Richard Bejtlich



About speaker:
Richard Bejtlich is founder of TaoSecurity (, a company that helps clients detect, contain, and remediate intrusions using network security monitoring (NSM) principles. Richard was previously a principal consultant at Foundstone, performing incident response, emergency NSM, and security research and training. He created NSM operations for ManTech International Corporation and Ball Aerospace & Technologies Corporation. From 1998 to 2001 then-Captain Bejtlich defended global American information assets in the Air Force Computer Emergency Response Team (AFCERT), performing and supervising the real time intrusion detection mission.

Formally trained as an intelligence officer, Richard is a graduate of Harvard University and the United States Air Force Academy. He authored the critically acclaimed Tao of Network Security Monitoring: Beyond Intrusion Detection in 2004 and Extrusion Detection: Security Monitoring for Internal Intrusions in 2005. Richard co-authored Real Digital Forensics, and contributed to Hacking Exposed, 4th Ed., Incident Response, 2nd Ed., and several Sys Admin magazine articles. He writes for his Web log ( and teaches at USENIX.

The Self-Defeating Network

Many product vendors claim to have the answer to your security problems. It’s been over fifteen years since commercial security tools first appeared on the market, but it’s tough to understand where all our money went. In this presentation I argue that the focus on preventingintrusions has diverted valuable time and resources away from the most basic aspect of digital security: understanding your enterprise. By touring the Self-Defeating Network, you’ll learn what not to do, and how network security monitoring with open source tools can help you make the most of your defensive resources.