Brian Kime

Social media reminded us that seven years ago, a mere two inches of snow in the middle of the day shut down Atlanta, our beloved city. It’s now affectionally referred to as Snowmageddon or Snowpocalypse. We both worked at competing security vendors then — Brian in the office at the Secureworks HQ in Sandy Springs (just […]

Operational technology (OT) and industrial control system (ICS) security are vitally important for the safety of the people who work in critical infrastructure and manufacturing. OT security is also necessary for the consumers of the energy, drinking water, and products made in our industrial facilities. OT security is a unique security domain of growing importance, and yesterday’s announcement of Dragos’ Series C funding round of $110 million is another validation of […]

My wife has the good fortune of living with a security and risk pro who also happens to be a US Army intelligence officer, so she’s been previously scolded about lax security practices. I also point out how “hacking” scenes on TV and in movies are comical and inaccurate. Note: Said wife was not consulted […]

Today, Microsoft announced that it has acquired Waltham, Massachusetts-based internet-of-things (IoT) and industrial control system (ICS) security vendor CyberX. While the purchase price was not disclosed, media reports are speculating that the purchase price was somewhere between $150–$165 million. Founded in 2013, CyberX has raised $48 million in venture capital, so this deal provides a good return to investors. CyberX’s core solution can monitor IoT and ICS environments […]

It is long overdue to secure the United States’ bulk power system supply chain. As early as 2007, researchers demonstrated how digitization of power systems introduces vulnerabilities that can cause physical damage. In 2015, intruders, likely sponsored or directed by the Russian government and known colloquially by the name Sandworm, breached multiple Ukrainian electric utilities and shut off power for hundreds of thousands of […]

Security awareness testing for employees should be realistic. Yet those overseeing phishing drills should be careful when using coronavirus-related messaging.

RSA Conference is an incredible opportunity for vendors to showcase their products and services to the security and risk community. Vendors, my shopping list does not include vaporware or snake oil. Everyone attending knows the internet is a scary place and threats are around every digital corner. Skip the scary statistics, and tell me how […]

Crystal City again hosted the eighth SANS Cyber Threat Intelligence Summit, with several hundred attendees. CTI Summit cochairs Rick Holland, Rebekah Brown, and Katie Nickels again planned a fun, entertaining, and very educational two-day event for threat intelligence professionals from around the world. If you’re a cyber threat intelligence analyst or vendor, I encourage you to attend and submit a presentation idea for 2021. CTI […]

The recent news concerning the hacking of Amazon CEO Jeff Bezos’ mobile phone demonstrates that corporate executives are perfectly legitimate collection targets for governments. Powerful individuals should expect to be targets of criminals, activists, and governments. Furthermore, anyone in failing relationships could be a target for a partner installing “stalkerware.” To address these emerging threats, […]

This month, I joined Forrester’s security and risk research team as a senior analyst covering cyber threat intelligence, digital risk protection, vulnerability management, and industrial control system (ICS) security. I am excited about joining the team and expanding Forrester’s existing research in threat and vulnerability management and securing the control systems that keep our manufacturing facilities, critical infrastructure, and communities safe and productive. In my opinion, […]