Security Experts:

Oliver Rochford's picture

Oliver Rochford

Oliver-Christopher Rochford works for Tenable Network Security and lives in Germany.
He has over a decade of Information Security experience garnered from such diverse companies as Integralis, Qualys, Secunia and HP ESS, and has frequently written and and given interviews on the topics of Information and Offensive Security, as well as Cyber-Terrorism and Hacker Culture.

Recent articles by Oliver Rochford

  • Choosing to do unauthenticated scanning is not an option – if you want to do vulnerability assessment properly and to the fullest maximum of its potential, you have no other choice.
  • As the “Snowden leaks” continue in their revelations and unraveling of the twisted web of government surveillance, it is becoming clear that the foundation of trust in the Internet as a shared commons has been thoroughly undermined.
  • The Spiegel reports that the cyber-attack against the half-state owned telecommunications provider Belgacom was an operation executed by the UK’s GCHQ, based on documents from the Snowden leak archive.
  • The first step towards understanding and prioritizing vulnerability prioritization, as confusing and counterintuitive as it sounds, is the realization that this is not an Engineering problem.
  • When the Chinese government states that it is not behind most of these attacks – it is possibly telling the truth. That the Chinese government has offensive cyber capabilities are not disputed. What is not a given is that all of this activity has been officially prompted or sanctioned.
  • European Aeronautic Defence and Space Company (EADS) and German Industrial multinational conglomerate ThyssenKrupp, have been the target of recent cyber-exploitation attacks.
  • It remains to be seen how the big powers will come to agree on the precise rules to govern cyber operations – currently the international legal status is uncertain, but the little players had better concentrate on improving old and developing new defensive measures.
  • Cyberwar, at least the type where infrastructure or actual lives are targeted and destroyed, will not just happen for the fun of it. There are consequences to any such activity, as recent policy activity and policy makers make clear.
  • It is because of the ambiguities and problems of definition and categorization that an International Agreement on acceptable and agreed cyber operations is the wisest and safest course of action.
  • One of the main criticisms that opponents of the Cyberwar Meme raise, is that much of the reporting on the subject is sensationalist, or worse, war- or fear-mongering. Aside from the implication that anyone warning about the dangers of cyberwarfare is accused of having ulterior motives, it also implies that there is no real danger.
  • All warfare is based on deception. There is sufficient evidence to prove that China utilizes cyber-espionage, but are cyber attacks being overly attributed to China?
  • Oliver makes the case for why the way that security awareness training is often approached is flawed. But if done in the right way, Security Awareness Training can provide a lot of value and benefit the security posture greatly.
  • What can security professionals learn from the history of the Romans?Best practices do not just apply in times of crisis. They must be followed always, because attempting it when the crisis has already hit is too late.
  • Information Security Professionals hold the power that few people can understand, and correspondingly, an accompanying obligation and responsibility to use that power ethically and in the best interest of society.
  • What if Government Regulation focused on creating a realistic framework to outline and enforce security standards that vendors, manufacturers and producers have to follow and that stipulates minimum security quality requirements?
  • The Information Security Industry has contributed towards the escalation in conflict with hacktivists, providing instruction and knowledge to industry outsiders.
  • Management and business leaders will have to take note quickly, and learn to recognize information security risks as real risks to the success of their business.
  • The term "technical debt" was coined by Ward Cunningham to describe the effect of skimping during the design and implementation phase of software. So how did the technical debt bubble affect information security?
  • To a security guru, GRC feels like a waste of time. It will provide artificial challenges that make a difficult task even harder, with very little gain or advantage in return other than a report containing lists of items with a marked checkbox.
  • In addition to being a renowned theoretical physicist, Einstein was also a wizard at writing security procedures and processes. Here is a short selection of quotes from Albert Einstein, and why they are worthwhile when thinking about security.
  • Chainmail is composed of several layers of steel-ring cloth, interlocked not just in the width and length, but also through several layers in depth. That is where chainmail derives its strength, and so should any well-designed defensive security strategy.
  • Have you heard? All of our security problems will be solved. How? Each and every citizen will be issued with a unique, secure online identity, so that the originator of any and all transactions, connections and requests can be readily and easily identified. Really?
  • Most businesses do not appear to have anything even remotely resembling a real security strategy. In the case of Information Security, you must first define your goals. These goals have to be realistic and inline with the resources at your disposal.
  • Not so long ago, the problem that most security professionals had was a lack of information. Now, many of us have more information than you can throw SQL queries at. So how do you find a needle in a haystack?
  • We have an entire commercial class of security professional, but very few hackers. Where are our cyberwarriors? Where will they be when we really need them? With us, or against us?