residing in Anchorage, AK. I married my high school sweetheart 18 years ago, and we have three wonderful children. We love Alaska, and all of the amazing things that you can only do here. I have about a year left to enjoy it, before we retire and transition to civilian life in Colorado, my hometown. I love fishing,...