• Cyber Intelligence Training
    Cyber Intelligence Training
  • Silent Warriors - Wilderness of Cyber Mirrors
    Silent Warriors - Wilderness of Cyber Mirrors
  • Interim - Virtual CISO Services
    Interim - Virtual CISO Services
  • Analytic Line of March
    Analytic Line of March
  • Denial and Deception
    Denial and Deception
  • Analysis as a Service
    Analysis as a Service
  • Methods of Analysis
    Methods of Analysis
  • Critical Thinking - Cognitive Bias
    Critical Thinking - Cognitive Bias
  • Clandestine Cyber HUMINT
    Clandestine Cyber HUMINT
  • High Value Targets - Reconnaissance
    High Value Targets - Reconnaissance

Cyber Security Predictions - Not Even Reality TV - Just Daytime Entertainment

The plethora of 2017 cyber security predictions do nothing but distract practitioners from executing actual controls and methods of defense and prevention. Each year we get slammed with predictions that aret71training never followed, are common sense, and serve to market and sell products and services. The so-called information and cyber security experts, many times self-proclaimed, spew predictions on all potential areas. This is not much more than fake news and methods to direct readers to vendor products. The vendor products that claim to solve these predictions and therefore, become self-fulfilling prophecies. For the most part, once the predictions are published, the follow-up to their success is non-existent. Their purposes are to market and sell, drive perception, manage the market, and drive a false sense of vendor expertise.

Treadstone 71 Training 2017

We should focus on actual problem resolution and change the failed paradigm within which security exists. We continue to propagate vendor products and services that do not work, only treating the symptoms. This is not much different from the pharmaceutical industry that markets pills to you each evening during the news and prime time. Pills that treat symptoms and cause more side effects than they do solve issues. Advertisements that drive up the cost of the product manipulating the market and those that prescribe the 'solutions' to recommend purchase.

The only way we change this paradigm, and I mean we, is to push back on these vendors to solve problems and quit selling products that treat symptoms. We must also correct our own internal behaviors. A few weeks ago, I published a potential list of 12 items to change this paradigm (the 12th is a shameless plug so 11). They are listed below.

We need to forget the Jerry Springer-like entertainment of annual cyber predictions and focus on solving the hard problems we face.

What does Treadstone 71 seek? We seek an end to the noise and an understanding that our information, our intellectual property, and our way of life is under constant siege. We are in a cyber war with skirmishes and battles occurring 24x7. We need to direct the carpetbagging vendors to cease in their war profiteering and take a moral stance in fighting our adversaries. We also need to correct and adjust how we run IT and information security. The list of 11 is below. We welcome your comments, your additions, and your assistance in this call to action to change the failed paradigm.

 

 

Treadstone 71

  1. All CIOs must have served as a CISO for at least four years before being allowed to be a CIO.
  2. All CIOs must have a CISSP, CISM, and at least two technical information security certifications and have been thoroughly trained and qualified to be a CIO. No more cronyism.
  3. CISOs will never report to the CIO – conflict of interest and a recipe for … what we have now.
  4. If you are the administrator for a device, you secure that device (servers, routers, appliances, etc.). You are responsible and accountable – Secure what you own. Secure what you manage.
  5. CIOs and their leadership will be held liable for deploying vulnerable systems.
  6. All new products (IoT and beyond) must be certified secure before public release. No more figure it out as we go and bolt it on after we have consumers hooked.
  7. All root access / administrative rights for production, critical, supporting, etc., systems and devices are removed and granted only for approved changes and incidents.
  8. All written code and script must be written properly. There is no such thing as secure code, only code the works correctly and does not create vulnerabilities.

Treadstone 71 2017 Intelligence Training Courses – Sign up now or inquire about how to have us come onto your site to training.

  1. All operating systems will be shipped closed and installed closed with a risk rating system for each port, protocol, and service. Each modification reduces the security posture of the operating system providing a risk score while automatically offering advice on how to remediate that score with other controls. 
  2. New regulations to enforce security and privacy, demanding disclosure of breaches,  fining companies and individuals for negligence are put in place, at once.
  3. Vendors posting adversary IoCs, TTPs, and other methods that would normally be seen as ‘telling the enemy what we know, i.e., sedition’ will be fined for such activity.
  4. You will tell yourselves over and over again that contracting with Treadstone 71 to build your cyber intelligence strategy and program is the absolute right thing to do (repeat after me …).

