Profile

Cover photo
Anton Chuvakin
Works at Gartner
Attended SUNY Stony Brook
Lives in San Francisco, CA
3,107 followers|1,807,813 views
AboutPostsPhotosVideos+1'sReviews

Stream

Anton Chuvakin

Shared publicly  - 
 
This is so relevant to #RSAC  -- see you there next week! :-)
1
Kristian Hermansen's profile photo
 
I don't have time for corporatey salesy bullshit, that's why I'm not going! ;)
Add a comment...
 
“provides you with a single tool to communicate with the security components in your network and consolidates the information they collect into useful knowledge for making security-related decisions”  <- a quote from some cool security analytics vendor of 2015? Nah, this is SIEM marketing from 1998....
7
Anton Chuvakin's profile photoIan Tibble's profile photo
3 comments
 
I don't mean it died in 1998, that was tongue-in-cheek based on some past exchanges :) So post-2010 I've personally seen a few pockets where better things are happening, and across the board there is at least a grudging recognition that at least one "IT"y person has to be involved in infosec projects at some point:) Despite positivity mantras there is still a huge problem with skills. Getting older doesn't mean more maturity. Think Step Brothers (2006) :)
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
"Old technologies never die, they are just given an HTML5 interface and have the word “next generation” prefixed to the name."
Endpoint security is making a comeback, and there may be no stopping it
7
1
Bert Knabe's profile photo
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
"One in four midsize organizations does not have a dedicated information security role in-house. This must change [...]"  http://www.gartner.com/document/3013520 [Gartner access required to read]
Are you new to Gartner? Register now. Read our privacy policy. Gartner is the world's most trusted source of independent IT research and advice. We provide the insights you need to grow your business and improve your competitive position. © 2015 Gartner, Inc. and/or its Affiliates.
4
Jeff Hall's profile photo
 
Nice idea but not going to happen. They cannot afford them. But when they can afford them, the companies that offer more seduce them away.
Add a comment...

Anton Chuvakin

Shared publicly  - 
2
Anton Chuvakin's profile photoFred Cohen's profile photo
3 comments
 
Count me out then...
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
Security conferences "are for learning from your peers what the future is going to be, because we shape it /together/. To be specific, the offensive community shapes it, and the defensive community gets dragged behind it helplessly, like a toddler trying to walk a Rottweiler"  <- a fun quote from +Dave Aitel 
[Dailydave] INFILTRATE and cupcakes. Dave Aitel dave at immunityinc.com. Fri Feb 20 11:35:13 EST 2015. Previous message: [Dailydave] Event Cores are Awesome When Done Right In Implants. Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] ...
8
1
Ian Tibble's profile photoJeff Hall's profile photoDave Aitel's profile photo
3 comments
 
No one executes their tasks 100% of the time 24x7 because we're not machines. That is why we need layers so that we can cover the gaps that occur due to human error. Unfortunately, because of crappy execution, there are too many gaps and the layers offer too many opportunities to penetrate the security of the organization.
Add a comment...
Have him in circles
3,107 people
Les Bell's profile photo
Jason Wood's profile photo
Jamie Riden's profile photo
James McGovern's profile photo
Mark Martorano's profile photo
Blue Base Computer Security's profile photo
121mcv Sales and Marketing's profile photo
Santiago Monterrosa's profile photo
Anaheim Medical Group's profile photo
 
"We’ll be here after the investors doing stupid deals wash out and wonder why they couldn’t make money on the 12th company entering the security analytics business. We’ll be here when the next compliance mandate comes and goes, just like every other mandate.
We’ll be here because security isn’t just a job. It’s a calling. "
4
2
Bert Knabe's profile photoGabriel Sfestarof's profile photo
Add a comment...
 
Read our letter to U.S. House and Senate leadership on how our surveillance laws should be changed. Then add your name to show your support. #United4NSAReform
2
1
Bert Knabe's profile photo
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
"In a 2013 filing, the company revealed that its corporate IT policy was to patch “high severity vulnerabilities” within three to six months of a software patch becoming available, according to a company response to a 2013 audit by the U.S. government’s Office of Personnel Management."  <- more fun security fail!
In-brief: A 2013 audit of Anthem Inc. contains a number of red flags about the company's internal information security practices, and suggests Anthem was trying
5
4
Danielle Drew's profile photoHank Drew's profile photo
Add a comment...
 
"regional resellers of Point of Sale (PoS) systems that have suffered multiple breaches, “when asked about PCI compliance, have never heard of the organization.”"   <- sad hilarity ensues!
With compliance frameworks expanding, becoming more complicated and covering more things, some organizations say they are overwhelmed with trying to keep up. Experts are sympathetic, but say the alternative is to increase the risk of being breached, which would be much worse.
3
Ian Gorrie's profile photoAndrew van der Stock's profile photo
3 comments
 
I'm ex big 4. I know what you mean
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
A fun PCI read!!
 
