Welcome to CSIRT Foundry
I’m excited to announce that CSIRT Foundry will be launching in May 2011.
Over the last six years, I’ve been working at both AusCERT and JPCERT, national-level CSIRTs in Australia and Japan respectively. I’ve done a lot of different things over that time: incident response, phishing takedowns, malware analysis, international collaboration, vulnerability alerting, and many other things that I never expected to be doing.
In all of these endeavours, one thing I’ve noticed is that as analysts, we seem to spend a lot of time doing the menial jobs, and less time doing what we care about: analysing new, interesting attacks, and thinking of creative ways to address the problems confronting us. Just paddling along and keeping up with the flow isn’t quite enough for job satisfaction: wouldn’t it be better if we could actually start thinking of how to make IR more effective?
Before I entered the security world, I was a software developer who took to web applications early on. Throughout my time at AusCERT and JPCERT, I couldn’t shake the software development habit, but generally just as a side job between my incident response duties. Unfortunately, the unpredictable schedules of incident response do not blend well with the extended periods of concentration needed for software development.
While we had access to and developed some great software that helped us, there always felt like more we could do: better engineered apps, rather than tools crafted during late-night hacking sessions as needed.
So, that’s what this new venture is all about. Together with Damon Oehlman, I hope we can help you improve the state of the art in tools for incident response and security teams. We will have more detailed information soon, but please feel free to get in touch with us - we’ve love to work with you.