Sunnyvale, California, United States
Contact Info
24K followers
500+ connections
About
Articles by Anton
-
Move to Cloud: A Chance to Finally Transform Security?
Move to Cloud: A Chance to Finally Transform Security?
By Anton Chuvakin
-
Can I Have Decent Detection and Visibility on a Badly Managed Network?
Can I Have Decent Detection and Visibility on a Badly Managed Network?
By Anton Chuvakin
Contributions
Activity
-
We're growing our security team! Protect AI is seeking a Cloud and Infrastructure Security Engineer to join our growing security team and work…
We're growing our security team! Protect AI is seeking a Cloud and Infrastructure Security Engineer to join our growing security team and work…
Liked by Anton Chuvakin
-
To determine whether generative AI will deliver the business results you’re after, map your use case against the relevant use-case family. Discover…
To determine whether generative AI will deliver the business results you’re after, map your use case against the relevant use-case family. Discover…
Liked by Anton Chuvakin
-
Join Patrick Gray, Chris Krebs and I for THE WIDE WORLD OF CYBER episode 3 and a discussion on the somewhat complicated relationship between…
Join Patrick Gray, Chris Krebs and I for THE WIDE WORLD OF CYBER episode 3 and a discussion on the somewhat complicated relationship between…
Liked by Anton Chuvakin
Experience & Education
Volunteer Experience
-
Member
SANS GIAC Advisory Board
- Present 17 years 2 months
Science and Technology
The GIAC Advisory Board is made up of GIAC certified professionals who wish to give back to the security community by taking an active role in the GIAC program. The GIAC Advisory Board provides a forum where IT Security professionals can exchange ideas and advice.
(quote from http://www.giac.org/certified-professionals/advisory-board)
Publications
-
Maverick* Research: Your Smart Machine Has Been Conned! Now What?
Gartner
Smart machines and AI pose huge future risks that derive from malicious humans using or abusing them to achieve their goals. Here, we focus on identifying and reducing those risks. (Maverick research deliberately exposes unconventional thinking and may not agree with Gartner's official positions.)
Other authorsSee publication -
Understanding the Value of Enterprise Content-Aware DLP
Gartner
Content-aware data loss prevention is increasingly accepted as a standard part of security architecture, even as the market rebalances between enterprise, channel and DLP-lite solutions. This research provides a foundational analysis of the value and composition of E-DLP.
Other authorsSee publication -
DDoS: A Comparison of Defense Approaches
Gartner
Distributed denial of service attacks have risen in complexity, bandwidth and number of occurrences targeting enterprises. Organizations must architect their defenses with both cloud and on-premises defenses along with integrating DDoS responses into the current incident response process.
Other authorsSee publication -
Blueprint for Mitigating DDoS Attacks and Protecting Data Centers and Hybrid Cloud
Gartner
This Blueprint defines a DDoS defense architecture for enterprises with a mission-critical website or e-commerce site and that have multiple ISPs connected into their data centers and corporate centers, and that use public IaaS.
Other authorsSee publication -
PCI Compliance, Fourth Edition: Understand and Implement Effective PCI Data Security Standard Compliance
Syngress
Identity theft and other confidential information theft have now topped the charts as the leading cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant? The new Fourth Edition of PCI Compliance has been revised to follow the new PCI DSS standard version 3.0, which is the official version beginning in January 2014. Also new to the Fourth Edition: additional case studies and clear guidelines and instructions for maintaining PCI…
Identity theft and other confidential information theft have now topped the charts as the leading cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant? The new Fourth Edition of PCI Compliance has been revised to follow the new PCI DSS standard version 3.0, which is the official version beginning in January 2014. Also new to the Fourth Edition: additional case studies and clear guidelines and instructions for maintaining PCI compliance globally, including coverage of technologies such as NFC, P2PE, CNP/Mobile, and EMV. This is the first book to address the recent updates to PCI DSS. The real-world scenarios and hands-on guidance are also new approaches to this topic. All-new case studies and fraud studies have been added to the Fourth Edition.
Each chapter has how-to guidance to walk you through implementing concepts, and real-world scenarios to help you relate to the information and better grasp how it impacts your data. This book provides the information that you need in order to understand the current PCI Data Security standards and how to effectively implement security on network infrastructure in order to be compliant with the credit card industry guidelines, and help you protect sensitive and personally-identifiable information.