Here is the link to the 2015 PCI Compliance Report -Insiders Page. I hope you will find this interesting. If any questions, do not hesitate to ping me.
1 comment on original post
9
Bert Knabe's profile photo
 
That's a word I've never seen used with PCI. :^)
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
"Our team at Gartner is HIRING again! Join Security and Risk Management Strategies (SRMS) team at Gartner for Technical Professionals (GTP)!"
Anton Chuvakin Research VP 2+ years with Gartner 14 years IT industry. Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio Coverage Areas: ...
5
1
Joe Klein's profile photoLuis SAIZ GIMENO's profile photo
 
Glad you are not leaving --- might be interested.
Add a comment...
People
Have him in circles
3,107 people
Les Bell's profile photo
Jason Wood's profile photo
Jamie Riden's profile photo
James McGovern's profile photo
Mark Martorano's profile photo
Blue Base Computer Security's profile photo
121mcv Sales and Marketing's profile photo
Santiago Monterrosa's profile photo
Anaheim Medical Group's profile photo
Education
  • SUNY Stony Brook
  • Moscow State University
  • State University of New York at Stony Brook
Basic Information
Gender
Male
Relationship
Married
Other names
Anton, Dr. Anton
Story
Tagline
Information Security and Having Fun
Introduction

Dr. Anton Chuvakin is a Research VP at Gartner for Technical Professionals (GTP)  Security and Risk Management Strategies team.

He is a recognized security expert in the field of log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, correlation, data analysis, PCI DSS, security management, honeypots, etc . His blog securitywarrior.org was one of the most popular in the industry. 

In addition, Anton teaches classes (including his own SANS class on log management) and presents at many security conferences across the world; he recently addressed audiences in United States, UK, Singapore, Spain, Russia and other countries. He worked on emerging security standards and served on the advisory boards of several security start-ups.

Before joining Gartner in 2011, Anton was running his own security consulting practice www.securitywarriorconsulting.com, focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations. Dr. Anton Chuvakin was formerly a Director of PCI Compliance Solutions at Qualys. Previously, Anton worked at LogLogic as a Chief Logging Evangelist, tasked with educating the world about the importance of logging for security, compliance and operations. Before LogLogic, Anton was employed by a security vendor in a strategic product management role. Anton earned his Ph.D. degree from Stony Brook University.

Bragging rights
I write books (among other things)
Work
Occupation
Research Vice President @ Gartner for Technical Professionals
Skills
Information security, strategy, security architecture, SIEM, PCI DSS, etc
Employment
  • Gartner
    Research Vice President, 2014 - present
    Anton Chuvakin is a Research VP at Gartner's GTP Security and Risk Management group. Previous Experience Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist, research, competitive analysis, PCI DSS compliance, and SIEM development and implementation. He is an author of the books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II," "Information Security Management Handbook" and other books. He has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS and security management. His blog "Security Warrior" was one of the most popular in the industry. In addition, Mr. Chuvakin has taught classes and presented at many security conferences across the world; he recently addressed audiences in the U.S., the U.K., Singapore, Spain, Russia and other countries. He has worked on emerging security standards and served on advisory boards of several security startups.
  • Gartner
    Research Director, 2011 - 2014
    Anton Chuvakin is a Research Director in Gartner's GTP Security and Risk Management group. Previous Experience Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist, research, competitive analysis, PCI DSS compliance, and SIEM development and implementation. He is an author of the books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II," "Information Security Management Handbook" and other books. He has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS and security management. His blog "Security Warrior" was one of the most popular in the industry. In addition, Mr. Chuvakin has taught classes and presented at many security conferences across the world; he recently addressed audiences in the U.S., the U.K., Singapore, Spain, Russia and other countries. He has worked on emerging security standards and served on advisory boards of several security startups.
  • Security Warrior Consulting
    Principal, 2009 - 2011
  • Ubizen
    Research Analyst, 2001 - 2002
  • netForensics
    Strategist, 2002 - 2006
  • LogLogic
    Chief Logging Evangelist, 2006 - 2008
  • Qualys
    Director of PCI Compliance Solutions, 2008 - 2009
  • SUNY Stony Brook
    1996 - 2001
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
San Francisco, CA
Previously
Russia - Moscow, Russia - Stony Brook, NY - Boston, MA - Edison, NJ - Sunnyvale, CA - Redwood Shores, CA
Anton Chuvakin's +1's are the things they like, agree with, or want to recommend.
Signature-based Intelligence Resulted In Tragedy: A Lesson For Cyber Int...
jeffreycarr.blogspot.com

