Profile

Cover photo
Anton Chuvakin
Works at Gartner
Attended SUNY Stony Brook
Lives in San Francisco, CA
3,118 followers|1,823,572 views
AboutPostsPhotosVideos+1'sReviews

Stream

Anton Chuvakin

Shared publicly  - 
 
"The security software market grew 5.3% in 2014, touching $21.4 billion in revenue. The fastest-growing subsegment in security was SIEM (software and appliance combined), which grew 11% in 2014"  <- #SIEM  is dead? Ha-ha-ha-ha!  (from http://www.gartner.com/document/3054132 - Gartner access reqd)
Are you new to Gartner? Register now. Read our privacy policy. Gartner is the world's most trusted source of Independent IT, Marketing and Supply Chain Research and Advice. © 2015 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
6
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
"The rule is: Any bluescreens are the smaller company's fault, as far as your financial customers are concerned." <- if you fight attackers [and other vendor tools'] deep inside the kernel, prepare to take the blame for crashes! A fun piece by +Dave Aitel 
[Dailydave] VENOM Context in the HIDS/Implant space. Dave Aitel dave at immunityinc.com. Thu May 14 09:11:31 EDT 2015. Previous message: [Dailydave] 44CON London CFP Open; Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] ...
3
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
"We’ll be here after the investors doing stupid deals wash out and wonder why they couldn’t make money on the 12th company entering the security analytics business. We’ll be here when the next compliance mandate comes and goes, just like every other mandate.
We’ll be here because security isn’t just a job. It’s a calling. "
4
2
Bert Knabe's profile photoGabriel Sfestarof's profile photo
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
“provides you with a single tool to communicate with the security components in your network and consolidates the information they collect into useful knowledge for making security-related decisions”  <- a quote from some cool security analytics vendor of 2015? Nah, this is SIEM marketing from 1998....
7
Anton Chuvakin's profile photoIan Tibble's profile photo
3 comments
 
I don't mean it died in 1998, that was tongue-in-cheek based on some past exchanges :) So post-2010 I've personally seen a few pockets where better things are happening, and across the board there is at least a grudging recognition that at least one "IT"y person has to be involved in infosec projects at some point:) Despite positivity mantras there is still a huge problem with skills. Getting older doesn't mean more maturity. Think Step Brothers (2006) :)
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
"Old technologies never die, they are just given an HTML5 interface and have the word “next generation” prefixed to the name."
Endpoint security is making a comeback, and there may be no stopping it
7
1
Bert Knabe's profile photo
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
"One in four midsize organizations does not have a dedicated information security role in-house. This must change [...]"  http://www.gartner.com/document/3013520 [Gartner access required to read]
Are you new to Gartner? Register now. Read our privacy policy. Gartner is the world's most trusted source of independent IT research and advice. We provide the insights you need to grow your business and improve your competitive position. © 2015 Gartner, Inc. and/or its Affiliates.
4
Jeff Hall's profile photo
 
Nice idea but not going to happen. They cannot afford them. But when they can afford them, the companies that offer more seduce them away.
Add a comment...

Anton Chuvakin

Shared publicly  - 
2
Anton Chuvakin's profile photoFred Cohen's profile photo
3 comments
 
Count me out then...
Add a comment...
Have him in circles
3,118 people
Ebi Hamedi's profile photo
Roads Less Travelled's profile photo
Dave Piscitello's profile photo
Liam Randall's profile photo
Ryan W Smith's profile photo
Richard Fifarek's profile photo
Esminee Rase's profile photo
Marc Rogers's profile photo
SANS Digital Forensics's profile photo

Anton Chuvakin

Shared publicly  - 
 
This is so relevant to #RSAC  -- see you there next week! :-)
1
Kristian Hermansen's profile photo
 
I don't have time for corporatey salesy bullshit, that's why I'm not going! ;)
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
Read our letter to U.S. House and Senate leadership on how our surveillance laws should be changed. Then add your name to show your support. #United4NSAReform
2
1
Bert Knabe's profile photo
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
"In a 2013 filing, the company revealed that its corporate IT policy was to patch “high severity vulnerabilities” within three to six months of a software patch becoming available, according to a company response to a 2013 audit by the U.S. government’s Office of Personnel Management."  <- more fun security fail!
In-brief: A 2013 audit of Anthem Inc. contains a number of red flags about the company's internal information security practices, and suggests Anthem was trying
5
4
Danielle Drew's profile photoHank Drew's profile photo
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
"regional resellers of Point of Sale (PoS) systems that have suffered multiple breaches, “when asked about PCI compliance, have never heard of the organization.”"   <- sad hilarity ensues!
With compliance frameworks expanding, becoming more complicated and covering more things, some organizations say they are overwhelmed with trying to keep up. Experts are sympathetic, but say the alternative is to increase the risk of being breached, which would be much worse.
3
Ian Gorrie's profile photoAndrew van der Stock's profile photo
3 comments
 
I'm ex big 4. I know what you mean
Add a comment...