* Completely updated to follow the most current PCI DSS standard, version 3.0
* Packed with help to develop and implement an effective strategy to keep infrastructure compliant and secure
* Includes coverage of new and emerging technologies such as NFC, P2PE, CNP/Mobile, and EMV
* Both authors have broad information security backgrounds, including extensive PCI DSS experienceOther authorsSee publication -
PCI Compliance, Fourth Edition: Understand and Implement Effective PCI Data Security Standard Compliance
Syngress
Identity theft and other confidential information theft have now topped the charts as the leading cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant? The new Fourth Edition of PCI Compliance has been revised to follow the new PCI DSS standard version 3.0, which is the official version beginning in January 2014. Also new to the Fourth Edition: additional case studies and clear guidelines and instructions for maintaining PCI…
Identity theft and other confidential information theft have now topped the charts as the leading cybercrime. In particular, credit card data is preferred by cybercriminals. Is your payment processing secure and compliant? The new Fourth Edition of PCI Compliance has been revised to follow the new PCI DSS standard version 3.0, which is the official version beginning in January 2014. Also new to the Fourth Edition: additional case studies and clear guidelines and instructions for maintaining PCI compliance globally, including coverage of technologies such as NFC, P2PE, CNP/Mobile, and EMV. This is the first book to address the recent updates to PCI DSS. The real-world scenarios and hands-on guidance are also new approaches to this topic. All-new case studies and fraud studies have been added to the Fourth Edition.
Each chapter has how-to guidance to walk you through implementing concepts, and real-world scenarios to help you relate to the information and better grasp how it impacts your data. This book provides the information that you need in order to understand the current PCI Data Security standards and how to effectively implement security on network infrastructure in order to be compliant with the credit card industry guidelines, and help you protect sensitive and personally-identifiable information.
* Completely updated to follow the most current PCI DSS standard, version 3.0
* Packed with help to develop and implement an effective strategy to keep infrastructure compliant and secure
* Includes coverage of new and emerging technologies such as NFC, P2PE, CNP/Mobile, and EMV
* Both authors have broad information security backgrounds, including extensive PCI DSS experienceOther authorsSee publication -
Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management
Syngress
Effectively analyzing large volumes of diverse logs can pose many challenges. Logging and Log Management helps to simplify this complex process using practical guidance and real-world examples. Packed with information you need to know for system, network and security logging. Log management and log analysis methods are covered in detail, including approaches to creating useful logs on systems and applications, log searching and log review.
Comprehensive coverage of log management…Effectively analyzing large volumes of diverse logs can pose many challenges. Logging and Log Management helps to simplify this complex process using practical guidance and real-world examples. Packed with information you need to know for system, network and security logging. Log management and log analysis methods are covered in detail, including approaches to creating useful logs on systems and applications, log searching and log review.
Comprehensive coverage of log management including analysis, visualization, reporting and more
Includes information on different uses for logs -- from system operations to regulatory compliance
Features case Studies on syslog-ng and actual real-world situations where logs came in handy in incident response
Provides practical guidance in the areas of report, log analysis system selection, planning a log analysis system and log data normalization and correlationOther authors -
PCI Compliance, Third Edition: Understand and Implement Effective PCI Data Security Standard Compliance
Syngress
The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PCI Compliance, 3e, provides the information readers need to understand the current PCI Data Security standards, which have recently been updated to version 2.0, and how to effectively implement security within your company to be compliant with the credit card industry guidelines and protect sensitive and personally…
The credit card industry established the PCI Data Security Standards to provide a minimum standard for how vendors should protect data to ensure it is not stolen by fraudsters. PCI Compliance, 3e, provides the information readers need to understand the current PCI Data Security standards, which have recently been updated to version 2.0, and how to effectively implement security within your company to be compliant with the credit card industry guidelines and protect sensitive and personally identifiable information. Security breaches continue to occur on a regular basis, affecting millions of customers and costing companies millions of dollars in fines and reparations. That doesn't include the effects such security breaches have on the reputation of the companies that suffer attacks. PCI Compliance, 3e, helps readers avoid costly breaches and inefficient compliance initiatives to keep their infrastructure secure.
*Provides a clear explanation of PCI.
*Provides practical case studies, fraud studies, and analysis of PCI.
