Top 10 Security, Business, and Technology books of 2017

I've compiled my annual list of top books.  Not your typical top ten list.  Check it out at OODA Loop


Best Security, Business, and Technology Books of 2016

"Dozens of times per year, I get asked to recommend my favorite books so I couldn’t say no when the OODA Loop team asked me to build on Mark Mateski’s popular Red Teaming book list by providing my top 10 books for 2016. I have very eclectic interests, so I’ve focused my list on the top security, business, and technology books of 2016. Given that I’ve always drawn on fiction for both inspiration and insight, the list also includes three very compelling works of fiction that should be of interest to those in the security and technology fields. Please feel free to share your thoughts and recommendations with me via twitter @MattDevost. Happy reading!" Source: OODA Loop - Best Security, Business, and Technology Books of 2016


Autonomous AI guards to stalk the internet fighting hackers

"The Grand Cyber Challenge at the Black Hat cybersecurity conference in Las Vegas pitted artificial intelligences against each other, while their human creators sat back and watched. Fighting for a $4 million prize pot from the US Defense Advanced Research Projects Agency (DARPA), each AI tried to hack its opponents’ computer systems. They sought weak spots and figured out how to exploit them while defending their own computers. The sophistication of the artificial hackers impressed many of those present. ‘This really caught me by surprise,’ says Matt Devost of cybersecurity firm FusionX in Washington DC. It could transform the security scene in the next 10 years, he says." Source: Autonomous AI guards to stalk the internet fighting…


Ransomware: Lucrative, fast growing, hard to stop

"'I imagine it will hit into the millions of dollars, if they are able to infect some of the right types of targets in an enterprise environment,' said Devost. Like smart start-up CEOs, the hackers are testing the market and refining the business model. As the vast majority of attacks are likely settled without going public, more research is needed to figure out just how profitable the business really is, said experts. Unlike the criminal networks, which often share information freely, many of the victims do not." Source: Ransomware: Lucrative, fast growing, hard to stop


Ransomware Poses a Rising Threat to Hospital Operations

"Because of the potential to disrupt their operations, hospitals are logical targets for attacks. If infected, they may have little choice but to pay the ransom—and quickly, said Matt Devost, CEO of security consultancy FusionX, which is now owned by Accenture. 'If I target a midtier, medium-sized business and encrypt their data, there is probably a period of time during which they can operate without access to their data,' he told eWEEK. 'With hospitals, that is not the case, and that makes them a ripe target.'" Source: Ransomware Poses a Rising Threat to Hospital Operations


How accurate is Mr. Robot? The show’s data, password, and smart home dangers.

"It’s often as simple as that. When I was researching my book, Dark Territory: The Secret History of Cyber War, Matt Devost, president and CEO of the cybersecurity firm FusionX, told me about his days running the ‘red team’ in war games that tested the vulnerability of NATO communications systems. In one game, Devost was having a hard time cracking the commanding general’s password. So he looked up his biographical sketch on a military website, tried out some of the personal details it cited, and finally hit gold by combining ‘Rutgers,’ where the general’s son was attending college, with a two-digit number, which a commercially available random-numbers generator guessed in less than a second." Source: How accurate is Mr. Robot? The show’s…


Can hackers sway public opinion with DNC and NSA leaks?

"'The first entree into cyberconflict isn’t physical destruction,' says Matthew Devost, President of FusionX, a cybersecurity and risk management company. 'If an airplane with 200 people falls out of the sky, it’s very easy to determine our response. But with the DNC hack, the impact isn’t as tangible.'" Source: Can hackers sway public opinion with DNC and NSA leaks? - CSMonitor.com


HfS #CyberChat w Accenture’s Matt Devost

"In this edition of #CyberChat, Fred McClimans of HfS Research sits down with Matt Devost, Managing Director of Accenture's Vulnerability and Threat Intelligence Practice to discuss the state of Cyber Security and the trends moving enterprise security forward." Source: HfS #CyberChat w Accenture's Matt Devost - YouTube


Hacking Mr. Robot, week 7.

