Chris Morgan

Author image
Chris Morgan

Cofounder and Chief Technology Officer. Chris Morgan is responsible for technology innovation and delivering high-quality security analytics solutions to clients. He has more than 15 years of experience in research and development, software engineering, software development and product management. Morgan studied management at the Wharton School of Business of the University of Pennsylvania and economics and computer science at Virginia Polytechnic and State University.

  • Palantir

    Palantir’s Struggles and Big Data’s Evolution in Information Security

    The media has documented some recent struggles by Palantir in retaining customers and staff. Included in this coverage is an assertion in a BuzzFeed article that: “Toward the end of last year, Palantir killed its effort to create an elite cybersecurity group, after executives decided it wasn’t gaining enough traction… In April 2015, employees were informed that American Express had dumped Palantir after 18 months of cybersecurity work… At its peak last year, two of the sources said, the cybersecurity team included more than 10 forward deployed engineers; the majority…

  • iot-units-installed-category

    What to Do When Mobile and IoT Explode the Attack Surface

    Information security was hard enough when we had to lock down all of the servers, desktops and laptops. That seems like child’s play compared to what we face now. You could pretty easily count your server infrastructure and PCs were simply a function of your company employee count. Mobile and Internet of Things (IoT) change that equation as we outlined earlier this week in our new White Paper, Take Back Control of Your Information Security. I thought I’d cover part of the ground from that analysis and expand on a…

  • cves-exploited-2015-500x459

    What to do When You Can’t Patch a Vulnerability

    The Verizon DBIR has a lot to say about vulnerabilities. One of the more interesting topics is the large number of 2015 vulnerability exploits that were more than a year old. In a footnote the DBIR authors comment that “Those newly exploited CVEs, however, are mostly – and consistently – older than one year.” The data show that more than 90% of exploited vulnerabilities in 2015 were more than one-year-old and nearly 20% were published more than 10 years ago.   This data is consistent from year-to-year. In 2014, more…

  • percent-breaches-per-asset


    The Verizon DBIR, the Phish Labs’ Phishing Trends & Intelligence Report, and a number of other recent announcements confirm what we all know. Phishing is a popular attack vector. This is an important data point for information security leaders. It also logically leads to two questions: Can you stop phishing to secure your enterprise assets? If you could stop phishing, what next? There is a lesson here in building an effective and resilient information security infrastructure that is missing in most enterprises today. A RESILIENT VECTOR AND AN ELUSIVE FOE…

  • prioritizing-security-risk-infosec square

    Known Knowns: The Problem with Vulnerabilities and Unmeasured Risk

    Vulnerabilities are growing faster than information security staff capacity. There was a time when knowing your vulnerabilities was the critical challenge in protecting the enterprise. Today, there are many tools that provide near real-time access to vulnerability notification. The question is no longer, “what are my vulnerabilities?” The more important question is, “what is my greatest risk?” If you had sufficient capacity to quickly patch all vulnerabilities, risk wouldn’t be an issue. All vulnerabilities would be closed before risk became a factor for consideration. That is not where most enterprises…

  • verizon-data-breach-investigations-report-chart

    Knowns and Unknowns: What it Means to Shift from Prevention to Detection and Response

    “We haven’t stopped huge breaches. The focus now is on resilience, with smarter ways to detect attacks and faster ways to respond to them.”  MIT Technology Review, January 2016 There is a lot of talk about shifting the information security posture from a focus on prevention to greater emphasis on detection and response. In a world where you assume everyone is breached, the logical strategy involves rapid identification and containment. It doesn’t mean you stop patching vulnerabilities. It does mean that organizations need new tools, processes and, in many cases,…

  • kyivoblenergo-customer-letter

    Critical Infrastructure Cybersecurity Risk Realized – Things Have Changed

    The Aurora Generator Test carried out by Idaho National Laboratory in 2007 introduced much of the world to the idea that a cyber hack could cause damage and disrupt electricity distribution. While the test was real, the hack required a successful intrusion first and there were no real-world incidents that actually realized electricity disruption – until last month. By now, most people in the information security community are aware of the hack on at least two Ukrainian power authorities in Ivano-Frankivsk region. As much as high-profile cybersecurity attacks ranging from…

  • office-space-boss_36733 copy

    Why the CISO Should Be A Peer, Not an Underling

    To Get Really Secure, First Empower Your Leadership: Why the CISO Should Be A Peer, Not an Underling Each time there’s a major security breach, organizations at all levels reevaluate their cyber security procedures and teams. In fact, 47 percent of C-suite executives  hold CISOs accountable for a breach. Some companies choose to use the CISO as a scapegoat but don’t address what it will really take to shore up their enterprise security – all too often this includes empowering the CISO within the C-suite. There’s significant value in having the CISO considered equal to…