Security Experts:

WRITE FOR US
Oliver Rochford's picture

Oliver Rochford

Contact Oliver Rochford

Oliver-Christopher Rochford works for Tenable Network Security and lives in Germany.
He has over a decade of Information Security experience garnered from such diverse companies as Integralis, Qualys, Secunia and HP ESS, and has frequently written and and given interviews on the topics of Information and Offensive Security, as well as Cyber-Terrorism and Hacker Culture.

Recent articles by Oliver Rochford

  • Chinese Whispers, Chinese Lies: Analyzing Mandiant's APT1 Report
    When the Chinese government states that it is not behind most of these attacks – it is possibly telling the truth. That the Chinese government has offensive cyber capabilities are not disputed. What is not a given is that all of this activity has been officially prompted or sanctioned.
  • European Space, Industrial Firms Breached in Cyber Attacks: Report
    European Aeronautic Defence and Space Company (EADS) and German Industrial multinational conglomerate ThyssenKrupp, have been the target of recent cyber-exploitation attacks.
  • Cyberwar: The Dynamics and the Logic of Might
    It remains to be seen how the big powers will come to agree on the precise rules to govern cyber operations – currently the international legal status is uncertain, but the little players had better concentrate on improving old and developing new defensive measures.
  • Cyberwar: Breaching the Kinetic Barrier
    Cyberwar, at least the type where infrastructure or actual lives are targeted and destroyed, will not just happen for the fun of it. There are consequences to any such activity, as recent policy activity and policy makers make clear.
  • The Active Defense Folly: Exploring The Cyberwar Doctrine Debate
    It is because of the ambiguities and problems of definition and categorization that an International Agreement on acceptable and agreed cyber operations is the wisest and safest course of action.
  • Putting Cyber Warfare Into Perspective
    One of the main criticisms that opponents of the Cyberwar Meme raise, is that much of the reporting on the subject is sensationalist, or worse, war- or fear-mongering. Aside from the implication that anyone warning about the dangers of cyberwarfare is accused of having ulterior motives, it also implies that there is no real danger.
  • A Convenient Scapegoat - Why All Cyber Attacks Originate in China
    All warfare is based on deception. There is sufficient evidence to prove that China utilizes cyber-espionage, but are cyber attacks being overly attributed to China?
  • Security Awareness Training: It's The Psychology, Stupid!
    Oliver makes the case for why the way that security awareness training is often approached is flawed. But if done in the right way, Security Awareness Training can provide a lot of value and benefit the security posture greatly.
  • Digital Barbarians at the Gate: Learning from History
    What can security professionals learn from the history of the Romans?Best practices do not just apply in times of crisis. They must be followed always, because attempting it when the crisis has already hit is too late.
  • CISSP Code of Ethics: With Power Comes Obligation and Responsibility
    Information Security Professionals hold the power that few people can understand, and correspondingly, an accompanying obligation and responsibility to use that power ethically and in the best interest of society.
  • How the Government Could Improve Security Through Legislation
    What if Government Regulation focused on creating a realistic framework to outline and enforce security standards that vendors, manufacturers and producers have to follow and that stipulates minimum security quality requirements?
  • The Evolution of the Hacktivist Threat
    The Information Security Industry has contributed towards the escalation in conflict with hacktivists, providing instruction and knowledge to industry outsiders.
  • Why Bad Security is Bad Business
    Management and business leaders will have to take note quickly, and learn to recognize information security risks as real risks to the success of their business.
  • The Technical Debt Bubble and Its Effect on IT Security
    The term "technical debt" was coined by Ward Cunningham to describe the effect of skimping during the design and implementation phase of software. So how did the technical debt bubble affect information security?
  • The Compliance Paradox - The Love-Hate Relationship with GRC
    To a security guru, GRC feels like a waste of time. It will provide artificial challenges that make a difficult task even harder, with very little gain or advantage in return other than a report containing lists of items with a marked checkbox.
  • Einstein on Security Procedures and Processes
    In addition to being a renowned theoretical physicist, Einstein was also a wizard at writing security procedures and processes. Here is a short selection of quotes from Albert Einstein, and why they are worthwhile when thinking about security.
  • Chainmail: A Great Model for a Solid Security Strategy
    Chainmail is composed of several layers of steel-ring cloth, interlocked not just in the width and length, but also through several layers in depth. That is where chainmail derives its strength, and so should any well-designed defensive security strategy.
  • National Internet IDs: Putting All Our Eggs in One Basket?
    Have you heard? All of our security problems will be solved. How? Each and every citizen will be issued with a unique, secure online identity, so that the originator of any and all transactions, connections and requests can be readily and easily identified. Really?
  • Security Strategy? What Strategy?
    Most businesses do not appear to have anything even remotely resembling a real security strategy. In the case of Information Security, you must first define your goals. These goals have to be realistic and inline with the resources at your disposal.
  • Attracting the Needle in the Haystack
    Not so long ago, the problem that most security professionals had was a lack of information. Now, many of us have more information than you can throw SQL queries at. So how do you find a needle in a haystack?
  • Where are the Cyber Warriors?
    We have an entire commercial class of security professional, but very few hackers. Where are our cyberwarriors? Where will they be when we really need them? With us, or against us?
  • Generation InsecuritY - Is the Internet a Fundamental Necessity?
    A recent survey from Cisco implies that Generation Y is in some way less security savvy, or at least, less security responsible, than their older contemporaries. This is of course a huge oversimplification.
  • Hacking Scandal Spreads to Government. Are You Four Digits Away From a Security Breach?
    A bunch of technically unskilled attackers managed to circumvent the national security precautions of the United Kingdom by exploiting an unsecured 3rd party. How vulnerable is your organization to these types of attacks?
  • Who Watches the Watchers?
    In the wrong hands, Security Solutions can turn into weapons or tools of slavery and oppression. The people usually involved in deciding in who’s hands these tools end up, are sadly often torn between conflicting interests, like sales targets.
  • Control: The Scariest Thing about Securing Mobile Devices
    Mobile devices share basic components as a PC, but that is truly where the similarities end. The differences are far more important than the shared points, and will scupper most traditional security approaches, which all hinge on one really simple idea.