About
Douglas proudly serves as a court-appointed Special Master and testifying expert in…
Services
Articles by Douglas
-
A Change in Mind-Set: Shifting from Cybersecurity to Cyber Resilience
A Change in Mind-Set: Shifting from Cybersecurity to Cyber Resilience
It is not a matter of if, but when, your organization will suffer a cybersecurity-related incident. How will your…
8 Comments -
Covid-19: A message from our Acme CEO
Covid-19: A message from our Acme CEO
During this time of crisis, the management team and I are writing to let you know how serious we are taking this…
1 Comment -
Cyber Security Awareness Month: Aware @ Home
Cyber Security Awareness Month: Aware @ Home
As cybersecurity awareness month comes to a close, I had to have "the talk" with my daughter. No not about drugs or…
-
The Password Is….
The Password Is….
Each year, Verizon and other organizations release reports on the prior year’s data breach findings. A common theme…
2 Comments -
Do you have a Bieber Policy?!
Do you have a Bieber Policy?!
What are you doing to change behavior in your org to reduce infosec risk? Many of my guests on Cyber Security…
12 Comments -
Essentialism in Information Security
Essentialism in Information Security
Do less and focus on securing what matters most. “The Way of the Essentialist isn’t about getting more done in less…
7 Comments
Contributions
Activity
-
Dear LinkedIn... Until you let me use my nickname as a display name (who everyone knows me by) vs. forcing me to use my given name…
Dear LinkedIn... Until you let me use my nickname as a display name (who everyone knows me by) vs. forcing me to use my given name…
Liked by Douglas Brush
-
First, I love and respect Chris Cronin. Not only for all the work he does to make D&Os transparent and accountable but also for all the work he has…
First, I love and respect Chris Cronin. Not only for all the work he does to make D&Os transparent and accountable but also for all the work he has…
Posted by Douglas Brush
Experience
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Licenses & Certifications
Volunteer Experience
-
Blue Team Village - Mentor
DEF CON
- 1 year 1 month
Education
DEF CON is what you make of it. I volunteer with DEF CON's Blue Team Village [BTV] as a mentor and speaker. My goal is to incubate, grow, and encourage new practitioners in information security.
Additionally, I am focused on diversity, equity, and inclusion to promote and be an ally to underrepresented voices. -
Event committee Co-chair - The Red Party
Her Justice
- 7 years 1 month
Civil Rights and Social Action
The Red Party celebrates and supports strong, resilient women and the caring volunteer lawyers who help them break free from poverty and abuse.
The Her Justice Red Party is the Junior Advisory Boards signature summer event! I have been on the development committee for over seven years and now support the event as the co-chair.
For more information, please go here: http://www.herjustice.org/content/view/448/649/ -
Volunteer
MakerBoulder.com
- 6 months
Science and Technology
In the Rocky Mountains, we are celebrating all things creative, imaginative and exploratory at a festival extraordinaire… It’s Science, Technology, Entrepreneurship (invention!), Arts and Making. STEAM Fest is an awe-filled, jaw-dropping chance to tinker, hack, build, crumble, fly, drive, drink, DO, dabble — PLAY!)
Publications
-
A Change in Mind-Set: Shifting from Cybersecurity to Cyber Resilience
Forum Views - Bombay Stock Exchange Brokers' Forum (BBF)
See publicationIt is not a matter of if, but when, your organization will suffer a cyber security-related incident. How will your institution continue to operate and recover during a cyber-attack?
-
Getting Your First DFIR Job
SANS
See publicationRecently, I spoke to students in a computer forensics class who will be graduating in the spring of 2013 about getting a job in computer forensics after school. We covered interview tips as well as performed mock forensic job interviews when I realized there are some pointers that I could share about the process from a hiring manager's perspective to help candidates better prepare for seeking that first position in computer forensics. While many aspects of getting that first job are common in…
Recently, I spoke to students in a computer forensics class who will be graduating in the spring of 2013 about getting a job in computer forensics after school. We covered interview tips as well as performed mock forensic job interviews when I realized there are some pointers that I could share about the process from a hiring manager's perspective to help candidates better prepare for seeking that first position in computer forensics. While many aspects of getting that first job are common in any field, serious computer forensics professionals do have a mindset, attitude and passion that requires a certain approach when a candidate is looking for their first job in the field.
-
You're a tool, a digital forensic tool
SANS
See publicationA common question I am asked or see posted on forums, user groups and social media sites is: "What is the best computer forensic tool?"
