Profile cover photo
Profile photo
Rocky DeStefano
Just me, myself and I
Just me, myself and I

Rocky's posts

Post has attachment

Happy Birthday!  You’re 18 today. Now GTFO.  I’m kidding of course, you’ll always be our kid but as of today you legally an adult and I fully recognize that you are well on your way to becoming a man.

It’s up to you to become a man from here.  No one can give it to you, you must take ALL the necessary steps to earn it all yourself.  There is no man-card at the end but trust me you’ll know it when you get there.  People expect more of you now and that’s cute, but being a man is about expecting more of yourself and DOING IT!

I’ve screwed this whole “grown-up” thing up enough times to know what fails miserably even if I don’t always know what works flawlessly.  Here are some lessons I’ve learned the hard way over the years that may make your journey slightly less embarrassing and hopefully more efficient and ideally more enjoyable!

Love honesty; love fully.  You will get hurt, you will be disappointed; you will feel alone at times.   Yep and you will get wet when you are swimming.   Dive in and stay “engaged” with those you interact with.  Prioritize love over EVERYTHING else.  You are not promised anything on this Earth allow yourself to be loved and to give love.  Love is the only unlimited resource we have.  Learn to use it.

Time is infinitely more valuable than money.  Invest in the right people to be close to you.  

Earning – Work.  Work hard.  Do more everyday to earn more.  If your job is the same day in and day out it is your fault.  Go get more.

Investing - Seek council and heed that council.  Save first and consider the money you spend as an investment in whatever you are spending it on.  

Spending - Do your best to spend on things that will improve your life not just on things that will make you happy.  Don’t spend more than you have, but don’t be afraid to spend or give, you will be earning that money.  

Work hard every day.  Doesn’t matter at all what you do, but when you do it put in all your effort to make it better.  You’ll learn not only that job but why it exists and from there you’ll have greater visibility and access to better things.   

Take time for yourself physically, mentally and spiritually.  Improve yourself in each area.  Lack of focus on one or more of these can severely impact you and those you love.  

Limits are for people without vision, without passion and without a willingness to act.  Put out the effort and you can do whatever you want.    (Note: May not always apply to speed limits.)

Lead every interaction with trust, verify as necessary.  Yes there are bad people and horrible situations out there.  Be aware of them but most people are genuine.  Trust yourself enough to recognize the difference and to pull yourself out of crappy situations when necessary.  If it feels sketchy find out why.

People are generally willing to help others out if asked so don’t be afraid to ask for help when you need it, but respond in kind when you can.  If you can’t help physically or financially that’s ok but at least offer kindness in return.  Seek to improve the life of those around you.  If a situation presents itself to you don’t wait for someone else to act, contribute towards a solution.

Like work, you should learn everyday.  It doesn’t matter what it is you can learn from ANYTHING.  Observe and understand!   Almost always the greatest realizations you will have will come from the most unexpected places.  But unless you are constantly learning you won’t recognize it when it happens.

Give it fully at all times and you’ll earn it in return.    There are no shortcuts.

Seek to understand.  Everyone has his or her own “lens”.  Always remember to see things through their lens as you engage with them.  Empathy is a learned concept for us (at least for you and I) the first step it to understand their perspective and appreciate that based on their background it is probably a totally valid point.  If it needs to be refined that is fine, but refining is a valuable process for everyone involved.

Rule #1 - Listen first!
Socialize, collaborate, and interact.   Care about people and they will care about you.  Communicate clearly at their level.  Show them you care by listening and responding earnestly.  Feedback is important.  If you have expectations of people, tell them.  

I fail at this miserably go ask your mom for advice on this topic. The best I can offer you is this:  the more you can feel for someone the more you can be patient with them.  Lack of patience will cut short any gains you may have otherwise benefitted from.

Be Generous:
Give freely without expectation.  Show with your time, love, energy, resources and money that you care about others.

Learn to use others strengths to further the mission.  You can’t do everything yourself.  Trust and expect people to deliver and almost every time they will.   If they don’t find out why and fix that problem.   

See a problem, solve a problem – Never be afraid to fail.  Just do it and fix as necessary. 

Always let your default inclination tend towards ACTION.   It takes action to create movement so if you’re stuck – do something about it!

You primary job as an adult is to help others.  We are all simply stepping-stones for the next generation to progress.  You can lie down and others will decide where on the floor you will reside or you can decide for yourself how tall the next step is and go do it.    

