David Monahan

David is a senior information security executive with several years of experience. He has organized and managed both physical and information security programs, including security and network operations (SOCs and NOCs) for organizations ranging from Fortune 100 companies to local government and small public and private companies. He has diverse audit and compliance and risk and privacy experience such as providing strategic and tactical leadership to develop, architect, and deploy assurance controls; delivering process and policy documentation and training; and working on educational and technical solutions.

Recent Posts

Damballa and Bit9 + Carbon Black Collaborate to Deliver Better Security with More Context

By David Monahan on Oct 28, 2014 1:54:17 PM

 

Continue Reading

Thoughts on Splunk .conf 2014

By David Monahan on Oct 24, 2014 10:43:42 AM

This week, Las Vegas hosted some 3500 people at the MGM Grand to mark Splunk .conf14, the annual user gathering for Splunk customers, referred to as “Splunkers”. For those of you not in the tech industry, spelunking, or the act of exploring caves, may come to mind. The theme of the conference was not cave exploration, but data exploration; however, the analogy of cave exploration actually aligns very well. “Splunkers” are diving into their data, delving deep into places that many have never explored before. Each of them finding new and cool ways to use the data that they have been collecting for years, just-in-case they ever needed it.

Continue Reading

Dell SecureWorks and Risk I/O team up to deliver a better kind of Vulnerability Management

By David Monahan on Apr 29, 2014 11:56:20 AM

On April 23rd, 2014 Dell announced its new Vulnerability Threat Monitoring and Prioritization service delivered through the SecureWorks Counter Threat Platform.  This managed service was created to expand the current Vulnerability Management offerings and increase customer value by creating the ability for customers to integrate their own vulnerability management systems.  With the additional context provided through Risk I/O, remediation and mitigation prioritization are done less in a bubble of the operational environment and more in context with the Internet threat universe.

Continue Reading

Gaining Data Control with BYOD and Bluebox

By David Monahan on Apr 22, 2014 10:51:06 AM

What’s the issue with BYOD? Data Control… What’s the issue with Data Sharing? Data Control!

Continue Reading

Symantec CyberWar Games Provide Valuable Cyber-Insight

By David Monahan on Mar 3, 2014 6:40:11 PM

The emotions oscillate between high frustration and high jubilation as I observe cyber-attack teams’ hacking activities against an unnamed financial institution…

Continue Reading

CA Analyst Symposium- CA is Changing

By David Monahan on Mar 3, 2014 6:39:56 PM

I had an interesting experience a few weeks ago.  I went to NYC to brief with CA Technologies.  I spent a full day speaking in group sessions with some of its top executives including CEO, Mike Gregoire, EVP Technology and Development, Peter Griffiths, EVP Strategy and Corporate Development Jacob Lamm, as well as a 1 on 1 meeting with GM of Security Management Mike Denning,.  I found their discussions and candor on the changes and advancements within CA VERY refreshing; more so than I would have expected from what I perceived as a “monolithic behemoth” such as CA.
Continue Reading

Security Awareness Programs Are Not just For Compliance

By David Monahan on Jan 16, 2014 8:35:20 PM

I see a significant gap in not only how the need for Security Awareness training is perceived as needed but also in the general quality of the programs and training delivered vs other types of training.  In many cases small companies avoid security awareness training due to ignorance, cost fears, or fears it will stifle their culture of creativity.  This research project is structured to give CIO’s, CISO’s, and other security and IT managers the data to motivate them to provide in security awareness training programs thereby bringing about change in their organizations.

Continue Reading

Last minute 2014 RSA Boycotts Hurt Attendees not RSA

By David Monahan on Jan 16, 2014 8:35:19 PM

With all of the negative attention that the NSA – RSA relationship (or deal) has been getting, many are fired up.  If the deal went down anything like it has been reported by Reuters, then rightfully so.  However, the last minute boycotts of the RSA event to show disapproval are a bit much.

Continue Reading

ForeScout Technologies has a Knack for NAC (and more) with ControlFabric and CounterACT

By David Monahan on Jan 16, 2014 8:35:02 PM

Recently I briefed with ForeScout Technologies, a Network Admission/Access Control (NAC) vendor, to get an update on the CounterACT platform it has been delivering and developing for a few years and to see its recently announced ControlFabric technology.  I thought it wise to take another look at NAC vendors and how they address BYOD, rogue, or non-compliant devices that can be the source of many compliance and security headaches including advanced/targeted threats.

Continue Reading

Recent Surveillance “Revelations” Part 2- What can we do?

By David Monahan on Jan 16, 2014 8:34:55 PM

I hope you were able to read part 1 of this blog prior to coming to this part as it really sets the stage.
Continue Reading
  • There are no suggestions because the search field is empty.

Lists by Topic

see all

Posts by Topic

see all

Recent Posts