Paul's Blog


2014 Cybersecurity Innovation Forum at the Baltimore Convention Center


CSFI Participates in the 2014 Cybersecurity Innovation Forum at the Baltimore Convention Center.

The 2014 Cybersecurity Innovation Forum was a three-day event sponsored by the National Cybersecurity Center of Excellence (NCCoE) with the Department of Homeland Security, the National Institute of Standards and Technology, and the National Security Agency.  Approximately 700 Cyber Security professionals attended the event in spite of sub-zero temperatures and snow in Baltimore.

Phil Venable, the Chief Information Risk Officer at Goldman Sachs, kicked off the event with a superb presentation discussing innovation and insights at Goldman-Sachs over the last decade and reminded us all of the participants that the fundamental lessons from the 1970s forward still applied to trusted computing today.  He also stressed the difference and importance of understanding the differences in “being secure” vice “providing security.”  All cyber professionals should also be heartened by Phil’s recommendations to improve not only the quantity of cyber security professionals across the various sectors, but their productivity through sound practices as well.  Please contact Phil for a copy of his briefing, I think you would find it very insightful.

Major themes throughout the forum included emphasis on the POTUS-directed Voluntary Cyber Security Framework (NIST), implementation of STIX & TAXII as new standards for information sharing, and changing the economics of cyber protection.  STIX is a data exchange format, and TAXII is the transport mechanism.  Michael Daniel, Special Assistant to the President & Cybersecurity Coordinator, White House, shared the NSS key perspectives on current cyber issues 1) The threat is real, but it is not a movie script, 2) the threat is becoming broad and diverse, 3) it is more sophisticated, and 4th) cyber threats have reached a point where they are now capable of being destructive.  Michael also stressed the need to “flip the economics of cyber defense in favor of the defender.”  Several of the speakers and panels followed up on this idea, and presented ideas for making attackers devote more resources to their operations, hopefully making it less lucrative for them.  Yes, this should remind us of the US strategy for bringing down the Iron Curtain, though I hope we can do it for less!

TAXII and STIX received consistent and repeated calls for support from NIST, DHS and Industry representatives as the “format of the future” with several of the Industry vendors openly stating they were actively investing significant internal funds to adopt these standards, and to make STIX the baseline format for their products.  Many of the participants and panel members supported the move to STIX as a substantive and effective way to improve Information Sharing needed for overall increased security.

Participants supported the cyber Eco-system theme and added their particular twists to it, including pushes to consider health care analogies.  In this case, we should think of STIX and TAXII as the first coordinated method to improve the “immune system” of shared cyberspace.

The NIST Voluntary Framework is slated to be released on 14 February 2014 and we should all become familiar with it as soon as possible.  You can expect to see gaps and seams in the Framework, but each one should be viewed not as a short-coming, but an opportunity for innovation and solutions.  We also need to understand the language of the Framework, and be ready to assist our agencies, clients and teammates putting requirements and needs into the same language.  Doing this will enhance communication during operations, and ensure that proposals, bids and work plans are understood and meet Government and Industry expectations.

The 2014 Cybersecurity Innovation Forum was a great venue.  The hosts, sponsors and Baltimore Convention Center staff did a superb job putting it together and executing the event.  The Forum was set up along four tracks; Trusted Computing, Security Automation, Information Sharing, and Research with several Plenary sessions and Panels each day.  Thanks very much to Paul De Souza for arranging the pass to ensure a member of CSFI was able to attend and report back to our members.  I recommend everyone view the full agenda and presentation list is at: — contact the presenters with questions.


Robert A. Morris, Colonel (ret), USAF
CSFI Advisory Director

Filed under: Uncategorized

IOC Bucket – CSFI – SBG Solutions Event at the US Naval Academy


CSFI Team From left to right:
Roger Kuhn (Command Science Advisor, Navy Expeditionary Combat Command (NECC), Warfare Programs & Readiness (N8), CSFI Fellow)
Robert Johnston (IOC Bucket CEO, CSFI Fellow)
Paul de Souza (CSFI Founder President)
Norman R. Hayes Rear Admiral (ret.), US Navy, CSFI Advisory Board of Directors, Former Director of the Intelligence Headquarters, EUCOM (J-2), Vice President Cybersecurity and Intelligence Strategies, SBG Technology Solutions, Inc.
USAF Captain Amanda Mason (International Policy Operations Officer at United States Department of Defense, CSFI Fellow)

Norman R. Hayes Rear Admiral (ret.), US Navy Former Director of the Intelligence Headquarters, EUCOM (J-2) CSFI Advisory Board of Directors Vice President Cybersecurity and Intelligence Strategies, SBG Technology Solutions, Inc.

Norman R. Hayes
Rear Admiral (ret.), US Navy
Former Director of the Intelligence Headquarters, EUCOM (J-2)
CSFI Advisory Board of Directors
Vice President Cybersecurity and Intelligence Strategies, SBG Technology Solutions, Inc.

CSFI had the opportunity to work together with IOC Bucket and SBG to organize a presentation at the Naval Academy in Annapolis, MD.

Norman R. Hayes Rear Admiral (ret.), US Navy, opened the event with a presentation on the current cyber environment, the need for the DoD to collaborate with industry, and most importantly, the way ahead to include quantum computing. The audience of almost 200 Naval Academy cadets and officers was very participative and engaged. I have the pleasure to work with and collaborate with Rear Admiral Hayes on cyber security and intelligence matters, and he is truly connected with the cyber community and national security matters currently affecting the US.

