Chris Poulin

Expert Blogs

Expert Blogs
A blog where security experts share their knowledge and experiences.
  • Healthcare and Building a Security Survivability Program Part 1

    Never join a ride share with a clown college, and never take your health advice from network news. “The surprising secret to firming up your stomach and thighs—in your sleep!” And, “Up next: the everyday item in your glove compartment...
  • Entrails & Astronomy: Here Come Yet Another Round of 2013 Predictions

    It’s that time of year again when dusty wreaths are extricated from the attic, invective carols are launched at tangled strings of lights, and homeowners rush to the hospital with a sprained ankle from a ladder fall or to have a thumb unstapled...
  • It’s 10 O’clock . . . Do You Know Where Your Data Is?

    Long ago, in a network far away, we took for granted where our data was: safely tucked away within our corporate network perimeter. We may have been concerned about Lefty in engineering finding a way to look at the HR files, but for the most part we were...
  • Hacking Big Data

    One of the highlights of the U.S. presidential election has to be the manipulation of big data. I’m not talking about the rhetoric around unemployment rates, fabricated “facts”, or even the allegations that New Jersey lieutenant governor’s...
  • Notes from FOSE: Continuous Monitoring = Security Intelligence

    From Q1Labs Last week I participated in a panel on Continuous Monitoring at FOSE. Joining me were Mark Crouter from MITRE as the moderator, John “Rick” Walsh, chief of technology and business processes in the Cybersecurity Directorate of...
  • The Healthcare Industry Needs to Implement Tighter Controls and Policies, According to the IBM X-Force 2012 Annual Trend and Risk Report

    In 2012, there were 1,502 documented incidents resulting in loss of personally identifiable information, almost a 40% increase over the previous year’s 1,088 event count. In the last three years, 21 million patients in the United States have had...
  • Healthcare and Building a Security Survivability Program Part 2

    Last week, I shared Healthcare and Building a Security Survivability Program Part 1. In part 1, I share with you three associated suggestions to build a new information security regimen—a new year’s resolution, if you will. Neither the problem...
  • Hyperbolic View of Simple Flaws in Mobile Security: A Healthcare Drama

    Ever wonder if the person who would one day cure cancer may have died an untimely death due to an unfortunate series of events? The butterfly effect taking a macabre back road? A new vulnerability was found in some Android-based mobile devices, which...
  • Don't Get Me Started: FUD

    Presentations about the information security industry can be motivating or they can be boring, but one emotion they should not elicit is fear. We do not need one more talking head lecturing us through a stern look about the dire state of security.
  • Healthcare & Security Operations: Batteries Included

    It's not a crime if you don't get caught. Speeding is the perfect example: we all do it (except the people in front of me when I’m late for a meeting) but few of us consider it breaking the law. That’s because there are way too few...
  • Flame: Klunky Primate of the Next Stage of Evolution of Advanced Malware

    This week the security blogs have been abuzz about Flame , the newly discovered malware that appears to be geographically targeted at Iran, Lebanon, Syria, Sudan, and other countries in the Middle East and North Africa. Security analysts are infatuated...
  • A Cloud by Any Other Name is a Health Information Exchange (HIE)

    In an episode of Seinfeld, Elaine is flagged as a “difficult” patient by one doctor and the reputation follows her in her medical record. In order to get treatment for her rash she has to try to steal her own record and expunge the notes,...
  • Enabling Health Care Transformation with Security Intelligence

    In Star Trek I never saw Dr McCoy texting Spock or playing Angry Birds on the medical tricorder, which may be why I never saw him swearing over it because he had to type in an eight-digit passcode because of an MDM policy. Bones would just wave it over...
  • Defining Security Intelligence at Pulse 2012

    Security Intelligence is about enriching events with context data and ending up with smart information to give enterprises not only total visibility, but to laser in on incidents such as fraud that support business use cases . That’s the conclusion...
  • GTRA Roundtable Recap: How to Drive Efficiency and Improve Security

    The CIA has The Farm , a secret facility somewhere in Virginia, where it trains agents in wiretapping, interrogation, and handling human “assets”. Similarly, the GTRA (Government Technology Research Alliance) convenes in remote Bedford Springs...
  • Football and Security: Defense is Not a Strategy

    From Q1Labs (Note: I grew up in a European colonized country. Football to me is European football, soccer to most Americans. I love American football too, but Europeans were calling it football long before we were.) You would never man a football...
  • The Pizza Tracker as a component of Football Intelligence

    From Q1Labs Last Sunday I was watching football (American football this time) as usual, when an advertisement played for a pizza tracker app. When you place an order with the pizza delivery service, they track the progress of the pizza’s ontogeny...
  • When Refrigerators Attack! The Future of Smart Grid Security

    From Q1Labs INT CAR - MORNING A man is stuck in traffic on his way to work. His mind wanders and his OCD kicks in: Did I leave the toaster plugged in? He pulls out his smart phone and taps the app labeled “Home Automation”, then taps...
  • Security Week Excerpt: Security Superstition

    From Q1Labs Have your security practices been guided by old wives’ tales and horror stories of installations past? In this article for Security Week, Chris Poulin explains why it’s time to revisit your security posture, especially when...