Brian Kime
Senior Analyst

Author Insights
Blog
(Likely) First Cyberintrusion Into An American Water Treatment System
Yesterday, the city of Oldsmar, Florida conducted a press conference to disclose that an unknown person had remotely accessed the city’s water treatment system. The public was never in danger, since operators detected the breach quickly and reversed the changes made by the threat within moments. The change made to the system was “loud” — […]
Read More
Blog
Cybersecurity Lessons Learned From Snowmageddon
Social media reminded us that seven years ago, a mere two inches of snow in the middle of the day shut down Atlanta, our beloved city. It’s now affectionally referred to as Snowmageddon or Snowpocalypse. We both worked at competing security vendors then — Brian in the office at the Secureworks HQ in Sandy Springs (just […]
Read More
Blog
Recent Dragos Funding Round Demonstrates Growing Demand For OT Security Solutions
Operational technology (OT) and industrial control system (ICS) security are vitally important for the safety of the people who work in critical infrastructure and manufacturing. OT security is also necessary for the consumers of the energy, drinking water, and products made in our industrial facilities. OT security is a unique security domain of growing importance, and yesterday’s announcement of Dragos’ Series C funding round of $110 million is another validation of […]
Read More
Blog
How A Password Manager Could Save Your Marriage
My wife has the good fortune of living with a security and risk pro who also happens to be a US Army intelligence officer, so she’s been previously scolded about lax security practices. I also point out how “hacking” scenes on TV and in movies are comical and inaccurate. Note: Said wife was not consulted […]
Read More
Blog
Microsoft Purchases CyberX
Today, Microsoft announced that it has acquired Waltham, Massachusetts-based internet-of-things (IoT) and industrial control system (ICS) security vendor CyberX. While the purchase price was not disclosed, media reports are speculating that the purchase price was somewhere between $150–$165 million. Founded in 2013, CyberX has raised $48 million in venture capital, so this deal provides a good return to investors. CyberX’s core solution can monitor IoT and ICS environments […]
Read More
Blog
A Small Victory For Securing The US Bulk Power System
It is long overdue to secure the United States’ bulk power system supply chain. As early as 2007, researchers demonstrated how digitization of power systems introduces vulnerabilities that can cause physical damage. In 2015, intruders, likely sponsored or directed by the Russian government and known colloquially by the name Sandworm, breached multiple Ukrainian electric utilities and shut off power for hundreds of thousands of […]
Read More
Blog
Point/Counterpoint: The Ethics Of COVID-19 Phishing
Security awareness testing for employees should be realistic. Yet those overseeing phishing drills should be careful when using coronavirus-related messaging.
Read More
Blog
RSA Conference 2020: An Intelligence Nerd’s Shopping List
RSA Conference is an incredible opportunity for vendors to showcase their products and services to the security and risk community. Vendors, my shopping list does not include vaporware or snake oil. Everyone attending knows the internet is a scary place and threats are around every digital corner. Skip the scary statistics, and tell me how […]
Read More
Blog
SANS CTI Summit Recap: It’s All About The Process
Crystal City again hosted the eighth SANS Cyber Threat Intelligence Summit, with several hundred attendees. CTI Summit cochairs Rick Holland, Rebekah Brown, and Katie Nickels again planned a fun, entertaining, and very educational two-day event for threat intelligence professionals from around the world. If you’re a cyber threat intelligence analyst or vendor, I encourage you to attend and submit a presentation idea for 2021. CTI […]
Read More
Blog
Work Hard . . . At Not Getting Your Phone Compromised
The recent news concerning the hacking of Amazon CEO Jeff Bezos’ mobile phone demonstrates that corporate executives are perfectly legitimate collection targets for governments. Powerful individuals should expect to be targets of criminals, activists, and governments. Furthermore, anyone in failing relationships could be a target for a partner installing “stalkerware.” To address these emerging threats, […]
Read More
Blog
Meet Your New Threat Intelligence, Vulnerability Management, And ICS Research Analyst
This month, I joined Forrester’s security and risk research team as a senior analyst covering cyber threat intelligence, digital risk protection, vulnerability management, and industrial control system (ICS) security. I am excited about joining the team and expanding Forrester’s existing research in threat and vulnerability management and securing the control systems that keep our manufacturing facilities, critical infrastructure, and communities safe and productive. In my opinion, […]
Read More