Showing posts with label ge-cirt. Show all posts
Showing posts with label ge-cirt. Show all posts

Wednesday, January 19, 2011

Wanted: Incident Handler in Michigan

Do you know how to detect and respond to intruders in a multinational organization? Do you want to join a team with that mission? Are you an experienced information security professional who is looking for a challenge? If your answer to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se three questions is yes, please consider applying for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last open Incident Handler role in GE-CIRT. In this role you will mentor intermediate and junior CIRT members and work with some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best detection and response staff in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world.

The role is located at our Advanced Manufacturing & Software Technology Center in located at Visteon Village, Van Buren Township, Michigan. By cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 month, 19 of my team (about half of GE-CIRT) will be located cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re. (I have 2 new hires arriving within cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next two weeks.) In addition to normal operations cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re, our extended team meets at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 AMSTC facility regularly for training and planning sessions.

If you would like more information on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 role, apply for job 1259804 and I will review your resume. Please read cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 qualifications carefully -- I'm looking for an experienced person for this role. Thank you.

Tuesday, April 20, 2010

Still Looking for Infrastructure Administrator for GE-CIRT

Two months ago I posted Information Security Jobs in GE-CIRT and Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r GE Teams. I've almost filled all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 roles, or have candidates for all roles in play, with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exception of one -- Information Security Infrastructure Engineer (1147859).

We're looking for someone to design, build, and run infrastructure to support GE-CIRT functions. As you might expect, we don't need someone with Windows experience. Beyond Unix-like operating systems, we are interested in someone with MySQL experience. You must be a US citizen who lives near our Michigan AMSTC or can relocate on your own cost.

If you are interested, please visit www.ge.com/careers and apply for role 1147859. Thank you.

Wednesday, March 24, 2010

GE-CIRT Joins FIRST

I am pleased to announce that on Friday 19 March cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Forum of Incident Response and Security Teams, or FIRST, accepted cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 General Electric Computer Incident Response Team, GE-CIRT, as a full member.

This represents about a year of work for us. I am really proud of our team, especially since we reached initial operational capability on 1 January 2009.

I would like to thank James Barlow and Rob Renew for sponsoring our application; Sarah Gori for leading our application process; David Bianco for helping Sarah with technical aspects of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process; and our security team members for assisting with meeting FIRST's criteria.

If you are a member of an incident detection and response team but your team is not part of FIRST, please check out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 membership process. I advocated joining FIRST for three reasons:

  1. Joining FIRST is a sign to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 world that your team has reached a certain level of maturity, stability, and capability.

  2. The membership process itself will help focus your team's operations and may help justify process and capability improvements that you may or may not realize you need.

  3. FIRST is a community of like-minded professionals with whom you can share information, practices, and lessons that might not be suitable for wider discussions.


When I speak at FIRST 2010 in Miami in June I will describe our membership process and more generally how to build a Fortune 5 CIRT. The conference is open to non-FIRST members, so please consider attending it.

Finally, I am still trying to fill a few of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 roles listed here. I am particularly interested in finding a system administrator with FreeBSD and MySQL database experience, for our Information Security Infrastructure Engineer (job 1147859 at www.ge.com/careers). Please consider applying for one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r roles within GE as well, listed below my jobs. Thank you.

Monday, February 22, 2010

Information Security Jobs in GE-CIRT and Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r GE Teams

I'm hiring for my team (GE-CIRT) again. The following summarizes open positions:

  1. Information Security Incident Handler (1145304); serious skills required

  2. Information Security Incident Analyst (1147842); intermediate skills required

  3. Information Security Event Analyst (1147849); extreme willingness to learn required

  4. Security Assurance Team Senior Analyst (1147811); intermediate skills required

  5. Security Assurance Team Analyst (1147853); extreme willingness to learn required

  6. Information Security Infrastructure Engineer (1147859); serious Unix and open source system and database administration skills required


Roles 1-3 involve incident detection and response. Roles 4-5 involve threat analysis, Red-Blue teaming, and internal consulting. Role 6 supports team systems. All roles have a bias towards hiring into our beautiful Advanced Manufacturing and Software Technology System in Michigan. I already have five guys working cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re and expect to have at least a dozen more on our team working cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 year. In some cases I have multiple jobs available. Some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se candidates will report directly to me, while ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs will report to my senior team leaders.

