About
30 years of consulting experience in cybersecurity leadership, incident response, dark…
Articles by Ken
-
Cyber Threat Intelligence (CTI) Actionability
Cyber Threat Intelligence (CTI) Actionability
CTI “Actionability” is a marketing buzzword used all too often, without any quantification or achieving that in…
-
Credibility as a Cybersecurity Consultant
Credibility as a Cybersecurity Consultant
Credibility, the quality of being trusted and believed in, is a critical factor of trust to establish as a…
5 Comments -
Risk-Based Threat & Vulnerability Management (TVM) Program
Risk-Based Threat & Vulnerability Management (TVM) Program
The very large majority of Threat and Vulnerability Management (TVM) programs I’ve seen, in 30 years of consulting, are…
Activity
-
Bogus Basin Announces Bitterroot Chairlift Grand Opening, Full Lift Operations, and START OF Night Operations With Up to 16 Additional Inches of…
Bogus Basin Announces Bitterroot Chairlift Grand Opening, Full Lift Operations, and START OF Night Operations With Up to 16 Additional Inches of…
Liked by Ken Dunham
-
How do you think AI will impact the future of threats and your threatscape? https://lnkd.in/gRXRMvqm
How do you think AI will impact the future of threats and your threatscape? https://lnkd.in/gRXRMvqm
Shared by Ken Dunham
-
What lies ahead in the future!? I love this topic! Read my thoughts and that of my colleagues here...https://lnkd.in/gzevXnww
What lies ahead in the future!? I love this topic! Read my thoughts and that of my colleagues here...https://lnkd.in/gzevXnww
Posted by Ken Dunham
Experience
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Education
-
Eastern Oregon University
Joseph D. Novack's theories on learning how to learn, Gartner on multiple intelligences, and studies in the classroom for alternative assessment of multiple intelligences utilizing semantic mapping and rubrics.
Licenses & Certifications
-
-
-
Certified Information Systems Security Professional (CISSP)
ISC2
Credential ID 82654 -
SANS - Multiple Certifications
SANS
Credential ID GCFA Gold, GCIH Gold, GSEC, GREM Gold, GCIA
Publications
-
Android Malware and Analysis
CRC Press
The rapid growth and development of Android-based devices has resulted in a wealth of sensitive information on mobile devices that offer minimal malware protection. This has created an immediate need for security professionals that understand how to best approach the subject of Android malware threats and analysis.
Other authors -
-
Mobile Malware Attacks and Defense by Ken Dunham
Syngress
See publicationAlso available in Chinese at https://www.amazon.com/9787030345752-Genuine-malicious-attacks-prevent/dp/B008RGFQPS/ref=sr_1_3?ie=UTF8&qid=1551116028&sr=8-3&keywords=%22ken+dunham%22.
-
Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet
Auerbach Publications
Originally designed as neutral entities, computerized bots are increasingly being used maliciously by online criminals in mass spamming events, fraud, extortion, identity theft, and software theft. Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet explores the rise of dangerous bots and exposes the nefarious methods of “botmasters”. This valuable resource assists information security managers in understanding the scope, sophistication, and criminal uses of…
Originally designed as neutral entities, computerized bots are increasingly being used maliciously by online criminals in mass spamming events, fraud, extortion, identity theft, and software theft. Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet explores the rise of dangerous bots and exposes the nefarious methods of “botmasters”. This valuable resource assists information security managers in understanding the scope, sophistication, and criminal uses of bots.
With sufficient technical detail to empower IT professionals, this volume provides in-depth coverage of the top bot attacks against financial and government networks over the last several years. The book presents exclusive details of the operation of the notorious Thr34t Krew, one of the most malicious bot herder groups in recent history. Largely unidentified by anti-virus companies, their bots spread globally for months, launching massive distributed denial of service (DDoS) attacks and warez (stolen software distributions). For the first time, this story is publicly revealed, showing how the botherders got arrested, along with details on other bots in the world today. Unique descriptions of the criminal marketplace – how criminals make money off of your computer – are also a focus of this exclusive book!
