Comments for The Revelator

Comment on Me & Mrs. Jones by Revelator

Revelator — Wed, 29 Oct 2008 21:59:19 +0000

You’re an angel Karen. Keep spreading the Gospel of OPSEC!
Revelator.

Comment on Me & Mrs. Jones by Karen Brown

Karen Brown — Wed, 29 Oct 2008 16:29:47 +0000

That was excellent! I’m posting copies in our Break Rooms. It shines an entertaining light on OPSEC!

Comment on Won’t Get Fooled Again by Revelator

Revelator — Tue, 21 Oct 2008 14:20:08 +0000

Thanks Numlock. Keep fighting the good fight brother!

Comment on Won’t Get Fooled Again by Frank Koza

Frank Koza — Tue, 21 Oct 2008 13:57:54 +0000

Yay!!! Great post. You finally hit the nail on the head, Rainman.

I keep having folks tell me that leadership doesn’t ‘get it’ about the importance of OPSEC and that they have no support or advocacy. I just tell them that we do a horrible job of teaching people how to properly qualitatively and quantitatively assess risk and how to do a cost/benefit analysis on measures. When you give your bosses crap, then expect crap back.

Now if ye can just convince them that it’s more than just protecting against communications intercept, open source, and social engineering.

Comment on I Wanna Be Sedated by Revelator

Revelator — Thu, 09 Oct 2008 17:42:17 +0000

Thanks for the kind words John. Of course you can use anything you find here - and please accept my thanks for spreading the Gospel of OPSEC. Revelator.

Comment on I Wanna Be Sedated by John Waller

John Waller — Thu, 09 Oct 2008 17:13:07 +0000

Sir: I really thought your “Anvils Awards” were excellent and creative and true. I will be teaching a Physical Security class at the Centers for Disease Control (CDC) in a few weeks and I wonder if you would let me use those in my classes (with attribution of course). In return, I will steer my students to your blog as an excellent source of OPSEC information…….John Waller

Comment on You Ain’t Seen Nothing Yet by Revelator

Revelator — Fri, 22 Aug 2008 16:58:21 +0000

There are many ways to handle that based on the significance of the compromise but I think the most important thing is that you know…that you are aware of the compromise and can now deal with the assumption that your adversary has this information.

Comment on You Ain’t Seen Nothing Yet by bigbeebopper

bigbeebopper — Thu, 21 Aug 2008 04:57:44 +0000

So then what do you do if there’s already been a compromise??

Comment on You Ain’t Seen Nothing Yet by Chris Cox

Chris Cox — Tue, 05 Aug 2008 21:37:50 +0000

Great point, Revelator. You’re absolutely right, and it’s clear that an OPSEC program is most effective (some would say ONLY effective!) when all of the entities are aware of it and understand how it applies to them.

Comment on You Ain’t Seen Nothing Yet by Revelator

Revelator — Tue, 05 Aug 2008 19:35:00 +0000

I don’t ask for management support right off the bat. I get with the webmaster or senior IT person to discuss how OPSEC can support network security. Once I’ve concvinced them that this is actually possible then we can find ways to mutually support each other. If we get to this point then we hit up leadership as a united front and increase our success rate (for whatever it is we want) exponentially. I realize there are 1,001 different scenarios for this and I’ve just touched on one. If you’ll go to the OPSEC Professionals Association web site you can ask any question you want to their bank of Subject Matter Experts. In this way you can be very specific and get back a very specific answer that should help you immediately.
Revalator