On this page you will find several videos, documents and presentations I have created on the topic of security monitoring and incident response over the years. I hope some of them can give be of inspiration to you. Let me know if they are.
The following are recordings of two of the presentations.
I have written quite a bit over the years. Mostly it has been shorter posts and articles, but I've also written a couple of long-reads. I've put a couple of them them here for your reading pleasure.
On tuesday the 26th of August, the Norwegian national CERT, NorCERT issued a press release informing the public about a large notification effort. In cooperation with NVE and PTIL, NorCERT notified around 300 companies about a severe data breach attempt hitting parts of the Norwegian energy sector.
We read about espionage in the papers almost weekly, but can you tell me how your company expects to be hit by cyber espionage? If not, you are in good – or perhaps bad – company. Threat perception is still a challenging area for most, and poor threat perception will render you vulnerable. It's time to change that. It's time to start understanding the attacker. Say hello to «the Four M’s of Espionage».
This essay is about our adversaries' target development process, and about how I believe a base rate fallacy on our part makes us blind to important parts of it. We tend to mix up "being prioritized targets" with "being obvious targets", and that’s the topic I want to comment on in this essay. But I want to do that by telling you a story, and our story begins in Russia – but maybe not in the way you expect.
The following presentations are more or less variations over the same topic, and the topic is tactical incident response. Tactical response will be explained in the presentations, but in once sentence it is response tailord to fighting your adversaries' goal and mission, not primarily their technical foothold – although that of course is an importent part of your containment and eradication execution.
This presentation provides an overview of the modern CSIRT, aiming to enhance understanding of security monitoring and incident response. It explores the need for a tactical approach to effectively respond to advanced threats, and how covertly uncovering an attacker's tactics within your infrastructure is necessary to develop an appropriate and effective response strategy.
This presentation is an extended version of the «FIRST TC Oslo 2015 presentation».
Reflections on CSIRT roles and Tactical Response.
A brief walk-through of CSIRTs and Tactical Response.
A brief walk-through of CSIRTs and Tactical Response.
The following presentations are on a slightly more broad variety of topics, but still mostly on the topic of threat intelligence and incident response.
2016-11_30_The-Cyber-Threat-Intelligence-Matrix_Frode-Hommedal_Telenor_clean.pdf
2017-03-15ctimred-pill-170701152605.pdf
2017-11-10_apt-eviction-red-pill.pdf
2019-08-27_Detect-Respond_Hommedal-Sikkerhetsfestivalen_final.pdf
2020-10-14_DSB-Digital2020_Digitale-utfordringer_Frode-Hommedal-PwC-final.pdf