ken-dunham

Ken Dunham

Senior Director, Technical Cyber Threat Intelligence

Ken Dunham brings more than 27 years of business, technical and leadership experience in cyber security, incident response and cyber threat intelligence to his position as senior director of technical cyber threat intelligence for Optiv. In this role, he is responsible for the strategy and technical leadership to mature Optiv’s data integration and innovation of intelligence-based security solutions.

 

Darknet Done Right

· By Ken Dunham ·

The marriage of a well-managed risk program and a targeted Darknet operation to move towards mitigation of risk is an ROI most mature companies have actualized. Intelligence as a service focused upon marketplace and infrastructure, will likely become a greater focus of service support and integration. When integrating a Darknet intelligence arm into a risk program, be sure to properly staff internal Human Intelligence (HUMINT) resources to strategically and tactically act upon the intelligence that matters most to your organization.

Continue reading

Titanic - Lessons Learned for Cyber Security

· By Ken Dunham ·

Computer security professionals are all too familiar with the “cat and mouse” game seen on the global stage of the enemy and defenders. History does indeed repeat itself, because we are human. Humans tend to be reactive, take things for granted, and assume much when it comes to our strengths and weaknesses. Bad actor tools, tactics, and procedures (TTPs) continue to evolve with nascent technology and infrastructure solutions.

Continue reading

Will Blockchain Change the World? (Part 2)

· By Ken Dunham ·

In the previous post of this two-part series, we introduced the concept of blockchain and its possible use cases. Blockchain innovation promises streamlined operations, immutable public ledgers and more. It also shows promise in applications where there is a lot of red tape, inefficient operations, and challenges such as transnational currencies and transactions in the financial market. But there are also a variety of threats and risks associated with adoption of blockchain technology.

Continue reading

Will Blockchain Change the World?

· By Ken Dunham ·

There has been a lot of hype around “blockchain” these past few months. After attending sessions, discussing it with others, and researching how it is being used, it is apparent that there is a need to clear the air on this emerging topic. Blockchain has been touted as a technology that will take the world by storm and change just about everything we do on computers, but clearly it is not a silver bullet nor is it so universally applicable. It has great potential to offer trusted, traceable, and cost-efficient ledgers and associated actions with some applications of the technology.

Continue reading

Managed Security Services (MSS) and Eyes on Glass in the Real World

· By Ken Dunham ·

“Eyes on Glass” is a common saying when it comes to reviewing SIEM logs and managed services but is often misunderstood. A layman notion is that you simply have someone looking at a large quantity of log data with a low level of skill required to see if something important appears requiring escalation. Technically “eyes on glass” requires a high degree of skill and capabilities to interact directly with unique client technologies, something not commonly included with managed services.

Continue reading

Phishing - The Rest of the Story

· By Ken Dunham ·

Receiving an email lure designed to trick you into clicking a phishing link and then logging into a fake website has become a common threat. In this blog we look into how to dive deeper into the threat to move from reactive to proactive. These tactics help a company zoom in on specific threats that are common or repeated against them from both opportunistic and targeted attacks.

Continue reading

Pass-the-Hash

· By Ken Dunham ·

Pass-the-hash (PtH) is an all too common form of credentials attack, especially since the advent of a tool called Mimikatz. Using PtH to extract from admin memory parsing is much faster than old dictionary and brute force style attacks of yester-year using tools such as ”Cain and Abel.” This blog introduces the Windows Security Account Manager (SAM) file, hashes for credentials, how PtH is easily performed using a tool called Mimikatz, and how to detect such attacks within alerts.

Continue reading

Cyber Threat Intelligence Requires Commitment

· By Ken Dunham ·

It’s been said that in a breakfast of bacon and eggs, the chicken is involved but the pig is committed. This saying is relevant when implementing a cyber threat intelligence program. You must be committed in order to succeed. In this blog post, I’ll explore some of the common pitfalls of implementing a cyber threat intelligence program.

Continue reading

Orchestration & Automation (O&A) Methodology

· By Ken Dunham ·

O&A is at the heart of working with big data in an automated and efficient fashion. It involves two important elements: orchestration - planning and coordination of elements, variables, and process; and automation - automating a process or task. The role of designing and managing O&A for an organization is much like that of an orchestra conductor, making sure each part is playing its part in an integrated musical piece that is dynamic and changing, requiring core excellence in each role but also coordination through the conductor.

Continue reading

Being Certain about Estimative Uncertainty

· By Ken Dunham ·

I love it when my teenager says something like, “You know Dad, that’s how they designed it,” when in fact, my child does not have any evidence to support his conclusion. It’s spoken as a hard truth, with enthusiastic declaration. If it’s a fact – stick to the facts people. Too often we find individuals involved in cyber defense and threat research and response doing the same thing.

Continue reading
(19 Results)