The New York Times reported yesterday that a drone strike mean't to kill four Al Qaeda terrorists also killed two hostages that no one knew

A Good IPS Isn’t Necessarily a Good IDS - Neil MacDonald
blogs.gartner.com

Is IDS dead? Not at all. I previously blogged that complete protection will require a combination of prevention and detection. Protection =

Why Requirement 5 Must Change
pciguru.wordpress.com

This issue came to a head recently when a colleague of mine attended an ISSA chapter meeting where there was a session given on anti-virus b

Opinion: Security firm’s Iran report mostly hype - CSMonitor.com
www.csmonitor.com

A new report from the security firm Norse that claims growing Iranian cyberattacks on critical infrastructure relies on questionable data. I

AEI - Norse: Subverting Cyber Security Research For Political Fear-Monge...
jeffreycarr.blogspot.com

"I was recently invited to participate in a cyber security dinner discussion by a few members of a well-known Washington D.C. think tank. Th

Unfair
www.economist.com

NOT long ago, Russia and Ukraine's finances looked very precarious. But now one of those countries is doing a lot better. Surprisingly, it i

The Russian financial rally: Unfair | The Economist
www.economist.com

NOT long ago, Russia and Ukraine's finances looked very precarious. But now one of those countries is doing a lot better. Surprisingly, it i

Airlines in America: Getting worse | The Economist
www.economist.com

THOSE who are convinced that airlines in America are engaged in a precipitous race to the bottom have just received a further piece of evide

Securosis Blog | Incite 4/15/2015: Boom
securosis.com

S, M, T, W, T, F, S. 29, 30, 31, 1, 2, 3, 4. 5, 6, 7 · 8 · 9 · 10, 11. 12, 13, 14, 15 · 16, 17, 18. 19, 20, 21, 22, 23, 24, 25. 26, 27, 28,

Security: Top Twitter Influencers to Follow
www.techopedia.com

Stay on top of the latest news and views on cybersecurity by following these top influencers on Twitter.

The Data Science Venn Diagram
drewconway.com

On Monday I—humbly—joined a group of NYC's most sophisticated thinkers on all things data for a half-day unconference to help O'Reily organi

The Wolves of Vuln Street - The First System Dynamics Model of the 0day ...
hackerone.com

Katie Moussouris has been working with economics and policy researchers from MIT and Harvard to study the economic forces behind the 0day ma

Про
sir-archet.livejournal.com

Мы переспали случайно. Утром я что-то делал, звонил кому-то, и, может быть, через полчаса - заметил её глаза. Густые волосы, высокие скулы.

Cyber Deterrence in Action? A story of one long HURRICANE PANDA campaign...
blog.crowdstrike.com

Most companies tend to think of intrusions as discrete and infrequent events. The narrative often goes like this: a company gets breached, t

Persistence Testing vs Penetration Testing
lockboxx.blogspot.com

Hey all! For the last 6 months I've been involved in some really cool and innovative takes on traditional penetration testing, something I c

The life of a US Army Infantryman.
imgur.com

The Internet's visual storytelling community. Explore, share, and discuss the best visual stories the Internet has to offer.

If You Add Drunk People to Fitness Quotes, Things Get Hilarious - Random...
randommization.com

Fitspiration quotes are meant to get you to work harder, exercise harder. But like all other things, they do tend to get overboard. Reddit u

Я обрыдался
iadminko.livejournal.com

Захожу на сайт (не спрашивайте, как я туда попал!) специалистов по компам. Ультраэксперты. Когда я присмотрелся к картинкам, я ржал аки конь

Insider Threats: Focus On The User, Not The Data
www.darkreading.com

Global cybersecurity spending will hit almost $77 billion in 2015, so why are there more high-profile leaks than ever?

Cyber Threat Analytics All in One Platform | Big Data Cyber Analytics
www.ikanow.com

Are you looking to minimize the number of applications required to perform cyber threat analysis? Our platform provides powerful cyber threa

Fun tapas, decent service...
Public - 2 weeks ago
reviewed 2 weeks ago
Excellent place, creative cuisine
Public - a month ago
reviewed a month ago
Love,love, love the mussels. Taste, presentation, experience are awesome indeed.
Public - 3 months ago
reviewed 3 months ago
221 reviews
Map
Map
Map
Most excellent French food in Tahoe - yes, even frog legs. Excellent service, good advice on wines [good match at not-so-scary price!] and superb experience overall. And, yes, great desserts too: I had a chocolate currant bread pudding - awesome!
Public - a month ago
reviewed a month ago
Excellent Mediterranean food, they have have the right Turkish coffee
Public - 3 months ago
reviewed 3 months ago