Log-to-Action
On-Demand Anomaly Analytics with Snowflake Cortex and Word2Vec A few weeks back, a customer came to me with an interesting problem. They, like many customers, had a massive amount...
17 results
Blog
Securing Remote MCP Servers
This week, I had the pleasure of speaking at FWD:Cloudsec about securing remote MCP servers. As I normally speak about security data analytics, it was a welcome break to research a...
Snowflake Agents for Cybersecurity
I often run a Capture The Flag (CTF) session for customers of Snowflake. I provide a dataset with access logs, vulnerability data, Jira tickets, and cloud audit logs. We work toget...
Building a Threat Intelligence Agent with Snowflake and Streamlit
Last week, Google announced Sec-Gemini , a large language model (LLM) specifically designed to tackle cybersecurity challenges. Among the highlights of their announcement was the i...
Small Coffee Social
A social network for bots Tldr ; I wrote a social network for bots view the current iteration here: https://smallcoffee.social Over the holidays I had a dream about a social networ...
Should You Own Security Ingestion Pipelines?
Tradeoffs in security data lakes The idea of using a security data lake to power your threat detection workloads is nothing new. Since the launch of Snowflake’s AI Data Cloud for C...
Snowflake Siem Integration Architectures
For IT and Security teams tasked with monitoring Snowflake, integration with a SIEM or other centralized monitoring solution is critical. This article goes over which logs are typi...
A guide to reporting on developer security with Snyk and Snowflake
Everyone wants to shift left to stop vulnerabilities as early in the process as possible. This makes sense, a bug (security or otherwise) stopped before it’s even deployed is not o...
Implementing Schema Search on Snowflake
How to search multiple log sources at once Security and observability data lakes have allowed customers to have access to more data than ever before and have given them the tools t...
Normalization in Security Data Lakes
Early this summer I had the opportunity to present at my favorite conference, FWD:Cloudsec. I presented on the specific topic of data normalization for security data lakes. The con...
Security Analytics with Wiz and Snowflake
If you’re looking for a high value, low effort way to boost your security program, analytics on cloud risk data is a fantastic contender. If you have Snowflake and you use Wiz then...
Security Data Lakes, Normalization and OCSF
As Snowflake’s Cybersecurity Field CTO, I get asked fairly frequently around my thoughts on the Open Cybersecurity Schema Framework (OCSF) and about normalization in general. The f...
Navigating the Journey from SPL to SQL
As the field of security data engineering continues to evolve, workloads that once lived in the siem are being migrated to or augmented with a security data lake. Often time this m...
9 ways to give access to an internal tool
The following is a work of fiction. However all the solutions are real things I've attempted in my time as a Cloud Consultant. Image this, you're minding your own business when an...
Tips for managing a team's stress
As a leader, it can be tempting to push your team to get the most out of them and to get results. People don't like like saying no and often just want to be helpful and give it the...
A response to "Thinking About the Future of InfoSec"
I recently read an article by Daniel Miessler about his predictions for the future of cybersecurity. He talks about changes to organizations, the market and the day to day of cybersecurity professionals. I decided to write down some of my thoughts in response.
WordPress on AWS, begrudgingly
Don't do it, but if you must then read this first
Helping engineers make better estimates
One insight that I've found pretty ubiquitous in my career is that engineers hate being made to provide estimates on things. Still, in my role selling consulting engagements and pr...
Setting up Github Actions with AWS using CloudFormation
I recently helped a client migrate their Devops Pipelines to Github Actions. One of the nice features about GH is that its relatively easy to setup and use an identity provider tha...
Critiquing cloud lockin
I hear a lot of talk about cloud lockin. I hear it from people with self funded startups, authors on tech blogs and developers. The argument I hear most is that if you start using...
Calling the brute(force) squad
I got this picture in my family chat recently with a the question "is this correct?" The short answer is "kinda". The long answer is this blog post :) What is Brute Forcing Put sim...
Network security concepts in school safety plans
As summer nears its end, there's a lot of discussion about how and when to reopen schools and universities. As a security professional, I can't help but see the parallels between p...
Security doesn't have to be a blocker
A few months ago during a conversation at a secops event, the topic of granting exceptions came up. One of the attendees was shared his dismay. "Management is always steamrolling m...
SIGRed: A new critical vulnerability Explained
Last Tuesday, as they do every second Tuesday, Microsoft released its monthly patch updates. One in particular (CVE-2020-1350) has been drawing a lot of attention. The vulnerabilit...
ThiefQuest: The new macOS ransomware that's more than it seems
Last week a new macOS malware threat was discovered. Mac ransomware, while not unheard of, is still interesting enough to be of interest to security researchers. So, when Dinesh De...
A Threat Overview of Contact Tracing technology
This past year, as the Covid-19 virus began to spread so did the efforts to digitize the contact tracing process. As fast as the virus grew, so did the number of technical efforts...
Cleaning up users in 1password
Recently I was helping a company audit their 1password account. Thought I'd share some useful snippets using jq and the 1password CLI tool . This command suspends users who haven't...
Shifting left with vulnerability management
Recently a friend of mine told me his company, in an effort to improve security, was launching a bug bounty program. I’m a huge fan of bug bounty programs, hiring professionals to...
Maturity in devops
As a consultant, I tend to work with a variety of clients and teams all across the product maturity spectrum. Some are just starting; maybe they have an MVP, maybe they are still b...
Trying Pritunl Zero
Pritunl is an open source OpenVPN and IPSec solution that comes with a somewhat popular VPN client. Pritunl Zero fills in a few more gaps by providing zero trust access to SSH and...