Eight weeks in
Eight weeks of running monitoring engagements. What it has taught us about detection-content tuning, OSSEC deployment friction, the value of Bro at the application layer, and the calibration of analyst attention.
Hedgehog SOC
The Hedgehog SOC decision has finally landed. Two analysts come in over the next two months, the Stafford office is being kitted out from next week. What tipped it, what the design constraints are, and what I am specifically not committing to.
One year of Hedgehog Security
One year since founding Hedgehog Security. Specific cumulative trajectory has been operationally productive; specific subsequent decisions are now clearer.
End of 2009 notebook
End-of-year notebook closing post. Twelve years of writing approaches. Hedgehog Security is operationally established. The trajectory continues.
Predictions for 2010
Predictions for 2010 with explicit probabilities. The annual calibration discipline continues; the cumulative archive across years remains substantial.
2009 in review
December retrospective. 2009 has been substantively transformative — Hedgehog founding, Conficker, Heartland, Windows 7. The cumulative trajectory continues.
Six months at Hedgehog
Six months at Hedgehog Security. The cumulative engagement is sustained; specific patterns are clear; specific subsequent decisions about scaling are emerging.
Three months at Hedgehog — patterns emerging
Three months into Hedgehog. Specific operational patterns are emerging; the practice is taking shape; specific subsequent decisions are clearer.
First month at Hedgehog
Five weeks into Hedgehog Security. Specific operational realities of independent practice are clearer; specific structural decisions about the practice are emerging.
Founding Hedgehog Security
I have left Gala Coral and founded Hedgehog Security. The cumulative trajectory through 2008-2009 has produced this transition; specific subsequent work begins.