Anton Chuvakin

Shared publicly  - 
 
A fun PCI read!!
 
Here is the link to the 2015 PCI Compliance Report -Insiders Page. I hope you will find this interesting. If any questions, do not hesitate to ping me.
1 comment on original post
9
Bert Knabe's profile photo
 
That's a word I've never seen used with PCI. :^)
Add a comment...
People
Have him in circles
3,118 people
Ebi Hamedi's profile photo
Roads Less Travelled's profile photo
Dave Piscitello's profile photo
Liam Randall's profile photo
Ryan W Smith's profile photo
Richard Fifarek's profile photo
Esminee Rase's profile photo
Marc Rogers's profile photo
SANS Digital Forensics's profile photo
Education
  • SUNY Stony Brook
  • Moscow State University
  • State University of New York at Stony Brook
Basic Information
Gender
Male
Relationship
Married
Other names
Anton, Dr. Anton
Story
Tagline
Information Security and Having Fun
Introduction

Dr. Anton Chuvakin is a Research VP at Gartner for Technical Professionals (GTP)  Security and Risk Management Strategies team.

He is a recognized security expert in the field of log management and PCI DSS compliance. He is an author of books "Security Warrior", "PCI Compliance", "Logging and Log Management" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and others. Anton has published dozens of papers on log management, correlation, data analysis, PCI DSS, security management, honeypots, etc . His blog securitywarrior.org was one of the most popular in the industry. 

In addition, Anton teaches classes (including his own SANS class on log management) and presents at many security conferences across the world; he recently addressed audiences in United States, UK, Singapore, Spain, Russia and other countries. He worked on emerging security standards and served on the advisory boards of several security start-ups.

Before joining Gartner in 2011, Anton was running his own security consulting practice www.securitywarriorconsulting.com, focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations. Dr. Anton Chuvakin was formerly a Director of PCI Compliance Solutions at Qualys. Previously, Anton worked at LogLogic as a Chief Logging Evangelist, tasked with educating the world about the importance of logging for security, compliance and operations. Before LogLogic, Anton was employed by a security vendor in a strategic product management role. Anton earned his Ph.D. degree from Stony Brook University.

Bragging rights
I write books (among other things)
Work
Occupation
Research Vice President @ Gartner for Technical Professionals
Skills
Information security, strategy, security architecture, SIEM, PCI DSS, etc
Employment
  • Gartner
    Research Vice President, 2014 - present
    Anton Chuvakin is a Research VP at Gartner's GTP Security and Risk Management group. Previous Experience Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist, research, competitive analysis, PCI DSS compliance, and SIEM development and implementation. He is an author of the books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II," "Information Security Management Handbook" and other books. He has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS and security management. His blog "Security Warrior" was one of the most popular in the industry. In addition, Mr. Chuvakin has taught classes and presented at many security conferences across the world; he recently addressed audiences in the U.S., the U.K., Singapore, Spain, Russia and other countries. He has worked on emerging security standards and served on advisory boards of several security startups.
  • Gartner
    Research Director, 2011 - 2014
    Anton Chuvakin is a Research Director in Gartner's GTP Security and Risk Management group. Previous Experience Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist, research, competitive analysis, PCI DSS compliance, and SIEM development and implementation. He is an author of the books "Security Warrior" and "PCI Compliance" and a contributor to "Know Your Enemy II," "Information Security Management Handbook" and other books. He has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS and security management. His blog "Security Warrior" was one of the most popular in the industry. In addition, Mr. Chuvakin has taught classes and presented at many security conferences across the world; he recently addressed audiences in the U.S., the U.K., Singapore, Spain, Russia and other countries. He has worked on emerging security standards and served on advisory boards of several security startups.
  • Security Warrior Consulting
    Principal, 2009 - 2011
  • Ubizen
    Research Analyst, 2001 - 2002
  • netForensics
    Strategist, 2002 - 2006
  • LogLogic
    Chief Logging Evangelist, 2006 - 2008
  • Qualys
    Director of PCI Compliance Solutions, 2008 - 2009
  • SUNY Stony Brook
    1996 - 2001
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
San Francisco, CA
Previously
Russia - Moscow, Russia - Stony Brook, NY - Boston, MA - Edison, NJ - Sunnyvale, CA - Redwood Shores, CA
Anton Chuvakin's +1's are the things they like, agree with, or want to recommend.
Panoramio - Untitled photo
www.panoramio.com

Photo-sharing community. Discover the world through photos.

