Security Experts:

Oliver Rochford's picture

Oliver Rochford

Oliver Rochford is the Vice President of Security Evangelism at DFLabs. Oliver is a recognized expert on threat and vulnerability management as well as cyber security monitoring and operations management. He previously worked as research director at Gartner. He has worked as a security practitioner and white hat hacker for Tenable Network Security®, HP Enterprise Security Services, Verizon Business, Secunia® (now Flexera Software), Qualys®, and Integralis (now part of NTT Com Security).

Recent articles by Oliver Rochford

  • The soberer truth is that Artificial Intelligence is like the dancing bear at a circus. We are not fascinated because the bear dances well – because it doesn’t. We are fascinated that the bear dances at all.
  • Security automation is highly desirable. But this desire has been inhibited by doubt about the accuracy of the detection of threats, and fear of the consequences of automating the containment or mitigation responses.
  • The lifting of certain sanctions may provide an alternative incentive to limit certain types of cyberwar activity.
  • Einstein is often quoted as having said that insanity is doing the same thing again and again and expecting a different result. When it comes to cybersecurity, based on that definition, we must all be insane.
  • Choosing to do unauthenticated scanning is not an option – if you want to do vulnerability assessment properly and to the fullest maximum of its potential, you have no other choice.
  • As the “Snowden leaks” continue in their revelations and unraveling of the twisted web of government surveillance, it is becoming clear that the foundation of trust in the Internet as a shared commons has been thoroughly undermined.
  • The Spiegel reports that the cyber-attack against the half-state owned telecommunications provider Belgacom was an operation executed by the UK’s GCHQ, based on documents from the Snowden leak archive.
  • The first step towards understanding and prioritizing vulnerability prioritization, as confusing and counterintuitive as it sounds, is the realization that this is not an Engineering problem.
  • When the Chinese government states that it is not behind most of these attacks – it is possibly telling the truth. That the Chinese government has offensive cyber capabilities are not disputed. What is not a given is that all of this activity has been officially prompted or sanctioned.
  • European Aeronautic Defence and Space Company (EADS) and German Industrial multinational conglomerate ThyssenKrupp, have been the target of recent cyber-exploitation attacks.
  • It remains to be seen how the big powers will come to agree on the precise rules to govern cyber operations – currently the international legal status is uncertain, but the little players had better concentrate on improving old and developing new defensive measures.
  • Cyberwar, at least the type where infrastructure or actual lives are targeted and destroyed, will not just happen for the fun of it. There are consequences to any such activity, as recent policy activity and policy makers make clear.
  • It is because of the ambiguities and problems of definition and categorization that an International Agreement on acceptable and agreed cyber operations is the wisest and safest course of action.
  • One of the main criticisms that opponents of the Cyberwar Meme raise, is that much of the reporting on the subject is sensationalist, or worse, war- or fear-mongering. Aside from the implication that anyone warning about the dangers of cyberwarfare is accused of having ulterior motives, it also implies that there is no real danger.
  • All warfare is based on deception. There is sufficient evidence to prove that China utilizes cyber-espionage, but are cyber attacks being overly attributed to China?
  • Oliver makes the case for why the way that security awareness training is often approached is flawed. But if done in the right way, Security Awareness Training can provide a lot of value and benefit the security posture greatly.
  • What can security professionals learn from the history of the Romans?Best practices do not just apply in times of crisis. They must be followed always, because attempting it when the crisis has already hit is too late.
  • Information Security Professionals hold the power that few people can understand, and correspondingly, an accompanying obligation and responsibility to use that power ethically and in the best interest of society.
  • What if Government Regulation focused on creating a realistic framework to outline and enforce security standards that vendors, manufacturers and producers have to follow and that stipulates minimum security quality requirements?
  • The Information Security Industry has contributed towards the escalation in conflict with hacktivists, providing instruction and knowledge to industry outsiders.
  • Management and business leaders will have to take note quickly, and learn to recognize information security risks as real risks to the success of their business.
  • The term "technical debt" was coined by Ward Cunningham to describe the effect of skimping during the design and implementation phase of software. So how did the technical debt bubble affect information security?
  • To a security guru, GRC feels like a waste of time. It will provide artificial challenges that make a difficult task even harder, with very little gain or advantage in return other than a report containing lists of items with a marked checkbox.
  • In addition to being a renowned theoretical physicist, Einstein was also a wizard at writing security procedures and processes. Here is a short selection of quotes from Albert Einstein, and why they are worthwhile when thinking about security.
  • Chainmail is composed of several layers of steel-ring cloth, interlocked not just in the width and length, but also through several layers in depth. That is where chainmail derives its strength, and so should any well-designed defensive security strategy.