*The first book to address version 2.0 updates to the PCI DSS, security strategy to keep your infrastructure PCI compliant.Other authorsSee publication -
The Cloud Security Rules
The Roer Group
The Cloud Security Rules explains the different aspects of cloud security to business leaders, CxO's, IT-managers and decision makers. The security principles are the same as before while the implementation and the risks involved are dramatically changed. The book is co-authored by some of the most recognized security specialists and bloggers in the world. The authors are gathered from USA, Europe and Africa, sharing their great knowledge of implementing and securing the cloud. This book is…
The Cloud Security Rules explains the different aspects of cloud security to business leaders, CxO's, IT-managers and decision makers. The security principles are the same as before while the implementation and the risks involved are dramatically changed. The book is co-authored by some of the most recognized security specialists and bloggers in the world. The authors are gathered from USA, Europe and Africa, sharing their great knowledge of implementing and securing the cloud. This book is made to help it easier for you to choose the right cloud supplier as well as setting up and running your critical services in the cloud. Questions you will find answers about include: - Do I have to accept that standard SLA? - What should an SLA include? - What standards should I be paying attention to, if any? - How do I treat mobile workers, and how do they fit into the cloud? - Do I really need to care about logging? - Many more! Since the cloud computing is global, you risk using service providers in other countries than your own - even if you only operate in your own country. The Cloud Security Rules aims at helping you understand the risks involved, and help you determine the best strategy for your organization.
Other authorsSee publication -
PCI Compliance
Syngress
Projects
-
Cloud Security Podcast by Google
Join your hosts, Anton Chuvakin and Timothy Peacock, as they talk with industry experts about some of the most interesting areas of cloud security. If you like having threat models questioned and a few bad puns, please tune in!
-
How to Work With an MSSP to Improve Security
Managed security services are a popular, growing, yet somewhat failure-prone approach to information security. This guidance gives security practitioners a structure to shape the managed security service provider relationship and develop joint security processes and architecture for success.
-
Security Information and Event Management Architecture and Operational Processes
Using security information and event management (SIEM) requires much more than just buying technology. Understanding how to properly design and run SIEM is critical to avoiding the costly mistake of an ineffective or failed deployment.
-
SIEM Market Trends, Solutions, Assessment and Select Product Profiles
Security information and event management (SIEM) is a pivotal and widely used security technology, yet many enterprises struggle to get value from their often expensive deployments. Deeply understanding SIEM technology and products is critical to success.
-
Denial of Service: A Comparison of Defense Approaches
Denial of service (DoS) attacks are back in focus due to Anonymous and other hacktivist attackers over the last few years. Malicious DoS attacks for financial gain are also on the rise. This assessment compares defense approaches for denial of service and formulates recommendations for the right combined approach to use for enterprise DoS defense.
-
Security Monitoring of Public Cloud Assets
-
“Cloud computing is changing the way enterprises use IT. Security requirements and security monitoring, in particular, often lag behind. This research looks at approaches and architectures for security monitoring of public cloud assets, deployed by enterprises at cloud services providers.”
Languages
-
English
Native or bilingual proficiency
-
Russian
Native or bilingual proficiency
Organizations
-
CardinalOps
Advisory Board
- PresentOne of the advisors for CardinalOps (https://www.cardinalops.com)
Recommendations received
14 people have recommended Anton
Join now to viewMore activity by Anton
-
if you’re attending #DEFCON this year, i’ve got a spot-the-honeypot challenge for you: find my galah* honeypot instance on gcp and win swiss…
if you’re attending #DEFCON this year, i’ve got a spot-the-honeypot challenge for you: find my galah* honeypot instance on gcp and win swiss…
Liked by Anton Chuvakin
-
I'm moderating a panel with Vijay B. (CISO at Google DeepMind), Jason Clinton (CISO at Anthropic), and Matthew K. (Head of Security at OpenAI) at the…
I'm moderating a panel with Vijay B. (CISO at Google DeepMind), Jason Clinton (CISO at Anthropic), and Matthew K. (Head of Security at OpenAI) at the…
Liked by Anton Chuvakin
-
EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from @Mandiant at @CloudSecPodcast by @Google
EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from @Mandiant at @CloudSecPodcast by @Google
Liked by Anton Chuvakin
-
I spent 10+ years doing security at Google. You might be familiar with some of my public work from that era: AFL, The Tangled Web, and more. But I'm…
I spent 10+ years doing security at Google. You might be familiar with some of my public work from that era: AFL, The Tangled Web, and more. But I'm…
Liked by Anton Chuvakin
-
Want to Win a custom electric 1981 DeLorean Car ? Why don't you register and submit your app to Gemini API Developer Competition before submissions…
Want to Win a custom electric 1981 DeLorean Car ? Why don't you register and submit your app to Gemini API Developer Competition before submissions…
Liked by Anton Chuvakin
-
Janet Costello Worthington and I appeared on this week's Application Security Weekly to talk about the state of application security and some of our…
Janet Costello Worthington and I appeared on this week's Application Security Weekly to talk about the state of application security and some of our…
Liked by Anton Chuvakin
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More