If you hope to be referred by a GE employee, be sure to have that employee follow cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Company referral policy. Do not apply on your own.

If interested in joining GE-CIRT, search for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 indicated job numbers at ge.com/careers. I will not answer questions until potential applicants apply to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 jobs, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n I will only do so through work channels. Thank you.

In addition to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 roles listed above, ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r security teams in GE are hiring incident analysts with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 job numbers listed below.

  • 1148549

  • 1147886

  • 1148555

  • 1142824


Also, GE Research is hiring for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following positions:

  • 1149708: Next Generation IT Security Program Manager

  • 1149697: Infrastructure Security Leader

  • 1149699: Infrastructure Security Architect

  • 1149705: Information Security Incident Response Leader

  • 1125694: Cyber Security Researcher

Wednesday, October 07, 2009

Incident Handler, Incident Analyst, Threat Analyst, and Developer Positions in GE-CIRT

My team just opened five more positions. These candidates will report to me in GE-CIRT.

  • Information Security Incident Handler (1093498)

  • Information Security Incident Analyst (two openings, 1093494)

  • Cyber Threat Analyst (1093497)

  • Information Security Software Developer (1093499)


These candidates will sit in our new Advanced Manufacturing & Software Technology Center in Van Buren Township, Michigan. We don't have any flexibility regarding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 location for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se positions, and all five must be US citizens. No security clearance is required however!

If interested, search for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 indicated job numbers at ge.com/careers or go to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 job site to get to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 search function a little faster. We are being deluged by applicants for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 SIEM role, so your best bet is to apply online and let me find you after reading your resume. Thank you.

Wednesday, September 16, 2009

Security Information and Event Management (SIEM) Position in GE-CIRT

My team just opened a position for a Security Information and Event Management professional. This candidate will report to me in GE-CIRT but take daily direction from our SIM leader and our Lead Incident Handler. We're looking for a technical person who can not only administer our SIM, but also help our team implement our detection and response objectives and use cases in our SIM and related infrastructure.

This candidate will sit in our new Advanced Manufacturing & Software Technology Center in Van Buren Township, Michigan.

If interested, search for job 1087025 at ge.com/careers or go to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 job site to get to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 search function a little faster. I am available to answer questions on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 role or forward cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to our SIM leader. You can reach me by posting a comment here and providing an email address where I can contact you. Thank you.

Friday, August 14, 2009

GE Is Hiring in Michigan

In June in this post I linked to a speech that GE's CEO gave in Michigan. We're hiring about 1,200 people over cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next few years, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 jobs are already appearing at gecareers.com. One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 jobs posted requests an IT Project Manager - Information Technology (Security). This candidate would work in a sister unit to our GE-CIRT doing Identity and Access Management (IAM). If this job looks interesting, please check it out. As ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r roles in our Corporate security group appear -- especially those in GE-CIRT -- I will let you know.

Thursday, July 02, 2009

Still Blogging

When I announced I would join General Electric as Director of Incident Response in June 2007, I had to post a follow-up titled I'm Not Dead. That issue even made it onto Bill Brenner's radar. Two years later I'm still at GE, glad that as of 1 January this year we have a functional and growing Computer Incident Response Team (CIRT) manned by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best incident handlers and support staff you'll find anywhere.

Sometimes work occupies time I would have previously spent blogging, reading, or writing. That's why you'll often see a flurry of blog posts when I have time on a weekend (or now, before a Company holiday). I've fallen far behind in my reading, and my writing is limited to articles. However, I will be collaborating with Keith Jones and team for Real Digital Forensics Volume 2, which should be cool. I don't have a schedule for ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r books beyond RDF2 at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 moment.


Richard Bejtlich is teaching new classes in Las Vegas in 2009. Late Las Vegas registration ends 22 July.

