Security Experts:

WRITE FOR US
Chris Poulin's picture

Chris Poulin

Contact Chris Poulin

Chris Poulin brings a balance of management experience and technical skills encompassing his 25 years in IT, information security, and software development to his role as Chief Security Officer at Q1 Labs. Prior to joining Q1 Labs in July 2009, Poulin spent eight years in the U.S. Air Force managing global intelligence networks and developing software. He left the Department of Defense to leverage his leadership and technical skills to found and build FireTower, Inc., an information security consulting practice.

Recent articles by Chris Poulin

  • Lessons from Bees & Sewage: Data Security Needs More Investigative Initiatives
    A lesson from bee police and sewage scrutiny are what we need to figure out ways to tag or watermark data so we can detect illicit activity.
  • Silencing the Security Cynics
    If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
  • Awesome Security: Precision Counts - Why Being Vague is the Enemy of Security
    Specifics are critical to understanding the threat, responding to it, and assessing impact. The expression goes, “perfect is the enemy of good”; I submit that vague is the enemy of security.
  • Fight or Flight Security: Business Continuity & French Toast
    There’s no one size fits all disaster survival plan: a server compromise is vastly different than full scale nuclear attack, and both require situationally appropriate responses.
  • BYOD: One Size Risks All
    Before you join the stampede with all the organizations who have bought into the concept of unifying personal and business devices, consider that one size can risk all.
  • Don't Be Afraid To Put On Your Grey Hat
    Security should be a fascinating, dynamic, and creative pursuit. I say have fun, be creative, be criminal in your thoughts, but not your actions. The black hats who have you in their targets are having a blast.
  • The Intersection of Health Care Intelligence and Security Intelligence - Part 2
    It’s appropriate that the same type of analytics that can be used to monitor health choices and diagnose medical conditions can also detect medical fraud and exposure of ePHI.
  • Big Data, Little Devices: Security Analytics Enable Health Care Transformation
    Part 1: Why the Star Trek Medical Tricorder Didn’t have an App Store. The future of information security is looking brilliant: by the 23rd century there will be no computer hacks—at least according to Star Trek.
  • Clouds Can Be Banks, But Banks Are Not Clouds
    A cloud provider will treat each of your files the same, as they will all their customers’ data. The most striking disparity in the comparison between data in the cloud and money in the bank is that the bank knows the value of what you’re depositing.
  • In Vino Securitas: Comparing Security Intelligence and Wine Intelligence
    When it comes to security, executive management can be compared to restaurant patrons; they just want to know the perfect food and wine pairing and be assured that both are available.
  • Security Superstition
    SIEM has gotten a bad rap as difficult to deploy and maintain. Like most old wives’ tales, there is some truth at the root. Implementing early SIEMs and gaining value from them was as painful, however, all technology evolves, and today’s SIEMs have been designed to be easier to deploy and maintain.
  • Working Toward a Unified Security Model
    While there are already taxonomies for classifying vulnerabilities, this is not the case with events. We should all tap into our inner analyst to devise and embrace new categorization models.
  • Data Diodes: Super Security or Super Pain?
    The concept of a data diode isn’t new, but it’s been adopted recently in the critical infrastructure sector, and in so doing limiting the visibility needed to protect against targeted attacks. Data diodes may help protect critical infrastructure from certain attacks, but are they really practical?
  • Why You Should Put a GPS Tracker on Your Turtle
    Information security is scads more complicated than monitoring an animal that drags its mobile home around wherever it goes. On one hand we’re concerned about tracking the activities of the bad guys, but continuous monitoring is really about ensuring your assets are prepared, and not just at a moment in time.
  • Self-Aware Data? Smarter for Sure.
    I envision data as an object composed of some sort of universal code, the data, and accompanying properties. To protect the information and code, it could only be run on a system controlled by the data's owner, perhaps using a method similar to public/private key pairs, with everything being encrypted.
  • Compromise Full Disclosure: Collective Knowledge Brings Stronger Defenses
    To effectively defend yourself against an enemy, you have to think like your adversary. Put yourself in their mind, their shoes. What’s the motive? How determined are they? Will they stop at a well-hardened network perimeter or move on to other tactics, including social engineering? Once you suffer a breach, how do you share your analysis?
  • Paranormal Activity: A Possible Reality?
    Utility companies are not used to thinking in terms of data security; they've been historically concerned with the protection of hardware like transformer stations, utility poles, and electric wires, as well as consumer fraud. But soon, they'll have to change their mindset.
  • Practical SIEM Deployment
    A properly deployed SIEM can add tremendous value to an organization’s security program. This week, Chris describes how you can get the most out of an SIEM solution through proper deployment strategies.
  • Security Intelligence: A Spy Story
    SIEM vendors are all jumping on the Security Intelligence tag line, but what does it really mean? Can SIEM bring the analog of human intelligence to cyber threats and the security visibility of business intelligence to the executive boardroom?