Decided to add a real 12: 

  1. Let's create a focused call to action to change the paradigm. Open to suggestions, dedicated forums, public push to change vendors, public push to force IT to change.

Call to Action!

  • This email address is being protected from spambots. You need JavaScript enabled to view it. - www.treadstone71.com

Search Our Site

Treadstone 71 - We See What Others Cannot

The Cyber Intelligence Training delivered and created by Jeff Bardin adds rapid returns to both Cyber Intel Analysts, and Security Ops Centers.  Each student receives quality instruction and hands-on experience with today’s OSINT tools and intelligence tradecraft.  This is necessary for anyone new to Cyber Intelligence and complimentary to any Security Operations within your enterprise. This 4.5-day class provides the student with the resources and fundamentals needed to establish cyber intelligence as a force as both a proactive offensive step and a counter intelligence-contributing arm of your larger team.  – Antonio, 

Fortune 100 Company

line2

Use HOLIDAY2018 as a Coupon Code at checkout to save big! November 20-December 8

January 8-12 Cyber Intelligence- Amsterdam, NL
February 5-9 Cyber Intelligence- Reston, VA
March 19-23 Cyber Intelligence- Columbia, Maryland
April 9-13 Cyber Intelligence- London, UK
April 30 – May 3 Cyber Intelligence - Los Angeles California
May 14-18 Cyber Intelligence- San Jose, CA
June 18-22 Cyber Intelligence- Annapolis Junction, Maryland
Aug 13-17 Cyber Intelligence- Reston, VA
Sep 17-21 - Cyber Intelligence- Boston, MA
Oct 15-19 Cyber Counter Intelligence - Reston, VA
Nov 5-9 Cyber Intelligence- Denver, CO
Dec 3-7 Cyber Counter Intelligence - Columbia, Maryland

Students and organizations taught (non-inclusively):

AIB, American Express, Capital One, Commonwealth Bank, Bank of America, ING, NCSC NL, Defense Security Services, PNY, Dell Secureworks, HPE Security, EclecticIQ, Darkmatter (AE), General Electric, General Motors, PNC, Sony, Goldman Sachs, NASA, DoD, East West Bank, Naval Air Warfare Center, VISA, USBank, Wyndham Capital, Egyptian Government, DNB Norway, Euroclear, Malaysian Cyberjaya, People's United Bank, Baupost Group, Bank of North Carolina, Fidelity Investments, Citi, Citigroup, T. Rowe Price, Wells Fargo, Discover, Blackknight Financial Services, Intercontinental Exchange (ICE), Citizens Financial Group, Scottrade, MetLife, NY Life, Synchrony Financial, TD Ameritrade, National Reconnaissance Office, FBI, Stellar Solutions, Lockheed Martin, Harvard Pilgrim, State of Florida, Deloitte, Ernst and Young, Mitsubishi, Tower Research, Geller & Company, KeyBank, Fannie Mae, BB&T, Aviation ISAC, JP Morgan Chase, Barclays, Nomura International, ING, Finance CERT Norway, BBVA, Santander, Bank of America, Equifax, BNY Mellon, OCC, Verizon, Vantiv, Bridgewater Associates, Bank of Canada, Credit Suisse, HSBC, International Exchange, Vista Equity Partners, Aetna, Betaalvereniging Nederland, several members of FlashPoint, non-inclusively (as well as several other firms by proxy as they hire qualified intelligence professionals trained by Treadstone 71).

Terms of Use - Privacy Policy - Course EULA

  Treadstone 71 Cyber Intelligence Services

  Treadstone 71 Expands Groundbreaking Services

 

Cyber Jihad - 2008-2011 Compilation Part 1

 

Cyber Jihad - 2008-2011 Compilation Part II

 

Iran Cyber Proxies and Capabilities 

Gaming as a Method of Jihadist Training

 

 

 

 

 

 

 

Treadstone 71 Cyber Intel Services / Training

Stuxnet