With unprecedented detail, the book goes on to explain step-by-step how a hacker launches a botnet attack, providing specifics that only those entrenched in the cyber-crime investigation world could possibly offer.
Authors Ken Dunham and Jim Melnick serve on the front line of critical cyber-attacks and countermeasures as experts in the deployment of geopolitical and technical bots. Their work involves advising upper-level government officials and executives who control some of the largest networks in the world. By examining the methods of Internet predators, information security managers will be better able to proactively protect their own networks from such attacks.Other authors -
-
Bigelow's Virus Troubleshooting Pocket Reference (Pocket References
McGraw-Hill
See publicationIdentify, Diagnose and Combat Computer Viruses Now!
With the growing number of viruses infecting computers - and an increasing level of damage - safeguarding your system has never been more important than now. This useful pocket reference shows you how to detect viruses, what steps to take once infected, and how to prevent future attacks. Concise and thorough, this handy guide contains all you need for diagnosing and troubleshooting destructive computer viruses - including the newest…Identify, Diagnose and Combat Computer Viruses Now!
With the growing number of viruses infecting computers - and an increasing level of damage - safeguarding your system has never been more important than now. This useful pocket reference shows you how to detect viruses, what steps to take once infected, and how to prevent future attacks. Concise and thorough, this handy guide contains all you need for diagnosing and troubleshooting destructive computer viruses - including the newest generation of network email worms.
Inside you'll find out about:
Exposed Virus Myths and Hoaxes
Antivirus Laws
Symptoms of Infection
Antivirus Software Scanning Methods
Submitting Virus Samples for Analysis
Repair and Rescue of Damaged or Lost Files
Virus Reinfection and Risky Behavior
Essential Emergency Software
Alternative Operating Systems and Procedures
Recommended Removal Procedures
Renowned anti-virus professional Ken Dunham reveals various troubleshooting scenarios, making this practical reference invaluable for all computer professionals and technicians. -
HyperCard Roundup
Self-Published
Printed and electronic book, including source code, for programming HyperText applications on Macintosh.
-
AVIEN Malware Defense Guide for the Enterprise
Syngress
See publicationContributed Wicket Rose & NCPH Hacking crew exclusive, pages 194-200, 219.
Courses
-
Cyber Security Interdependencies Summits
-
-
Cyber Storm I & II (DHS) - cyber exercise
-
-
Operation Silent Horizon (CIA) - cyber exercise
-
Projects
-
Merryxmas Watcher 2.0
-
Top downloaded Macintosh software in the world, with over 1M downloads a month; freeware antivirus.
Honors & Awards
-
ISSA International Article of the Year Award
ISSA International
Troubling Trends in Espionage, ISSA Journal, 2015. For more information on the paper or to contact me directly visit my website at http://4d5asecurity.com/issa-international-article-of-the-year.
-
Article of the Year Award: “Trouble Trends of Espionage”
ISSA
-
ISSA Distinguished Fellow
ISSA.org
Recognized as a Distinguished Fellow within the international body of ISSA, reserved for the top 1% of professionals globally.
-
ISSA International Distinguished Fellow
ISSA
Distinguished Fellow reserved for just 1% of security professionals globally.
-
Innovation Award
iSIGHT Partners
Innovation award for development of HoneySting, an automated large scale drive by evaluations and collections appliance for security intelligence operations.
-
Exemplary Leadership Plaque
ISSA
Presented by Howard Schmidt
-
Global Top Quoted Security Expert
Hill & Knowlton
-
National Awards for Philanthropy Development & Academic Improvement
AKL
Major innovation and improvement of philanthropy and academic programs for AKL.
-
“The Best” Honor from Yahoo Internet Life, AOL, & PC Week
Varied
Number one website for anti-virus as recognized by many industry leaders at the time. Following of over 350,000 which was large during this time frame in Internet history.
