Richard Bejtlich

@taosecurity@infosec.exchange
2.9K Followers
79 Following
705 Posts
I was a captain in the United States Air Force who formally trained as an intelligence officer. I later worked in information warfare. I promoted the concept that "prevention eventually fails" in my first book (2004) and developed tactics, operations, and strategy to detect and respond to nation-state and criminal computer intrusions. I wrote about cybersecurity from 2001 to 2021. I created the GE-CIRT and was Mandiant's first CISO. I currently advocate #NetworkSecurityMonitoring for @corelight. My latest books are here #ad https://amzn.to/3B2AcMc
TaoSecurityhttps://www.taosecurity.com/index.html
Bloghttps://taosecurity.blogspot.com/
LinkedInhttps://www.linkedin.com/in/richardbejtlich/
Amazonhttps://www.amazon.com/-/e/B001IR3KOW
Richard BejtlichMay 24

If you'd like to know why IPv6 continues to be a dud compared to IPv4, years after we exhausted all IPv4 addresses, check out this great article by my favorite networking guru, Geoff Huston, in the free and mighty Internet Protocol Journal, issue 28 no 1.

https://ipj.dreamhosters.com/internet-protocol-journal/issues/back-issues/

Incidentally, I set up my IPv6-only lab, which required tunnel tech, again this past week, 19 YEARS after doing it the first time.

https://taosecurity.blogspot.com/2006/09/ipv6-only-freebsd-scenario.html

Richard BejtlichMay 1
For years I’ve said the Apple iPhone ecosystem overall is far more secure for the average user than Android. Here’s a quantifiable example of how bad the Google Play store has been. It’s good to see Google taking these steps, but the Android ecosystem will remain inferior compared to the vertical integration of the Apple iPhone. https://www.techspot.com/news/107745-google-play-shrinks-47-percent-following-policy-overhaul.html
Richard BejtlichApr 26
The 2025 Mandiant M-Trends report is here. First the first time in the history of the report, global dwell time has increased, albeit only one day, from 10 to 11 days. This is still worrying, as ransom actor extortion demands have pressured the dwell time downward, but for an obviously bad reason. Global detection by source has also moved in the wrong direction, with slightly more external vs internal detection. I fear we have entered the realm of decreasing “returns on security investment,” especially for the security 1-10%.
Richard BejtlichApr 9
I just created another Windows 10/11 application using AI. This is a follow-up to the SquareCap program I posted about a few weeks ago. Details here: https://taosecurity.blogspot.com/2025/04/creating-large-text-file-viewer-by-vibe.html
Creating a Large Text File Viewer by Vibe Coding with Visual Studio Code, Cline, OpenRouter, and Claude 3.7

Richard Bejtlich's blog on digital security, strategic thought, and military history.

Richard BejtlichFeb 10
Any of my fellow military historians might want to take advantage of this flash sale by Osprey Publishing. Every time they offer a sale I buy the latest Osprey Campaign and Osprey Air Campaign titles. https://www.ospreypublishing.com/us/discover/sale/osprey-february-flash-sale-2025/
Osprey February Flash Sale 2025

Osprey Publishing
Richard BejtlichJan 23
I had a scare due to Google AI hallucinations. I was watching BBC presenter Stephen Sackur just now. Ehud Olmert joked about their age difference so I Googled Stephen. Google told me Stephen had advanced cancer and was lobbying for sensitive legislation! I checked the references and it turns out he INTERVIEWED someone with terminal cancer. Stephen was treated for skin cancer successfully in 2019 however.
Richard BejtlichJan 12
Thanks to Dominik B for sharing the article which linked to a Twitter post about my Mandiant football helmet! It's forever immortalized in an academic paper! 😂 Anywhere here's what it looks like today, after 6 years at Mandiant.
Richard BejtlichJan 12
Google Scholar periodically sends me alerts when researchers cite me. There's a new paper which apparently mentions my 2010 article "What Is APT?" and a Twitter post from 2014. I can't read the article, but looking at the link to my Twitter post I see it was about... my Mandiant football helmet?! If anyone can access this article and send me a copy, I'd appreciate it. https://journals.sagepub.com/doi/abs/10.1177/03063127241299132
Richard BejtlichJan 8

Happy birthday TaoSecurity Blog, born on this day in 2003!

The best way to digest the key lessons from the site is to browse my four volume Best of TaoSecurity Blog book series, published in 2020.

https://amzn.to/4h6Lqlb #ad

It's available in print as seen here, or as a properly formatted HTML-based digital book -- none of that PDF-based fixed format nonsense.

Each book is a theme-centric collection of posts with new commentary for each entry. Some of what I wrote stood the test of time, and some did not. See what you think. Or, just scroll backwards through the site.

Thank you to Blogspot and Google for hosting the blog for the last 22 years!

https://taosecurity.blogspot.com/

TaoSecurity Blog

Visit Amazon's TaoSecurity Blog Page and shop for all TaoSecurity Blog books. Check out pictures, author information, and reviews of TaoSecurity Blog

Richard BejtlichJan 5
I love how the covers of the original Star Wars movie adaptation played loose and fast with the actual plot. This is issue 6, wrapping up the movie.