"Slate and Future Tense are discussing Mr. Robot and the technological world it portrays throughout the show’s second season. You can follow this conversation on Future Tense, and Slate Plus members can also listen to Hacking Mr. Robot, a members-only podcast series featuring Lily Newman and Fred Kaplan. In this episode of Hacking Mr. Robot, Fred and Lily discuss Episode 8: ‘eps2.6succ3ss0r.p12.’ They’re joined by special guest Matt Devost, a cybersecurity expert and the CEO of FusionX." Source: Hacking Mr. Robot, week 7.


Startup investors are looking to hackers for help on smart bets

"‘I’d say we have really seen a growth in that particular market over the last five years,’ said FusionX CEO Matthew Devost, referring to an uptick in revenue for his business from services purchased by investors. Devost’s company, which was acquired by Accenture in August 2015, leverages offensive cyber capabilities to test clients' digital defenses.  FusionX is traditionally employed by investors to conduct tests during a pre-funding stage or in preparation of a merger, acquisition or initial public offering, said Devost. In the past, FusionX has worked closely with clean-tech, biotech and several large software companies to improve cybersecurity on behalf of their investors. Currently, the Reston, Va.-based cybersecurity company is…


What a real cyber war would look like

"In a hot cyber war, the first line of attack would not be like on Star Trek, with spectacular bursts of sparks flying out of computers. Instead it would be a stealth attack on the enemy’s military command and control infrastructure, to keep it from being able to strike, said Matt Devost, managing director of Accenture Security and a special government advisor to the U.S. Department of Defense. The problem is that much like nuclear attacks, no one wants to let the genie officially out of the bottle. Certainly the United States and Europe benefit the most from a free and open Internet, so weaponizing it is not a step taken lightly." Source: What a real cyber war would look like


Every Cyber Attacker is an Insider

"What enterprise executives need to realize is that in today’s environment, every cyber attacker is a potential insider. Given the prevalence of BYOD (bring your own device), supply chain integrity issues, foreign travel, and the plethora of successful spearphishing campaigns, executive leadership needs to operate on a presumption of breach basis and work on reducing their attack surface through red teaming, early detection of attacks, thwarting lateral movement through the enclaving of critical systems, and having robust incident management plans in place before the breach occurs." Source: OODA Loop - Every Cyber Attacker is an Insider


10 Red Teaming Lessons Learned Over 20 Years

I've written a few popular blog posts over at OODA Loop. Here is one I did on red teaming lessons learned. "I often get asked what lessons I’ve learned over the past twenty years, so I started putting together this list of 10 lessons learned over 20 years of red teaming a few years ago. Given that I’ve officially hit the twenty year mark, I figured it was time to hit the publish button. While many of these feel like concepts, vice lessons learned, I hope the reader finds them thought provoking as they formulate and execute red teams of their own. As always, feedback and comments are welcome. This article is also posted at Red Team Journal if you’d like to discuss it there." Source: OODA Loop - 10 Red Teaming Lessons Learned Over 20……


Virtual Reality paper from 1993

Before Neo awakened to the existence of the Matrix and before Mark Zuckerberg donned his first Oculus Rift VR goggles, I was writing about the relationship between immersive virtual reality, philosophy, and human behavior (adopting a position of do no harm). I've mentioned this essay several times over the past couple of decades and finally located a copy to preserve here for easy linking. I don't recall what the title was and it wasn't captured in my Word Perfect file with this text, nor was the bibliography for the paper. The world is your exercise book, the pages on which you do your sums. It is not reality, although you can express reality there if you wish. You are also free to write nonsense, or lies, or to tear the…


What Dan taught me

Over 20 years ago, I was an unknown graduate student at the University of Vermont with an unpopular research idea. I was convinced that our increasing dependence on inherently vulnerable critical infrastructure presented an emerging national security issue. Few others were similarly convinced. Then I somehow caught the attention of Dan Kuehl at the National Defense University and on a trip to Washington DC he invited me to visit his office. I ended up spending the entire afternoon with Dan who entertained all of my questions, walked me through the halls of NDU, introduced me to all his colleagues, and bought me lunch. The most critical thing Dan did was encourage me to keep going with my research. Little did I know at the time, but…


Virtual Tradecraft Paper outline from 2006

Capturing this here for posterity. A friend in the intelligence community got me interested in Second Life which lead to putting together some thoughts on the intelligence implications of virtual worlds. We were talking about this seven years ago... Virtual Tradecraft 2006