#001 – Chris Pogue: Like a Chihuahua On a Pork Chop
Chris Pogue, Chief Information Security Officer at Nuix, has more than fifteen years’ experience and 2,000 breach investigations under his belt. Over his career, Chris has led multiple professional security services organizations and corporate security initiatives to investigate thousands of security breaches worldwide.
His extensive experience is drawn from careers as a cyber crimes investigator, ethical hacker, military officer, and law enforcement and military instructor. In 2010, Chris was named a SANS Thought Leader, ran an award-winning security blog (The Digital Standard), and has contributed to multiple security publications. Chris holds a Master’s Degree in Information Security and is also an adjunct cyber security professor at Southern Utah University. He also was a contributing author for Data Breach Preparation and Response: Breaches are Certain, Impact is Not.
Chris is just one of those guys in cyber security I knew I had to have on the show out of the gate. He is an extremely bright guy and very passionate about information security. He is also pleasure to talk to. He coined the methodology and term “Sniper Forensics” a few years back, and it had a huge impact on the way I approach digital forensic investigations.
In this interview we discuss his military background, his start as a penetration tester, his transition from tech to executive, books that have influenced him, using the scientific method, the merger of cyber crime and physical crime, training cyber security staff, the importance of communication skills, cognitive biases and Parkinson’s Law of Triviality, and much more.
I hope you enjoy this discussion. Please leave your comments below
Where you can find Chris:
[…] The second was an interview with Chris Pogue, CISO at Nuix. Chris shares his life and love affair with DFIR and the security industry, having started out as a pentester before moving into digital forensics and incident response, working with the likes of Harlan Carvey, Kristinn Guðjónsson, Corey Altheide, Matt Shannon to name a few. One of the main things I took away from this interview are his comments on examinations using the scientific method – get the data together and determine what it’s telling you, formulate a theory and then try to prove it wrong. Chris also mentioned that training employees helps as companies are hiring people but not investing them; as a result, examiners are getting the data but not knowing what to do with it, as seen in various breaches as of late. Examiners also need to be able to present their technical findings to a non-technical audience. One of the interesting comments he made was how people should be training like the military trains – fire 10,000 practice rounds down a range so that when you need to fire the one that counts you can hit the target. Having just participated in the FOR408 challenge day you can really see the benefit of streamlining your process so that you can perform in an instant rather than taking your time. It’s worth taking advantage of some of the automated processes in the tools and double-checking that they’re accurate when you have time so that you can trust (but verify) them when you need answers fast. #001 – Chris Pogue: Like A Chihuahua On A Pork Chop […]