Courses
-
AccessData Forensic Boot Camp
-
-
AccessData Internet Forensics
-
-
AccessData Windows Forensics: Registry
-
-
EnCase Computer Forensics I
-
-
EnCase Computer Forensics II
-
-
SANS FOR408: Computer Forensic Investigations - Windows In-Depth
-
-
SANS FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting
-
-
SANS MGT412: A Practical Introduction to Cyber Security Risk Management
-
-
SANS SEC504: Hacker Techniques, Exploits & Incident Handling
-
Projects
-
Security Architecture 101
Standing room only LegalSEC 2015 conference session on security architecture design for firms & corporate legal departments of varying sizes / maturity levels. Covered legal industry-specific opportunities and challenges using the CIS top 20 as a presentation framework. The group tied each of the 20 areas back to applicable ISO 2700x groups / controls so attendees had appropriate context and could develop more strategic long-term security architecture roadmaps. We provided references and…
Standing room only LegalSEC 2015 conference session on security architecture design for firms & corporate legal departments of varying sizes / maturity levels. Covered legal industry-specific opportunities and challenges using the CIS top 20 as a presentation framework. The group tied each of the 20 areas back to applicable ISO 2700x groups / controls so attendees had appropriate context and could develop more strategic long-term security architecture roadmaps. We provided references and tools to assist in planning & tracking security architecture effort.
Other creators -
Honors & Awards
-
2019 CISO Award - Slack Savior
Colorado = Security
-
GIAC Advisory Board
Global Information Assurance Certification (GIAC)
The GIAC Advisory Board is made up of GIAC certified professionals who wish to give back to the security community by taking an active role in the GIAC program. The GIAC Advisory Board provides a forum where Security professionals can exchange ideas and advice.
Participation is by invitation only, and is offered to GIAC certification holders who earn a score of 90% or better on at least one certification exam.
Languages
-
English
-
Organizations
-
International Association of Privacy Professionals
-
- PresentThe International Association of Privacy Professionals (IAPP) is a resource for professionals who want to develop and advance their careers by helping their organizations successfully manage these risks and protect their data. In fact, we’re the world’s largest and most comprehensive global information privacy community. The IAPP is the only place that brings together the people, tools and global information management practices you need to thrive in today’s rapidly evolving information…
The International Association of Privacy Professionals (IAPP) is a resource for professionals who want to develop and advance their careers by helping their organizations successfully manage these risks and protect their data. In fact, we’re the world’s largest and most comprehensive global information privacy community. The IAPP is the only place that brings together the people, tools and global information management practices you need to thrive in today’s rapidly evolving information economy.
-
American Bar Association
-
-
The Sedona Conference
International Electronic Information Management, Discovery, and Disclosure - Working Group 6
The mission of Working Group 6 is to develop principles, guidance and best practice recommendations for information governance, discovery and disclosure involving cross-border data transfers related to civil litigation, dispute resolution and internal and civil regulatory investigations.
-
The Sedona Conference
Data Security and Privacy Liability - Working Group 11
Recommendations received
35 people have recommended Douglas
Join now to viewMore activity by Douglas
-
I always try to stop by and take a minute. For the 385 lost, it reads Our lost colleagues are, above all, your adored children and parents, husbands…
I always try to stop by and take a minute. For the 385 lost, it reads Our lost colleagues are, above all, your adored children and parents, husbands…
Liked by Douglas Brush
-
🔒 Election Security Insights for Today’s Polling 🔒 As millions head to the polls, our election infrastructure faces unique security challenges…
🔒 Election Security Insights for Today’s Polling 🔒 As millions head to the polls, our election infrastructure faces unique security challenges…
Posted by Douglas Brush
Other similar profiles
Explore more posts
-
JD Supra
Robinson+Cole's Sean Griffin writes: Recently, the National Institute of Standards and Technology (NIST) released its second public draft of Digital Identity Guidelines. The Draft Guidelines focus on online identity verification, but several provisions have implications for government contractors’ #cybersecurity programs, as well as contractors’ use of artificial intelligence and machine learning. #nist #governmentcontractors #artificialintelligence #machinelearning
-
Arthur L. Pressman, Attorney at Law
In the digital age, Genesee County, NY, has seen an upsurge in the use of digital evidence in drug crime investigations. This evidence includes text messages, social media activity, and location data, enhancing the law enforcement's ability to track and prosecute illegal drug activities. The data provides critical insights into drug distribution networks and individual involvements, making it indispensable in courtrooms. However, while digital evidence drives progress in criminal justice, it also raises significant privacy and data integrity concerns that demand rigorous standards. For legal support in navigating these complex issues, Arthur L. Pressman offers legal defense strategies and robust courtroom advocacy. #GeneseeCounty #DigitalEvidence #DrugCrimes #LegalDefense #ArthurPressman
-
Freeman Ng
A battle of experts: Unpleasant realities of digital forensics https://lnkd.in/gTHc5SS8 - Digital forensics is continually shaped by technological advancements and court challenges. - There is a need for standardized tools and methodologies in digital forensics to ensure consistency and reliability. - Enhanced training and certification programs for digital forensic experts can help ensure that practitioners are well-versed in the latest technologies and methodologies. - Establishing clear legal frameworks and guidelines for the admissibility and interpretation of digital forensic evidence can help mitigate the influence of legal and financial resources in swaying expert testimony.