Total cost of average data breach reaches $3.8 million
www.net-security.org

The average consolidated total cost of a data breach is $3.8 million, according to a Ponemon Institute study of 350 companies spanning 11 co

Is security really stuck in the Dark Ages? | CSO Online
www.csoonline.com

Amit Yoran’s colleagues didn’t agree with everything the RSA President said at his keynote last month. But most say he got the essentials ri

Highlights From Verizon Data Breach Report 2015 - Anton Chuvakin
blogs.gartner.com

With RSA 2015 and some writing deadlines (while analysts generally enjoy stress-free living, we do have deadlines too!), I almost forgot to

Journey Into Incident Response: SIEM Use Case Implementation Mind Map
journeyintoir.blogspot.com

Building out an organization's security detection capability can be a daunting task. The complexity of the network, number of applications/s

Top 10 Information Security Mistruths – IR Perspective | InfoSec Insights
seanmason.com

While I think most information security professionals understand that you can't fully secure a network, this doesn't stop many of them from

Alert fatigue: 6 steps for dealing with constant security alerts - The B...
www.bizjournals.com

The amount of noise streaming into the typical security organization’s work queue can quickly become overwhelming. Alert fatigue plagues eve

Security Intelligence and Big Data | – blog » Security Monitoring / SIEM...
raffy.ch

Visual analytics, security data visualization, security information management, big data, security intelligence, and compliance discussed by

What’s Your Security Maturity Level? — Krebs on Security
krebsonsecurity.com

Not long ago, I was working on a speech and found myself trying to come up with a phrase that encapsulates the difference between organizati

Geopolitical Calendar: Week of March 18, 2013
www.stratfor.com

Moscow's plans to strengthen its military presence in the Arctic Circle make neighboring countries nervous. Read more…

[Dailydave] VENOM Context in the HIDS/Implant space
lists.immunityinc.com

[Dailydave] VENOM Context in the HIDS/Implant space. Dave Aitel dave at immunityinc.com. Thu May 14 09:11:31 EDT 2015. Previous message: [Da

Dr Anton Chuvakin Blog PERSONAL Blog: SIEM Resourcing or How Much the Fr...
chuvakin.blogspot.com

One of the ugliest, painfulest, saddest issues with SIEM is resourcing. Yes, that SIEM appliance might set us back $75000 in hard earned sec

Making Threat Intelligence Feeds Work For You | Big Data Cyber Analytics
www.ikanow.com

Are threat intelligence feeds valuable? Do you subscribe to multiple threat intelligence feeds? IKANOW provides analytics on multiple threat

Experts debate the value and future of data loss prevention tools
searchsecurity.techtarget.com

Experts are unsure if data loss prevention tools can overcome inherent deployment complexities and gain a better-reasoned role in enterprise

Clumps in the Security Melting Pot
blog.norsecorp.com

Two kids are metasploiting random servers across the Internet. They come across a website advertising “Make a difference in the war against

Threat Intelligence Sharing: The First Steps
securityintelligence.com

Threat intelligence sharing is gaining acceptance and momentum in the security community. Here are a few suggestions to get started on the r

Speaking at the Honeynet Project
roer.com

This year, possibly for the first time, the Honeynet Project visit Norway with its full-week workshop! I am very excited by being invited to

Evaluating NASA’s Futuristic EM Drive | NASASpaceFlight.com
www.nasaspaceflight.com

A group at NASA's Johnson Space Center has successfully tested an electromagnetic (EM) propulsion drive in a vacuum - a major breakthrough f

Good fish soup, pleasant experience
Public - in the last week
reviewed in the last week
Public - in the last week
reviewed in the last week
Excellent place, creative cuisine
Public - 2 months ago
reviewed 2 months ago
223 reviews
Map
Map
Map
Fun tapas, decent service...
Public - a month ago
reviewed a month ago
Most excellent French food in Tahoe - yes, even frog legs. Excellent service, good advice on wines [good match at not-so-scary price!] and superb experience overall. And, yes, great desserts too: I had a chocolate currant bread pudding - awesome!
Public - 2 months ago
reviewed 2 months ago
Excellent Mediterranean food, they have have the right Turkish coffee
Public - 4 months ago
reviewed 4 months ago