Cyber Diversity Framework

 I was invited to speak at DEF CON 29 this year. I presented at the inaugural Blacks In Cybersecurity village. The video is below.

The talk that I gave was about a framework that i use to get things done in my life. I call it the Cyber Diversity Framework and it derived from systems thinking/risk management framework/design thinking. The idea of the framework is to examine barriers to increasing diversity in cybersecurity.

•        Empathize and discover patterns of behavior.

                                        What do they need?

 

•        Align your focus.

How can I help?

 

•        Ideate and design solutions.

      What does change look like?

 

•        Model and assess together.

How does my thinking need to transform?

 

•        Deploy the best model.

      What works? What doesn't work? 

For example. You are looking to enter the tech industry and you want an entry-level job in information security. You browse job postings. Empathize - What need does the job posting state? Align - What transferable skills do you have to meet the need? Ideate - What are ways to demonstrate those skills in your resume? Model - What gaps do you have and how can you address them. Deploy - Submit your targeted resume and develop stories that illustrate how you can meet the needs.

This talk gives more detail to the process and why I feel that this is so important at this time.

If you have questions or comments please reach out to me.

The slides are available on my Github repository. 

How to use MITRE ATT&CK heat maps to enrich your Security Operations

I find cyber threat intelligence fascinating and I wanted to find a way to use it to enhance our security operations. Previous efforts to use threat feeds had been frustrating as there were a lot of false positives and very little context. Last year at DerbyCon I learned about the MITRE ATT&CK framework and I’ve been searching for ways to leverage it in our environment. MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base can be utilized as a foundation for the development of specific threat models and methodologies to detect and defend against cyber adversaries.

Tactics are what attackers are trying to achieve (such as maintaining persistence and undetected presence in your environment). A technique is a specific behavior to achieve a goal and is often a single step in a string of activities employed to complete the attacker’s overall mission. The ATT&CK website provides many details about each technique including a description, examples, references, and suggestions for mitigation and detection.

I created a heat map based on the following groups which have been known to target defense, manufacturing and aviation industries:

• APT17

• APT19

• APT33

• Deep Panda

• Gallmaker

• Leviathan

• menuPass

• Threat Group-3390

• Turla

The MITRE ATT&CK Navigator tool can be found at https://github.com/mitre-attack/attack-navigator.

Scores were assigned to each technique and the score would increase if it was used by more than one adversary. I was advised by other threat analysts that a single color with a gradient would be more effective than utilizing a multicolor scheme like a traffic light protocol.

My initial thought was that this color-coded heat map would make a good visual and it could be used to better communicate our defense priorities. In this particular iteration, we found that process monitoring and file monitoring were two of our top priorities to defend against this set of adversaries.

Now that I had this representation I went through each technique and made a list of the log sources that could be analyzed to see instances of the technique in our enterprise. My team worked together to determine if we had gaps in our visibility of these techniques. Our goal was not to block any of these techniques because a number of them are legitimate processes that can be used maliciously. Our primary focus was on tactics that were to the left of persistence so that potentially malicious behavior could be targeted pre-persistence.

With this foundation, we used MISP to search for tags that matched APT groups and techniques based on what we saw in the heat map. These feeds could then be enriched by Cortex analyzers and fed into our SIEM to enrich our correlations with more context. 

Previously we had fed entire threat feeds directly into our SIEM; by using this more targeted approach we were able to greatly reduce the number of false positives.

These ideas are early in their implementation. I will continue to build out this process with my team and update as metrics and efficiencies can be documented. In our current environment, I believe that we can become better defenders by working together and sharing information. If you have questions feel free to contact me.

The original article was published on Linkedin.com at https://www.linkedin.com/pulse/how-use-mitre-attck-heat-maps-enrich-your-security-keith-chapman

Words of Power

I often feel like I'm an observer and not really necessary to the events going on around me. I often feel invisible and that what I contribute isn't important.

I can see now see this more clearly and believe that this is a lie. I think that this false belief comes from several sources:

• It's learned behavior, one of my nicknames is "stealth".
• I am a person of color and there is such a thing as institutional racism.
• I'm selfish and being engaged can get messy.
• I've been given words of power to speak in the lives of others and have an enemy that would rather have me to remain silent.

Any combination of the above - or something else.

Two "meaningful coincidences" have happened recently:
1. I've been in a position to share godly wisdom with other men and I've been exhorted to speak up repeatedly.

2. I've been working with cybersecurity interns and it was very impactful. I can see a new value in my vocation and experience.

This week I dreamt of a book of Afrofuturism (If you saw the Black Panther movie, imagine that Wakanda was a real place). That too felt like a "meaningful coincidence" and it came clearer into focus. I want to be seen and known and it's going to take work and strength.

I've been challenged to speak up. Please pray that I will continue to be given words of power to speak into the lives of others and that I will speak them.

Nebula Academy of Imaging and Learning

We have homeschooled our children for several years. This year I had our eldest submit an application to continue homeschooling. We want our student to grow in his responsibility for learning and thus we customize a personal learning plan for our use.

Personalized Learning Plan

To Create and cultivate. We believe that all people were created in the image of God (imago Dei) and that we have been granted a God-given dignity, uniqueness, skills, and talents (d.u.s.t.); through which we serve others through good works, wisdom, and virtue.

We desire to know God and his creation more deeply through your education and it is our desire that he will transform your heart and that you will live as a new creation with the power of Christ to do even greater works.

Homeschool Application

He was excited about the new direction and I will work closely with him to accomplish his educational goals. Feel free to use this idea for your family.

About

To create and cultivate.
My name is Keith Chapman
@S1lv3rL10n

Proverbs 1:1-7

The proverbs of Solomon son of David, king of Israel:

 for gaining wisdom and instruction;
    for understanding words of insight;
 for receiving instruction in prudent behavior,
    doing what is right and just and fair;
 for giving prudence to those who are simple,
    knowledge and discretion to the young—
 let the wise listen and add to their learning,
    and let the discerning get guidance—
 for understanding proverbs and parables,
    the sayings and riddles of the wise.

The fear of the Lord is the beginning of knowledge,

    but fools despise wisdom and instruction.

This passage summarizes how I desire to think through things. I value knowledge and wisdom and desire to grow in both.