Tuesday, June 12, 2007

I'm Not Dead

Several of you leaving comments, posting your own blog entries, and sending me email seem to think my job at General Electric means I am dead. I am not dead, God willing. Let me reprint cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 second-to-last paragraph from that post:

What about writing here, or articles, or books? My boss supports my blogging and writing. I have never made a practice of posting "Look what I found at this client!" and he does not expect me to start doing so at GE. You can expect to read more about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sorts of techniques I'm using to address security concerns but never incident specifics or any information which would compromise my relationship with GE. The same goes for articles and books. I plan to continue writing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Snort Report and eventually write cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new works listed on my books page.

This blog has never been a site for "tell-all" activity. I don't discuss specifics about clients, or national security matters, or private information shared in a confidential manner. I started this blog when I worked at Foundstone, continued it at ManTech, and kept blogging with TaoSecurity. I intend to remain blogging, time- and interest-willing. Thank you.

Monday, June 11, 2007

Bejtlich Joining General Electric as Director of Incident Response

Two years ago this month I left my corporate job to focus on being an independent consultant through TaoSecurity. Today I am pleased to announce a new professional development. Starting next month I will be joining General Electric as Director of Incident Response, based near Manassas, VA, working for GE's Chief Information Security Officer, Grady Summers at GE HQ in Fairfield, CT.

My new boss reads my blog and contacted me after reading my Security Responsibilities post five months ago. He has created cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new Director position as a single corporate focal point for incident response, threat assessment, and ediscovery, working with GE's six business units and corporate HQ security staff. Grady reports to GE's Chief Technology Officer, Greg Simpson, and works closely with GE's Chief Security Officer, Brig Gen (USAF, ret) Frank Taylor. I will be building a team and I am pleased to have already met my first team member, a forensic investigator.

I am very excited about this new job. First, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scope of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 challenge is enormous. GE is probably just bigger than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Air Force (my closest related employer), with 350,000 users. The company's revenues last year exceeded $160 billion and its market capitalization currently exceeds $380 billion. GE is number 6 on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 2007 Fortune 500. In brief, I don't think cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's a way for me to get bored working to address GE's digital security concerns.

Second, I look forward to building and working with a team that has a defined, long-term objective. With few exceptions my consulting work has been short-duration engagements which don't allow me to develop security processes or implement products for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 long term. I have been impressed by all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security staff from GE I've met thus far, and encouraged by articles like Does GE Have cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Best IT? and GE's repeated rank as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 number one most admired company in America.

Third, I hope this new role will improve my family's quality of life. As an independent consultant I was constantly juggling marketing, public relations, business development, client relationships, accounting, invoicing, and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r non-tech tasks while trying to deliver quality services to customers and stay current on threats, vulnerabilities, and assets. Knowing my new "customer" on a continuous basis means I can focus my energy on my corporate work and not consider every waking moment a reason to accomplish anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r TaoSecurity task. While cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 financial rewards of working independently probably exceeded those of working for a corporation, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 personal cost of maintaining that business cycle is very high. I am also confident my travel requirements will be less for GE than cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y were for TaoSecurity.

What does this mean for TaoSecurity? Simply put, I will not be accepting any new consulting work or private teaching requests that cannot be accomplished by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of this month. I am currently fulfilling existing obligations, some of which may extend beyond cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 month. I am not joining GE because my independent work dried up; in fact, I've had to turn down four large engagements within cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last week because cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y would have to occur after cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 end of this month.

If you're wondering about public training classes, I recommend you review my TaoSecurity training schedule. You'll see only cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following are left:

That's it. I do not have any plans to be teaching again, although I have not ruled out cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 occasional conference presentation. There will definitely not be any private classes, and I imagine cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only public venue for a half-, full-, or two-day class would be USENIX or perhaps Black Hat Training next year, if eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r are interested. The bottom line is that if you want to take one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se classes before I no longer offer cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m, please sign up as soon as possible.

What about writing here, or articles, or books? My boss supports my blogging and writing. I have never made a practice of posting "Look what I found at this client!" and he does not expect me to start doing so at GE. You can expect to read more about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 sorts of techniques I'm using to address security concerns but never incident specifics or any information which would compromise my relationship with GE. The same goes for articles and books. I plan to continue writing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Snort Report and eventually write cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 new works listed on my books page.

Finally, I should note that both of my grandfacá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs retired from GE, so I have some personal history with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 company. I'd like to thank Grady Summers and everyone at GE that have helped me join this great organization.