About
Cybersecurity leader with international experience solving complex enterprise-level risk…
Articles by Adam
-
Useless metrics and how you can stop creating them
Useless metrics and how you can stop creating them
By Adam Tyra
Activity
-
Bushmaster 6, Beast 6, and Crazyhorse 6. Half the Company Commanders from 1st Battalion, 5th Cavalry Regiment in OIF 07-08 (really 06-08 😩). We…
Bushmaster 6, Beast 6, and Crazyhorse 6. Half the Company Commanders from 1st Battalion, 5th Cavalry Regiment in OIF 07-08 (really 06-08 😩). We…
Liked by Adam Tyra
-
At-Bay's recently-released 2024 InsureSec report revealed that insureds operating Fortinet VPN solutions were 5 times as likely to file a ransomware…
At-Bay's recently-released 2024 InsureSec report revealed that insureds operating Fortinet VPN solutions were 5 times as likely to file a ransomware…
Shared by Adam Tyra
-
When I heard that we were expanding coverage to companies with $5B in revenue with limits up to $10M, I thought, that's big risk! A lot of these…
When I heard that we were expanding coverage to companies with $5B in revenue with limits up to $10M, I thought, that's big risk! A lot of these…
Shared by Adam Tyra
Publications
-
Critical resilience: Adapting infrastructure to repel cyber threats
McKinsey & Company
As the digital world becomes increasingly connected, it is no longer possible for infrastructure owners and operators to remain agnostic in the face of evolving cyber threats. Here’s what they can do to build an integrated cyber defense.
Other authorsSee publication -
Robustness of non-interdependent and interdependent networks against dependent and adaptive attacks
Physica A: Statistical Mechanics and its Applications
Robustness of complex networks has been extensively studied via the notion of site percolation, which typically models independent and non-adaptive attacks (or disruptions). However, real-life attacks are often dependent and/or adaptive . This motivates us to characterize the robustness of complex networks, including non-interdependent and interdependent ones, against dependent and adaptive attacks. For this purpose, dependent attacks are accommodated by L-hop percolation where the nodes…
Robustness of complex networks has been extensively studied via the notion of site percolation, which typically models independent and non-adaptive attacks (or disruptions). However, real-life attacks are often dependent and/or adaptive . This motivates us to characterize the robustness of complex networks, including non-interdependent and interdependent ones, against dependent and adaptive attacks. For this purpose, dependent attacks are accommodated by L-hop percolation where the nodes within some L-hop (L≥0) distance of a chosen node are all deleted during one attack (with L=0 degenerating to site percolation). Whereas, adaptive attacks are launched by attackers who can make node-selection decisions based on the network state in the beginning of each attack. The resulting characterization enriches the body of knowledge with new insights, such as: (i) the Achilles’ Heel phenomenon is only valid for independent attacks, but not for dependent attacks; (ii) powerful attack strategies (e.g., targeted attacks and dependent attacks, dependent attacks and adaptive attacks) are not compatible and cannot help the attacker when used collectively. Our results shed some light on the design of robust complex networks.
Other authors -
-
The Cyber Army of Things
Cyber
The massive distributed denial of service attack that occurred in October 2016 dramatically realized the fears of security researchers regarding cyber risks due to insecure design in the “Internet of Things.” Given the advancing complexity of malware, defenders can assume that future attacks from connected devices will likely be far more sophisticated than the packet-flooding denial of service perpetrated by the Mirai botnet. Increasingly capable connected devices will cause real-world physical…
The massive distributed denial of service attack that occurred in October 2016 dramatically realized the fears of security researchers regarding cyber risks due to insecure design in the “Internet of Things.” Given the advancing complexity of malware, defenders can assume that future attacks from connected devices will likely be far more sophisticated than the packet-flooding denial of service perpetrated by the Mirai botnet. Increasingly capable connected devices will cause real-world physical damage. The shortfall apparent in our defensive planning will need a solution sooner than we think.
-
The robot security analysts are coming... but not today
Cyber
Tool vendors have recognized the potential of machine learning and are hard at work building platforms to automate security monitoring in order to solve manpower and resource shortages. However, viable solutions that can replace even low-level analysts might be further than we think. In this article we’ll discuss why adversary detection is a fundamentally larger and more difficult problem than other applications of analytics and why security analytics tools probably won’t replace human analysts…
Tool vendors have recognized the potential of machine learning and are hard at work building platforms to automate security monitoring in order to solve manpower and resource shortages. However, viable solutions that can replace even low-level analysts might be further than we think. In this article we’ll discuss why adversary detection is a fundamentally larger and more difficult problem than other applications of analytics and why security analytics tools probably won’t replace human analysts anytime soon.
-
Crafting an Effective Cyber Deception
Cyber
This article will focus on crafting deceptions for the defense. Deceptions can be created using practically any means available, and the utility of deception as a defensive tool extends far beyond detection and research. However, unlike other cybersecurity tools, deception doesn’t come with a user guide. Many defenders struggle to deploy deception effectively, and this has resulted in a loss of stakeholder confidence in deception as a worthwhile use of resources. By examining specific…
This article will focus on crafting deceptions for the defense. Deceptions can be created using practically any means available, and the utility of deception as a defensive tool extends far beyond detection and research. However, unlike other cybersecurity tools, deception doesn’t come with a user guide. Many defenders struggle to deploy deception effectively, and this has resulted in a loss of stakeholder confidence in deception as a worthwhile use of resources. By examining specific difficulties that many organizations experience with deception tactics, defenders can gain insight into the conditions required for success in cyber deceptions. This insight can then be combined with a basic deception methodology and a bit of adversary focus to craft effective cyber deceptions that enhance security and lead attackers down the path to defeat.
