Announcing the CSIRT Tools subreddit

(Tuesday, 19 May 2015)

Things have been quiet on the blogging front, but there’s plenty going on behind the scenes that awaits a future announcement. In the meantime though, I’m posting regularly to a... more

The case against map visualisations

(Tuesday, 31 Jan 2012)

One of the most abused forms of data visualisation in information security today is the world map. During this post, I’ll explain how making maps our “go to” visualisation limits... more

IR vs development - a battle for attention

(Thursday, 20 Oct 2011)

Security teams have lots of itches they need to scratch with software tools, often developed in-house. A project might be a small data parsing scripts, or it may be full-blown... more

Netgrep - filter files by country code and ASN

(Wednesday, 17 Aug 2011)

Here’s a common problem in the life of an incident handler, particularly one responsible for an AS or country code. You get a big text file full of infected bot... more

The Great Visualization Technology Bake-Off

(Wednesday, 13 Jul 2011)

So, we’ve looked at what a good visualization should do. Next: the how. What type of visualization technologies should we use? In this article, we’re going to look at a... more

What a good data visualisation should do

(Tuesday, 28 Jun 2011)

If there was a list of skills I could encourage every security analyst to pick up, information visualisation would be high up the list. Today, let’s look at visualisation and... more

Free tools for your CSIRT - Etherpad

(Monday, 23 May 2011)

When we look to improve the effectiveness of our security teams with software, analysis or incident response systems are often the natural focus. The unsung heroes, however, are the simple... more

CSIRT Foundry is go for launch

(Saturday, 14 May 2011)

CSIRT Foundry is go for launch! After a sad farewell to Tokyo to move back to sunny Brisbane, we’re open for business. We’ll have plenty more coming soon, but in... more

Welcome to CSIRT Foundry

(Monday, 21 Mar 2011)

I’m excited to announce that CSIRT Foundry will be launching in May 2011. Over the last six years, I’ve been working at both AusCERT and JPCERT, national-level CSIRTs in Australia... more