2 Comments -
Rick Lemieux
Follow the DVMS Institute for exciting announcements on "HOW" organizations of any Size, Scale, or Complexity can Operationalize a NIST Cybersecurity Framework Digital Value Management System™ capable of delivering the Trusted, Resilient, and Auditable digital outcomes government auditors expect
-
Daniel Pereira
The latest from OODA Loop Contributor Emilio Iasiello: In June 2024, the Office of the National Cyber Director (ONCD) released its report Summary of the 2023 Cybersecurity Regulatory Harmonization Request for Information, a government effort whose purpose is to find a path forward to creating a comprehensive framework to strengthen cybersecurity resilience across all sectors; simplify oversight and responsibilities of cyber regulators; and reduce administrative burden and cost on those organizations regulated. The RFI adhered to Strategic Objective 1.1 of the 2023 National Cybersecurity Strategy, “Establish Cybersecurity Requirements to Support National Security and Public Safety.” Eighty-six organizations responded to the RFI, representing the critical infrastructure sectors, as well as state and local government associations, academia, and non-profit and professional organizations. The report found three major outcomes from those that responded to the survey: 1) lack of harmonization and reciprocity impacted cybersecurity outcomes while inflicting high compliance costs; 2) regulatory harmonization had challenges that extended to all sectors and organizations of all sizes and crossed jurisdictions; and 3) it was well within the U.S. government’s ability to address these existing challenges. https://lnkd.in/eqU486u9
1 Comment -
Stacy Eldridge
Should you hire your own digital forensic examiner or take the opposing side at their word? Schedule a free discovery call to learn how I can help you with your digital evidence next legal matter. https://lnkd.in/dUJiZV6 #digitalforensics #criminaldefense #litigationsupport #expertwitness #investigation
-
Magnet Forensics
When it comes to digital forensic investigations, not all geolocation data is created equal. Learn some best practices for pinpointing locations, establishing timelines, and corroborating testimonies to convict or exonerate suspects -- and learn the limitations of these powerful forensic artifacts.
1 Comment -
Stacy Eldridge
The path to expertise in any field demands a well-defined skillset, and digital forensics is no exception. Whether you're looking to hire or become a Digital Forensic Examiner, you'll need these skills. Here's just one example of a core skill that a great Digital Forensic Examiner possesses. 👉 DISPASSIONATE When you are not emotionally invested in a particular outcome, you are more likely to hunt for the facts and be willing to consider all sides of an issue. You can't let your emotions and biases fuel your search for the truth. If you're looking for a great Digital Forensic Examiner, shoot me a DM or email me, and let's chat about how I can help. #digitalforensics #dfir #criminaldefense #expertwitness #litigationsupport #jobskills
-
White Collar Forensic LLC
👔 White Collar Forensic LLC - Meet The Investigators 🕵🏽♀️ 🤔 Putting a label on a White Collar Forensic LLC practitioner with decades of experience isn't as easy as one might think. So many of them have deep expertise across multiple disciplines. Investigations, forensic accounting, threat intelligence, and compliance remediation. 🦉 One thing that sets our investigative practitioners apart from the crowd is their extensive experience performing investigations of potential compliance violations. 💪🏽 To be truly effective conducting compliance investigations requires a strong foundation in major compliance disciplines such as anti-bribery and corruption, anti-money laundering, sanctions and fraud risk AND a track record of investigating violations of those compliance regimes. ♊ Indeed, many of our team members can seamlessly transition from investigator to compliance officer and back again. Being able to present investigative findings in the context of the victim organization's compliance program requirements is something our client's value a great deal. 👩🏽🎓 This dual proficiency enables us to readily explain to leadership what happened, the compliance implications and whether and to what extent the investigation exposed shortcomings in the compliance framework or the internal controls underlying it. 