Cyber Security isn't Easy!!!
Hey, Derek here.
It feels like there are two camps in infosec, detect and respond only or protection only. With so many security tools and so many frameworks, not to mention the regulations, how do we check the box and defend against an aggressive adversary?
Not much has changed in 23 years, we are still very reactive. I created this website and the "Cyber Threat Weekly" newsletter to help address the ever evolving threat landscape. We're going to keep an eye on cyber threats, cyber criminals, novel behavior, ransomware RaaS services, and more.
By trending cyber threats we can prioritize the most prolific behaviors and watch for up and coming novel behavior. We can be proactive as certain behaviors become prevalent.
What can you expect from 31337 InfoSec?
To start, the weekly newsletter delivered on Tuesday mornings, giving you a chance to get your week started. Articles on various cybersecurity topics tagged "been thinkin".
Lot's of free infosec content and paid content for those who want to support this site and enjoy more robust knowledge. This is a website where I can share lessons learned from 23 years of information security practitioner work. You will never see ads, no click bait, no bs.
Simple Values:
- Integrity, first and foremost
- Honesty
- Curiosity
- Simplicity, as much as possible
Having a tendency to write like I speak, my grammar and punctuation may not be perfect. You'll receive well researched infosec content, written by me, no AI only written content here, I may experiment with AI sentence clean up. You may even see some video content created by me.
Feel free to check out articles I have posted on LinkedIn:
- Today’s Threat Landscape - The Defenders Nightmare
- Cybersecurity is Broken, but Why?
- Thinking Differently About Cybersecurity
- Beating the Adversary at Their Own Game!
Google 'derek krein + security', you'll see articles dating back to 2001,
webinars, and speaking engagements. Learn more about me, if you like the content, there’s plenty more to come. Drop me a line, ask a question, send me
topics you’re interested in. I may just do a blog post on your question or topic.
How my Information Security Career Started
I fell into infosec after getting laid off from Northrup Grumman working on F-14 Fighter Aircraft, due to the aircraft being retired. The same week Raytheon had an open house for IT administrative positions and the Navy Marine Corps Intranet.
I knew I would get laid off, so I spent a year going to school for A+ and MCSE as well as studying for my Cisco CCNA. Also holding a DoD secret clearance, I was asked if I would be interested in security, sure, why not. Almost like it was meant to be.
After a year, my buddy persuaded me to perform information security work with him at US Joint Forces Command (USJFCOM). We were responsible for certification and accreditation of certain networks at USJFCOM. I got the first authority to operate (ATO) in USJFCOM history for J9 the Joint Experimentation Directorate.
My security program was adopted and used as the official USJFCOM certification and accreditation process. After that I volunteered to build a secure Wi-Fi program for J9. Invited to speak at numerous federal security conferences, quoted in numerous federal magazine articles, and winning two prestigious awards along the way.
Was privileged to be invited to the Pentagon to sit on the Wireless Technical Working Group. Sharing what we learned building secure Wi-Fi for the J9 and sharing other Wi-Fi pioneers in the DoD so they get multiple perspectives. I received a Letter of Appreciation from the Pentagon CIO.
I was founder and CTO of a security consulting company, performing specialty work for the DoD. After a hiatus while taking care of my late girlfriend who passed away from colon cancer, I moved to the St. Louis area and started working for Charter Communications as a security architect.
After Charter, I worked as a Sr security architect for a credit card processor, a client solutions architect at Optiv, and finally my current position is Security Services Director at SafeBreach, a continuous security validation company. I built the security services program from the ground up and lead the services team.
Before Information Security?
Been interested in technology, pretty much my whole life. High school included an electronics program that was like a major spanning two periods and they even paid for us to take courses at night at the local community college. I also took computer science classes.
From there I enlisted in the US Navy, choosing an advanced avionics program called Advanced First Term Avionics (AFTA). After 16 months of school, I finally hit the fleet and worked on helicopters. After my sea tour, I went to shore duty and worked on a gigantic 1970's computer system called VAST.
Getting out of the Navy, I started working on F-14 fighter aircraft, essentially installing a computer network in the aircraft. We integrated a bunch of systems into the aircraft, at one time the F-14 was the only all missions capable fighter aircraft. And if you made it this far, you know the rest of the story from here.