-
Presidential Teacher of the Year Nominee
Oregon Science Teachers Association (OSTA)
-
Teacher of the Year (Region 7)
Oregon Science Teachers Association (OSTA)
-
Dean’s Highest Honors for Academic Achievement
Oregon State University
-
Featured Expert: “Cryptology” Film
Educational Management Group
-
World Silver Medalist: HyperText Programming Challenge
-
Organizations
-
ISSA, ISC2, ISACA, GIAC, Idaho InfraGard, HTCIA
Officer or leader in most
-
Major Malcode Mitigation (M3), Security Institute at IEEE
Group Leader
-
Media Representative (Prime-Time TV Advertising)
Media Representative
About.com prime-time TV advertisements after going IPO.
Recommendations received
-
LinkedIn User
13 people have recommended Ken
Join now to viewMore activity by Ken
-
What do you believe will emerge as a notable threat in 2025? Read my thoughts and that of other industry leaders here: https://lnkd.in/g2zUpRCd
What do you believe will emerge as a notable threat in 2025? Read my thoughts and that of other industry leaders here: https://lnkd.in/g2zUpRCd
Shared by Ken Dunham
-
CMMC can be tough, but it doesn't have to be. If your organization needs help preparing for your CMMC Level 2 Certification, CUICON 2025 is the best…
CMMC can be tough, but it doesn't have to be. If your organization needs help preparing for your CMMC Level 2 Certification, CUICON 2025 is the best…
Liked by Ken Dunham
-
Does law enforcement make a difference when an arrest is made in the DarkWeb of cyber? Sometimes yes, sometimes now, but we must always strive for…
Does law enforcement make a difference when an arrest is made in the DarkWeb of cyber? Sometimes yes, sometimes now, but we must always strive for…
Shared by Ken Dunham
-
Consistency and repeatability are key to successful security operations. Alfred Huger's last blog post covers the creation of Facets, reusable…
Consistency and repeatability are key to successful security operations. Alfred Huger's last blog post covers the creation of Facets, reusable…
Liked by Ken Dunham
-
Qualys has achieved remarkable results in the 2024 MITRE ATT&CK Evaluations for Enterprise, demonstrating 100% major step detection for LockBit and…
Qualys has achieved remarkable results in the 2024 MITRE ATT&CK Evaluations for Enterprise, demonstrating 100% major step detection for LockBit and…
Liked by Ken Dunham
-
Russia/CRINK nations are targeting unpatched vulnerabilities...what can you do? Read my thoughts here: https://lnkd.in/gM29-gNP
Russia/CRINK nations are targeting unpatched vulnerabilities...what can you do? Read my thoughts here: https://lnkd.in/gM29-gNP
Shared by Ken Dunham
-
A heartfelt thank you to #Qualys for our #JustNeedABreakDay—a wonderful reminder of how important it is to pause and recharge. I used the opportunity…
A heartfelt thank you to #Qualys for our #JustNeedABreakDay—a wonderful reminder of how important it is to pause and recharge. I used the opportunity…
Liked by Ken Dunham
-
Just take a break day for #Qualys was great serving others helping them enjoy the holidays. The question is are you on the naughty or the nice list?…
Just take a break day for #Qualys was great serving others helping them enjoy the holidays. The question is are you on the naughty or the nice list?…
Shared by Ken Dunham
-
For our last session of the day, please welcome Qualys' Joe Petrocelli where he will discuss "Security Challenges of Large Language Models with AI…
For our last session of the day, please welcome Qualys' Joe Petrocelli where he will discuss "Security Challenges of Large Language Models with AI…
Liked by Ken Dunham
-
This year, the Qualys Cyber Fusion Center achieved remarkable success by winning the internal Qualys Innovation and Product showcase award. The…
This year, the Qualys Cyber Fusion Center achieved remarkable success by winning the internal Qualys Innovation and Product showcase award. The…
Liked by Ken Dunham
-
It's #Thanksgiving week, and I found this card coincidentally. I'm blessed to have had an amazing team working with and for me in the Office of the…
It's #Thanksgiving week, and I found this card coincidentally. I'm blessed to have had an amazing team working with and for me in the Office of the…
Liked by Ken Dunham
-
When we think about innovation and what makes us great, what comes to mind? We often think about the "Jetsons" (aging myself here) or Waaaaaay out…
