I so seldom disagree with Jean that it pains me to do so here & now.
Here's MY take:
"You'll always get unsolicited advice. Only *ask* someone for advice when you commit in advance to follow it. You need a Herculean excuse to turn down any advice *you* asked for."
The Pentagon's @DAF_CDAO office should have long ago prioritized its dissection of current AND PAST Air Force #cyberwar doctrine to see where it would have gotten U.S. airmen killed in Ukraine's land war.
"Wait a minute, Rob. It's not @DAF_CDAO's job to ponder doctrine. The DAF has an air staff dedicated to that task!"
NO, THEY DON'T.
The office you're thinking of will LISTEN to anyone who believes doctrine must [to use the correct term] "evolve" in some way. This is why…
…Air Force Enlisted Historians (AFSC 3H0x1) were required to write annual analyses and strongly encouraged to write triennial monographs over every topic they regarded as vital to DOCTRINE.
I, personally, set the ball in motion to change Air Force doctrine that insisted…
The book's index highlights Dr. Fred Cohen, whose thesis underpins the concept of a computer virus; Robert T. Morris, whose computer worm almost very nearly destroyed his father's NSA career; and Victor Zhora, who has refused to…
…provide a death toll from all the horrifying[ly mysterious] "cyber war crimes" he insists must be prosecuted in a new "cyber court" in The Hague that can pronounce death penalties.
Yet there's no mention of Vmyths[.]com nor Attrition[.]org nor Snopes[.]com nor folks' names…
…The root word "critic" appears numerous times in "critical infrastructure[s]," yet only appears once in the context of a #critique. "Criticism" appears once on p.168 re: CrowdStrike's undocumentable claim that Ukrainian artillerymen got blown to smithereens and sent home in…
I want to revisit this supposedly rhetorical question.
Historically, we in #cybersecurity labeled traditional events "cyber" simply because the players were computer experts, e.g. Robert Hanssen was the world's first "cyber spy" because he identified a local computer vuln and…
…installed a password cracker on his work computer and used a Palm PDA.
Now we believe *every* spy is a #cyber spy because they all use computers in some way.
So, we've gone back to the lazy way of calling them just "spies" — but NOT for the right reasons.
We did what the cable & satellite industries did: they ✌️adjectivized✌️ themselves for adding channels to our TVs.
Cyber has improved all sorts of things, but in all honesty we're like @BASF. We don't make the things people use in their daily lives; we just make them better.
1/21
Wow! I'm high on life after a follow-up physical at a Navy clinic where I got tossed onto an exam table with my blood pressure checked 3 times, after which they did 2 EKGs, then took my blood, etc. etc.
So let's talk cybersecurity #management. It's late 1996 and I've...
2/21
...just transferred @robtlee off MY ops floor, 😈 making me DoD's first Enlisted Information Warfare Crew Commander and setting Rob on his amazing career path -- a fact he learned at the meeting below where our mutual mentor confirmed it. So, ...
3/21
...immediately after the Stan/Eval guy said "<yawn> you're now a crew commander, good night," I called a meeting with my tiny little ops floor crew.
"NEW RULE," I declared. "From now on, YOU make the decisions and I'll write it down in the Master Station Log." This...
Historically, a new "infosec" office found its authority by teaming up w/ the HR office (holding the authority to test & fire employees) and the firm's webmaster (holding the authority to set password security policies for employees & customers alike)
2/7 Historically, a newfound infosec office couldn't send emails to "all" because the IT staff controlled that -- coincidently to stop #hoax computer virus alerts that once rampaged email servers worldwide.
IT *ignored* the new infosec manager's ✌️assumed✌️ authority, saying…
3/7 "we need HR's permission to do what you're asking."
Which was too often true:
THE IT OFFICE needed HR's permission because #ironically it was an IT admin who first got #duped by a #hoax computer virus alert and fired an email to "all" that ultimately pummeled the firm…
1/18
Monday would be #NickoSilar's birthday. Our industry spouts an #UrbanLegend that she died in a hospital #ransomware attack … yet the truth is a bit complicated for our collective reductionist beliefs.
Let's study the facts surrounding this baby's tragic death, shall we? https://t.co/TVbwbQ7wTJ
2/18
First, I need to caveat my role in this sad affair. I've offered my expertise pro bono to the law firm representing the attending physician who delivered #NickoSilar on that fateful day. My specific goal is to protect Dr. Parnell from Springhill Medical Center's legal team.
3/18
I must admit it proved no easy task to pick Dr. Parnell over Nicko Silar's mother who, in truth, needs no expertise I can offer.
Maybe help Springhill Medical Center's CISO?
Nope: SMC has already thrown Dr. Parnell under the bus to protect themselves & their CISO.