Robert Johnston, IOC Bucket CEO

Robert Johnston, IOC Bucket CEO

After his presentation, we had the honor to listen to Mr. Robert Johnston cover IOCs (Indicators of Compromise). Mr. Johnston is currently building the biggest collection (database) of IOCs on the Internet with plans to grow operations. IOC Bucket is looking for sponsors in order to grow its database! If you would like to help IOC Bucket with this invaluable initiative, please email CSFI and SBG are strong supporters of this effort, and we would like to invite other organizations to join us in growing this IOC database.

Robert Johnston is currently a penetration tester and vulnerability analyst within the Department of Defense. His areas of professional expertise include penetration testing, exploitation research, and network defensive technologies. Mr. Johnston has 7 years experience in the network security field. Upon graduating from the United States Naval Academy with a degree in Information Technology, Mr. Johnston was selected as a data communications and satellite transmissions Officer before assuming responsibility of the Marine Corps Red Team. Mr. Johnston is a published author in the field of computer security. His certifications include Certified Information Systems Security Professional (CISSP), Penetration Testing and Ethical Hacking (GPEN), Certified Ethical Hacker (CEH), Security +, and Network +.

“IOCs can be used for early detection of future attack attempts.”

“IOCs tie to observables, and observables tie to measurable events or stateful properties, which can represent anything from the creation of a registry key on a host (measurable event) to the presence of a mutex (stateful property). Though not present in all incident response or event of interest scenarios, IOCs are present more often than not should the security analyst devote enough time, energy and resources in learning where and how to identify them. The ability for a security analyst, incident responder or threat researcher to collect, record and notate IOCs in a detailed manner cannot be stressed enough. To be able demonstrate the Who, What, Where, When, How and (assuming one has enough data the ‘Why’) is invaluable! Today there are several emerging, would be standards for what has previously been an individualistic at worst and organizational at best approach to demonstrating IOCs.” Will Gragido 


IOC Bucket is a global community of computer security professionals who have a vested interest in sharing Indicators of Compromise (IOC) discovered during their research. Our website bridges the trans-ocean gap between multinational corporations providing them with a wealth of incident response knowledge and experience. Through the contributions of industry standard OpenIOC’s, IOC Bucket will be the largest repository of Open Source Indicators. On the website you can check indicators found on your network against our reputation database to determine the possibility of infection using one of the 500 fields supported by the OpenIOC format. Once found you may download the IOC to edit and search your network for further intrusions. Global security requires global partnerships.


Founded in 2004, SBG has emerged over the past eight years as one of the premiere small government contractors in the nation. In 2013, SBG was recognized by as a Top 500 Hispanic-Owned Business in America. In 2010 and 2011, SBG was recognized by Inc. 500 as one of the 500 fastest growing companies in the United States, including 50th in government services and 40th in the D.C. area. SBG also received the United States Chamber of Commerce Blue Ribbon Award in 2011 and the Small Business Diversity Award in 2010. Headquartered in Alexandria, Va., with a presence in Washington, D.C., Arlington, Va., San Diego, Calif. and Little Rock, Ark., SBG has grown significantly over the past eight years solidifying its reputation as an innovative and reliable business partner.


On the right: Carlos Del Toro, President & CEO 

US Naval Academy Audience (full room!)

US Naval Academy Audience (full room!)

Our CSFI team: Paul de Souza, Roger Kuhn, and Amanda Mason

Our CSFI team: Paul de Souza, Roger Kuhn, and Amanda Mason

Admiral Hayes answering to questions after his presentation

Admiral Hayes answering  questions after his presentation

I’m inspired by the presentations I heard today. I hope to continue to be able to support such initiatives!

If you would like to know more about IOC Bucket or SBG, please send an email to Get involved, and make a difference in securing cyberspace.


Paul de Souza, CSFI Founder President 

Filed under: Uncategorized

CSFI Blog Calendar

January 2014
« Oct   Mar »

Enter your email address to follow this blog and receive notifications of new posts by email.

CSFI Twitter

Career Thoughts

I am humbled and honored to have the opportunity to manage and run one of the biggest and most active forums on the Internet dealing with cyber warfare and cyber security – CSFI (The Cyber Security Forum Initiative). With over 16 years of cyber security experience, I continue to actively raise Cyber Warfare/Cyber Security awareness worldwide. I have worked as a Chief Security Engineer for AT&T, where I designed and approved secure networks for MSS. I have also consulted for several governments, military and private institutions on best network security practices throughout my career.

CSFI and its divisions CSFI-CWD (Cyber Warfare Division), CSFI-LPD (Law and Policy Division) and CSFI-WD (Wireless Division) continue to grow and expand with more than 60,000 information security members.

One of my personal goals is to serve our security community to the best of my abilities, in the protection and defense of our American national security interests, the American people, and that of our international partners. I am always ready to serve and to give of my time and skills to help our society with the growing problems we experience in cyberspace. I thank God and my family for the opportunities I have had in life and the most precious of all opportunities, which is the chance to serve others. I love what I do, and I appreciate all the support I have received from friends, family and our CSFI members.


Paul de Souza, CSFI Founder Director