When we think about innovation and what makes us great, what comes to mind? We often think about the "Jetsons" (aging myself here) or Waaaaaay out…
Shared by Ken Dunham
Other similar profiles
Explore more posts
-
SentinelOne
🗞️ In CyberScoop: "[T]he years of work to build up federal collaboration with industry are paying off, from the Joint Cyber Defense Collaborative to the National Risk Management Center — the 'proto' version of the JCDC, [Chris Krebs] said — to the National Security Agency’s Cybersecurity Collaboration Center. "'We’re starting to see that these things work with the resources and time into it, but it’s generating results and there’s no better evidence of the results, I think, than when Russia invaded Ukraine, and the ‘Shields Up’ campaign and the breadth to which that was able to change behavior in industry,' said Krebs, now chief intelligence and public policy officer at SentinelOne." To learn more, read the full article by Tim Starks: https://s1.ai/CS-Collab
-
Cyber Security Outsource Service, LLC
DeRusha stepping down from ONCD, federal CISO roles: "Chris’s keen insights, experience, and judgement have been integral to the work," ONCD has done, Harry Coker says. The post DeRusha stepping down from ONCD, federal CISO roles appeared first on CyberScoop. #cyber #cybersecurity #cybersecurityjobs #cyberjobs #Innovation #cloudsecurity #Technology #socanalyst
-
Ganz Security
New Blog Post! Ensuring Security: The Crucial Role of NDAA Compliance 🔒 💻 Protects Sensitive Data 🤝 Enhances Trust 🛡️ Mitigates Security Risks ✅ Required for Federally Funded Organizations Explore why NDAA compliance is essential at https://ow.ly/lRPM50U5qt1 #NDAA #Security #Compliance #DataProtection #NationalSecurity #RiskManagement #ComplianceMatters #FederalRegulations #DataSecurity
-
The Coalition for Government Procurement
DoD is proposing to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement contractual requirements related to the Cybersecurity Maturity Model Certification (CMMC) 2.0 Program. Read the proposed rule here: https://hubs.li/Q02Lt0VR0 #CMMC #CMMC2.0
-
CBC AMERICA LLC
New Blog Post! Ensuring Security: The Crucial Role of NDAA Compliance 🔒 💻 Protects Sensitive Data 🤝 Enhances Trust 🛡️ Mitigates Security Risks ✅ Required for Federally Funded Organizations Explore why NDAA compliance is essential at https://ow.ly/C8JP50U5qr0 #NDAA #Security #Compliance #DataProtection #NationalSecurity #RiskManagement #ComplianceMatters #FederalRegulations #DataSecurity
-
Magnet Forensics
In this article for the IACP's Police Chief Magazine, PenLink's Johnmichael O'Hare and our own Trey Amick talk about how digital forensics and open-source intelligence (#OSINT) are playing crucial roles in modernizing police investigations: https://ow.ly/UH9O50SUg9q #DFIR
-
Arctic Wolf
Arctic Wolf Labs have identified ten major threat actor tactics, techniques, and procedures (TTPs) found in the majority of incident response engagements. Understanding how these TTPs are leveraged, and how you can protect your environment against them, is crucial. https://ow.ly/eqAb50Su7pr #EndCyberRisk
-
News247WorldPress
New Post: ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies - https://lnkd.in/gfp2EtwR 12/05/2024 11:30 AM EST Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologies. Partners that provided recommendations in this alert include: The Canadian Centre for Cyber Security (CCCS). United Kingdom’s National Cyber Security Centre (NCSC-UK). New Zealand’s National Cyber Security Centre (NCSC-NZ). Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Centre (NCSC). Cyber threats to user privacy and data are growing, requiring customers to evaluate their processes for acquiring products and services from technology manufacturers. Proactive integration of security mitigations into the procurement process can assist in managing risks present within the technology supply chain and reduce costs for organizations. This guidance aids procuring organizations and manufacturers of digital products and services in choosing and developing technology that is secure by design. This is an update to previously released guidance (Secure by Design Choosing Secure and Verifiable Technologies). CISA and partners encourage all organizations to read the guidance to assist with making secure and informed choices when procuring digital products and services. Software manufacturers are also encouraged to incorporate the secure by design principles and practices found in the guidance. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage. Robert Williams#News247WorldPress