Always have fun!  If it sucks find a way to make it fun!

Oh yeah:

We Love you!


"Mommy & Daddy, I know where Heaven is!" Ok, Nico (my 6 year old son) go on... "Earlier today I saw a pterodactyl shaped cloud in the sky. I know all the pterodactyl's are dead. That must mean that when we die we turn into clouds. If you die happy you turn into a white fluffy cloud. If you die sad you will turn into a rain cloud!" Hard to argue with that logic.

Post has attachment

VisibleRisk on Enterprise Visibility and the beginning of Enterprise Defensibility.

Post has attachment

The Defensible Enterprise
APR 18, 2012

This overview post kicks off a multi-part series on Defensible Enterprise, Enterprise Visibility and Perspective.

Maybe someday I’ll create a series of posts outlining the absolute failures of our tools, processes or teams but as it stands I’m pretty sure any data breach report or yearly incident summary points our those failures rather effectively. I’ll just summarize my points and say the following: The playing field is constantly morphing both because of the constant people, data, technology changes within our organizations and because our adversaries have the ability to change the rules to benefit them at any point. Yet here we are defending our outdated, stagnant and porous enterprises against adversaries who don’t really even have to think all that hard about how to score. You can look at it as a lost cause or you can put your big boy pants on and say “Bring it on A-Holes”.

One of our goals is to help organizations achieve a state of “defensibility”. Initially when we talk about defensibility we’re really focused on understanding what it is we are protecting, what tools are available to us and how we can maximize our effectiveness in detecting and/or minimizing the impact of a compromise. In short we want define the weapons we have at our disposal to allow us to “adapt and overcome”.

The approach I’ve been focused on incorporates a few key areas that help enable a more defensible enterprise.

Enterprise Visibility

Enterprise Visibility: “All the Data All the Time”

The idea that I try to get across is that certain tools like Log Management/SIEM are good but not nearly enough when you are building a true Enterprise Visibility capability within your organization. I’ll dig into this much deeper in the next post, but in the end you need the ability to “see” everything, Logs (Operating Systems, Application, Network, Security), Forensic Data (Host, Network and Memory) and User information as well as all the “context” residing throughout your enterprise.

Context: “Oh wait – THAT user/system/data was compromised?!?!?!?!”

Vulnerability Scan information and Asset Information are fairly common (and very important) examples but not nearly the end of the resources required to be successful. Having ALL of the information available, immediately, is required. Obviously this information may be key to understanding technical aspects and increasing efficiency but in many cases it is the key to unlocking the actual impact to the organization. Often times the context is the sole piece of information necessary to understand the Risk the organization actually faces.

Speed: “Time to Identification/Remediation”

There are three measurements that matter to me. 1. What is the impact, 3. How fast can we detect and 3. How fast can we respond. Everything else is in the way. Your team needs tools, processes, expertise and authority to analyze and act. Without context and data available you’re spending precious time gathering it so it can be analyzed. Without expertise your wasting time asking others and without the authority to get all of that ahead of time you’re just on the JV team. If the time it takes your adversary to get into your network and extract data is measured in seconds to minutes and your change control window is measured in weeks – who wins?

Flexibility: “Adapt and Overcome”

Change happens…. Eventually. This view must be annihilated if you want to succeed. You may need to dig into data you are uncomfortable with or enter conversations above your pay grade to find what you need. Obstacles are simple delay mechanisms, crush them and if you cannot break them then go around them. Yep I’m telling you it is ok to break the “rules”. If you need to move or adjust your tools to gain better perspective of an active incident – DO IT. Certainly if you can bake that into the process ahead of time it makes it easier, but even if you can’t – make the change, beg for forgiveness and then update the policy afterward. Along the same lines if your security team is solely alert driven you are doomed to fail. Find new ways to conduct analysis with the data you have available or can get. (more on this topic soon). You should be updating your tools, processes, expertise on an hourly, or at least daily basis.

Expertise: “Singer, Songwriter, Choreographer, Lawyer, Doctor, Firefighter, Astronaut, Meter Maid, Special Agent, Fashion Designer and Clown”

We must have expertise in so many areas, Security Analysis, Incident Response, Forensics, Malware Reversing, Threat Intelligence, Security Architecture and in soft skills like Advising, Coaching and Mentoring. Plus you have to do it on a training budget of $1500/yr. Great people want to work on great teams. Invest in your team (time, energy and dollars).