-
Your SecOps Don't Catch Bad Guys and Waste Your Money. We Know Why!
RSA Conference USA 2016
Traditional SecOps aren’t adversary focused, but they should be! By integrating threat intelligence with an adversary-focused operational cycle of deliberately planned security operations, organizations can deploy an active defense specifically targeted at protecting critical resources and resulting in improved return on investment for the enterprise security budget.
Other authors -
Enhancing your security operations with Active Defense
EY
An organization’s intellectual property and critical business systems have substantial
monetary value, and organization leaders expect their security programs to keep the data
secure and the attackers out. To this end, the effectiveness of the organization’s security
operations can be significantly enhanced by an Active Defense guided by deliberate
planning, a defined strategic end-state and an adversary focus. By organizing and
integrating the organization’s existing security…An organization’s intellectual property and critical business systems have substantial
monetary value, and organization leaders expect their security programs to keep the data
secure and the attackers out. To this end, the effectiveness of the organization’s security
operations can be significantly enhanced by an Active Defense guided by deliberate
planning, a defined strategic end-state and an adversary focus. By organizing and
integrating the organization’s existing security operations, Active Defense can help reduce
the number of successful targeted attacks and decrease the amount of time that intruders
can operate before being ejected from the network.Other authorsSee publication -
Challenges to the Tactical Cyber Defense
Cyber
A description of cultural, organizational, and technological challenges to conducting Defensive Cyberspace Operations (DCO) in tactical unit headquarters
-
Active Defense: Security Operations Evolved
The Cyber Defense Review
Fighting evil consistently requires you to proactively investigate it, hunt it down, and kick in the door where you find it. Organizations must evolve their security operations to hunt intruders and either eradicate them from the network or confirm that they were not there in the first place.
By integrating timely threat intelligence, security practitioners can deploy an active defense specifically targeted at critical resources rather than focusing on the outer perimeter. Defenders will…Fighting evil consistently requires you to proactively investigate it, hunt it down, and kick in the door where you find it. Organizations must evolve their security operations to hunt intruders and either eradicate them from the network or confirm that they were not there in the first place.
By integrating timely threat intelligence, security practitioners can deploy an active defense specifically targeted at critical resources rather than focusing on the outer perimeter. Defenders will improve their effectiveness, and attackers will seek out softer targets.
The term “Active Defense” has been used, abused, and misconstrued. Learn how to expose your cyber enemies and eradicate them from your network by leveraging anomaly analysis, active hunting, cyber-recon by fire, and clear-and-hold missions. We’ll discuss these and other tactics to show why the best defense is an active defenseOther authorsSee publication -
Shimming for Persistence
BSides: San Antonio
A presentation describing the use of dynamically linked library (DLL) and shared object (SO) "shimming" to enable persistence and code injection for malicious software.
-
A Characterization of Complex Network Attack Resilience
MS Thesis
A study of simulated dependent and adaptive attacks against several classes of complex networks
Other authors -
More activity by Adam
-
At the RSA conference this week... One of the big announcements for the event is CISA's Secure By Design pledge. Many technology leaders have signed…
At the RSA conference this week... One of the big announcements for the event is CISA's Secure By Design pledge. Many technology leaders have signed…
Posted by Adam Tyra
-
Longbow is hiring - Software Engineers, Product Marketing, Security Research, Solution Architects, Customer Success, and more. Come join Longbow…
Longbow is hiring - Software Engineers, Product Marketing, Security Research, Solution Architects, Customer Success, and more. Come join Longbow…
Liked by Adam Tyra
-
So I saw my neighbor at the RSA Conference today. It was fun to talk shop about email security rather than, you know, mulch... Shows that the…
So I saw my neighbor at the RSA Conference today. It was fun to talk shop about email security rather than, you know, mulch... Shows that the…
Liked by Adam Tyra
-
✨ Touchdown at RSA Conference 2024! ✨ The energy is electric as we dive into what promises to be an exhilarating week. 🚀 Don't miss the chance to…
✨ Touchdown at RSA Conference 2024! ✨ The energy is electric as we dive into what promises to be an exhilarating week. 🚀 Don't miss the chance to…
Liked by Adam Tyra
-
It's with mixed emotions that I announce my resignation from Protiviti after an incredible 12 years. I'm extremely grateful for the impactful…
It's with mixed emotions that I announce my resignation from Protiviti after an incredible 12 years. I'm extremely grateful for the impactful…
Liked by Adam Tyra
-
Troy Wilkinson, the CISO at Interpublic Group (IPG), is joining MightyID as our newest Advisory Board member. Wilkinson's impressive career has…
Troy Wilkinson, the CISO at Interpublic Group (IPG), is joining MightyID as our newest Advisory Board member. Wilkinson's impressive career has…
Liked by Adam Tyra
-
At-Bay is growing! We are actively hiring for a number of roles across the Southeast and country. I am currently looking to fill 3 (!!) open…
At-Bay is growing! We are actively hiring for a number of roles across the Southeast and country. I am currently looking to fill 3 (!!) open…
Liked by Adam Tyra
-
When your husband is the one guy working in crypto that wears a suit and tie, probably because he is a tax attorney. 😄 Exited to see Jason M. Tyra…
When your husband is the one guy working in crypto that wears a suit and tie, probably because he is a tax attorney. 😄 Exited to see Jason M. Tyra…
Liked by Adam Tyra
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Adam Tyra
2 others named Adam Tyra are on LinkedIn
See others named Adam Tyra