Securing Remote MCP Servers
This week, I had the pleasure of speaking at FWD:Cloudsec about securing remote MCP servers. As I normally speak about security data analytics, it was a welcome break to research a...
Category
Security
Building a Threat Intelligence Agent with Snowflake and Streamlit
Last week, Google announced Sec-Gemini , a large language model (LLM) specifically designed to tackle cybersecurity challenges. Among the highlights of their announcement was the i...
Should You Own Security Ingestion Pipelines?
Tradeoffs in security data lakes The idea of using a security data lake to power your threat detection workloads is nothing new. Since the launch of Snowflake’s AI Data Cloud for C...
Snowflake Siem Integration Architectures
For IT and Security teams tasked with monitoring Snowflake, integration with a SIEM or other centralized monitoring solution is critical. This article goes over which logs are typi...
A guide to reporting on developer security with Snyk and Snowflake
Everyone wants to shift left to stop vulnerabilities as early in the process as possible. This makes sense, a bug (security or otherwise) stopped before it’s even deployed is not o...
Normalization in Security Data Lakes
Early this summer I had the opportunity to present at my favorite conference, FWD:Cloudsec. I presented on the specific topic of data normalization for security data lakes. The con...
Security Data Lakes, Normalization and OCSF
As Snowflake’s Cybersecurity Field CTO, I get asked fairly frequently around my thoughts on the Open Cybersecurity Schema Framework (OCSF) and about normalization in general. The f...
Navigating the Journey from SPL to SQL
As the field of security data engineering continues to evolve, workloads that once lived in the siem are being migrated to or augmented with a security data lake. Often time this m...
Setting up Github Actions with AWS using CloudFormation
I recently helped a client migrate their Devops Pipelines to Github Actions. One of the nice features about GH is that its relatively easy to setup and use an identity provider tha...
Calling the brute(force) squad
I got this picture in my family chat recently with a the question "is this correct?" The short answer is "kinda". The long answer is this blog post :) What is Brute Forcing Put sim...
Network security concepts in school safety plans
As summer nears its end, there's a lot of discussion about how and when to reopen schools and universities. As a security professional, I can't help but see the parallels between p...
SIGRed: A new critical vulnerability Explained
Last Tuesday, as they do every second Tuesday, Microsoft released its monthly patch updates. One in particular (CVE-2020-1350) has been drawing a lot of attention. The vulnerabilit...
A Threat Overview of Contact Tracing technology
This past year, as the Covid-19 virus began to spread so did the efforts to digitize the contact tracing process. As fast as the virus grew, so did the number of technical efforts...
Cleaning up users in 1password
Recently I was helping a company audit their 1password account. Thought I'd share some useful snippets using jq and the 1password CLI tool . This command suspends users who haven't...
Shifting left with vulnerability management
Recently a friend of mine told me his company, in an effort to improve security, was launching a bug bounty program. I’m a huge fan of bug bounty programs, hiring professionals to...
Maturity in devops
As a consultant, I tend to work with a variety of clients and teams all across the product maturity spectrum. Some are just starting; maybe they have an MVP, maybe they are still b...