Process: “Standardized yet Flexible”

Our goal is to create a fast, flexible set of processes and information that experts can manage and bring down the time to identify and remediate incidents. We should be able to execute a “game plan” without having to write the play book each time. Everyone involved should know the plan, authority and responsibilities established and trained against. The “norm” in response should not be based on Herculean efforts. That said your plan needs to allow for an audible. A good plan will have everyone’s buy-in and trust.


I believe these stated goals are realistically attainable and at the same time I fully understand that all of these require significant investment across the board. The reality of our situation is pretty simple, our adversaries have changed the game. If you or your executive team don’t like it - “tough sh!t”. Seriously. Unless you don’t mind all of your information exposed, indexed and simply common knowledge by the rest of the world you had better figure out how to start to move past your checklists and trust in outdated methodologies and move towards allowing your people to do their jobs to the best of their ability. The high-level steps identified in this post go a long way towards positioning your team in that direction. It’s a compass not a GPS.

Thanks for reading! Next week I’ll post my “Enterprise Visibility” chart and definitions. A new look on something I’ve been trying to articulate for years. In that post I’ll explore some of the goals necessary to reach a point of Enterprise Visibility in your organization. The “Perspective” post is a simple view into understanding what it is exactly you are able to see and what gaps you still may have. A very simple but illuminating task. Until next time. - Rocky

Post has attachment
This has to be one of the worst examples of "encouraging the right behavior" I've ever seen.

A small sample of some fantastic Information Security Professionals.

Rocky DeStefano shared a circle with you.

Post has attachment
The reviews of this book ( paint a very different picture from one of the men I grew up idolizing. Of course I knew he wasn't perfect none of us are anywhere near perfect. Hell, most days I'm not sure I'd even classify myself as "good" or "adequate" but I always had pictures in my mind of people I wanted to emulate. Both in work ethic and in caring.

The portrait the excerpts I've read outline his suffering, physical and emotional pain and his escapes (pain killers, women, thoughts of suicide, etc) bring crashing to earth the picture in my head of a warrior on the gridiron that could leap over a pile of defenders or crash right through them at will. A man that rose above men a foot taller than him because of his heart and passion for the game and the people around him. I don't know perhaps in spite of his pain the fact that he did all of that makes it even more fantastic of a story?

Growing up in Chicago during Payton's prime everyone had Roo's (before Jordan's came out). You couldn't put anything in that pocket but you had to have them and you'd swear they made you faster and jump higher. Sweatbands even further aligned you with Payton's abilities well and of course our Funky QB at the time.

Watching Sweetness run over the initial set of bodies that Suhey left behind was exciting everydown. Sure Singletary, Hampton, Dent, Gayle, Fencik, Gault were all great players with killer abilities but Payton had everyone's heart - He lead the team, the city and the imagination of every young man dreaming of playing football in their yards. For years as kids we'd go to the bus stop a hour early every morning just to play football in the yards near the bus stop. Drenched in sweat, mud, snow, and blood we'd start our school day thinking about how we did our best to emulate a great man in the only way we knew how and how we could get even better the next day!

Sweetness - I think I'll skip this book and remember you as the guy who helped influence a "never quit" attitude in me and so many others.

Post has attachment
Just a quick note - I'll be speaking on a couple of panels at this year's MIRcon in Alexandria, VA (Oct 11 &12). Should be both fun and engaging - can't wait!

If finding excuses to not exercise and complaining about exercising when I do get out there actually burned calories I'd have my own p90 series of dvd's by now. One little bike ride and I'm cooked. New bike is definitely better than anything I've ever ridden before - I'm not worthy.

Someone recognized my last name today at the Dentist office and then once she confirmed that I was in fact married to that "wonderful MFM" she proceeded to tell me about how fantastic of a Doctor my wife is and how awesome the staff is over there at her office.

The lady told me in depth about her experience (actually her and her daughter's experiences) and that not only how wonderful of a surgeon/clinician Kim is but what separates her from other MD's is how she can connect with each and every patient and treat them in such a very real caring manner - much more akin to a relationship than a service provider.

It's an amazing feeling to see my wife achieve so much over the years and so much of it is based on how human she is. Sure she's brilliant (save her taste in husband) and she's extraordinarily gifted in medicine but what I'm so very proud of her for is what she has built in this community and more importantly how she has done it. She's changed hearts and minds about how speciality OB work should be done - and the impact spans across referring physicians, patients and hospital staff.

Man I feel like such a slacker. A very lucky one.
Wait while more posts are being loaded