-
News247WorldPress
New Post: ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies - https://lnkd.in/gfp2EtwR 12/05/2024 11:30 AM EST Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologies. Partners that provided recommendations in this alert include: The Canadian Centre for Cyber Security (CCCS). United Kingdom’s National Cyber Security Centre (NCSC-UK). New Zealand’s National Cyber Security Centre (NCSC-NZ). Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Centre (NCSC). Cyber threats to user privacy and data are growing, requiring customers to evaluate their processes for acquiring products and services from technology manufacturers. Proactive integration of security mitigations into the procurement process can assist in managing risks present within the technology supply chain and reduce costs for organizations. This guidance aids procuring organizations and manufacturers of digital products and services in choosing and developing technology that is secure by design. This is an update to previously released guidance (Secure by Design Choosing Secure and Verifiable Technologies). CISA and partners encourage all organizations to read the guidance to assist with making secure and informed choices when procuring digital products and services. Software manufacturers are also encouraged to incorporate the secure by design principles and practices found in the guidance. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage. Robert Williams#News247WorldPress
-
Countermeasures Group
Known Exploited Vulnerabilities Remain Unmitigated Past Deadlines: - Critical severity KEVS took nearly 4.5 months (137 median days) - High severity vulnerabilities take more than 9 months (238 median days) - Medium severity vulnerabilities take nearly 1.5 years (517 median days) https://lnkd.in/g_RExD96
-
MITRE Engenuity
Learn about freely available resources that can help you implement a #ThreatInformedDefense and see the value of collaborative #RandD. Download the Center for Threat-Informed Defense's latest annual report now. https://hubs.ly/Q02tSpSp0 #cybersecurity #cyberattack #cyberdefense #cyberthreats #ctid #mitre
-
BlackHays Group
Backlogs at National Vulnerability Database prompt action from NIST and CISA Read more on the link below. #defense #sbir #military #jointwerx #cmmc #cyber #cybersecurity @jointwerx @blackhaysgroup #GovernmentContracts #InfoSec #CyberDefense #NationalSecurity #DigitalTransformation #PublicSector #Startups #TechInnovation
-
High Threat Response
This Cybersecurity and Infrastructure Security Agency guide offers actionable steps to combat the evolving tactics of foreign malign influence operations. More resources available here: https://lnkd.in/ebM9fqFn #security #nationalsecurity #homelandsecurity #infrastructure #criticalinfrastructure #CI #resource #research #resources #highthreat #threat #threats #cybersecurity #cyber #electionsecurity
-
BlackHays Group
CISA Publishes Encrypted DNS Implementation Guidance to Federal Agencies Read more on the link below. #defense #sbir #military #jointwerx #cmmc #cyber #cybersecurity @jointwerx @blackhaysgroup #GovernmentContracts #InfoSec #CyberDefense #NationalSecurity #DigitalTransformation #PublicSector #Startups #TechInnovation
-
IriusRisk
Episode 2 of our threat modeling series is fast approaching. Want to build a strong core to your threat modeling program? 🔨 Hear from John Taylor, CSSLP, CISSP, SAFe®SPC and Irene Michlin on how processes, tooling, training and support can all help to build those foundations. https://hubs.li/Q02GVMKJ0 #threatmodel #threatmodelingseries #securebydesign
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Ken Dunham in United States
-
Ken Dunham
MS | Data driven decisions
-
Ken Dunham
Building Leaders, Teams, and Organizations to achieve Strategic Direction. High stakes Facilitator, Management Consultant, Executive Coach
-
Ken Dunham
VP People Development at Rogers O'Brien Construction
-
Ken Dunham
Director Human Resources at Marine Officer Selection Team Portsmouth, NH
47 others named Ken Dunham in United States are on LinkedIn
See others named Ken Dunham