🔮 These insights put our client's in the best possible position to make timely and informed decisions about the people involved in the improper conduct and take concrete actions to remediate any shortcomings in the compliance program or internal controls that may have contributed to the problem. 👓 If you'd like to have clarity the next time you need help with a compliance investigation, why not contact us at https://lnkd.in/exb_Prg8 #WhiteCollarForensic #ChooseClarity #WarHorses Scott Moritz Tanya S. Kim Frisinger Diane Walker Chris Favo John Kula, Certified Fraud Examiner Patrick T. Kramer Christina Siess, LPI Taylor (Mike) Belcher A.J. Bosco Ingrid Busson Stefan Cassella Dan Dorsky Kevin Doyle, CPA, CFE, CFF, CGMA Timothy Dunfey Esq., CFE, CAMS James G. Odell Guyton Emma Hamilton Barry Koch Patricia McKeown Kevin Mclaughlin Deb Tabacco Patty P. Tehrani
-
Enterprivacy Consulting Group
The recently published NIST IR 8477 Mapping Relationships Between Documentary Standards, Regulations, Frameworks, and Guidelines explains National Institute of Standards and Technology (NIST)’s approach for identifying and documenting the relationships between concepts in #cybersecurity and #privacy. By following this approach, the standards community can jointly establish a single concept system over time that links cybersecurity and privacy concepts from many sources into a cohesive, consistent set of relationship mappings. 🧷 Read the report at https://lnkd.in/guxtKDKg #NISTprivacy #privacystandards #privacyframework #privacyregulation
-
Enterprivacy Consulting Group
The recently published NIST IR 8477 Mapping Relationships Between Documentary Standards, Regulations, Frameworks, and Guidelines explains National Institute of Standards and Technology (NIST)’s approach for identifying and documenting the relationships between concepts in #cybersecurity and #privacy. By following this approach, the standards community can jointly establish a single concept system over time that links cybersecurity and privacy concepts from many sources into a cohesive, consistent set of relationship mappings. 🧷 Read the report at https://lnkd.in/guxtKDKg #NISTprivacy #privacystandards #privacyframework #privacyregulation
-
Kathryn Shut, MLS - Cybersec/Privacy, MBA
The #regulatory comment period for the #ColoradoPrivacyAct is underway. This particular #rulemaking session invites #public #feedback on the protection of data on #minors and human #neurology. In short, it aims to further protect #Colorado kids' data online (in addition to Federal COPPA) and #human #brain waves from possible #AI and #corporate intrusion and theft. Imagine, we're at a point in history where we must guard our very thoughts. Stop by https://lnkd.in/gNnbT-sk for summary information. Comment period closes November 7, 2024. #CPA #privacy #dystopian #reallife #scifi #AI #regulations
-
Jordan M. Schroeder
Thanks to the good people at Claroty, I found services that list OT/ICS attacks! Some great material here: Newsfeed style: https://icsstrive.com/ Database: https://lnkd.in/e8KM7fJw, https://lnkd.in/eJkM9UYJ But what's interesting? None of them are complete... There was an attack on a Texas water treatment plant in January by, potentially, SANDWORM. It's not on either list. Complete databases will help us with complete information that will need to better decision-making and a fuller intuition. So, if you know of attacks that are not on these lists, use the Report button to add them. #cybersecurity #otsecurity
-
Arrow ATW Consulting
Last month, the National Institute of Standards and Technology (NIST)) released the Second Public Draft of Digital Identity Guidelines for review, specifically for government contractors using artificial intelligence (AI) systems with a focus on disclosure and transparency. The guidelines emphasize the need for secure, trustworthy, and transparent #AI, addressing continued concerns about bias and accountability. Some updates include: 📜 Documentation and Communication: All uses of AI/ML must be documented and communicated to relevant organizations and individuals. 👓 Information Disclosure: Organizations using AI/ML must provide detailed information about their technology, training methods, data sets, models, and testing results. 🧗♀️ Risk Management: Organizations must implement NIST's AI Risk Management Framework and SP1270 for managing bias in AI. Government contractors may engage with NIST for comments through October 7th - but be prepared for adherence to these guidelines. Contractors should consider developing AI governance programs and ensuring that AI systems are designed and implemented in a way that minimizes disparate outcomes and biased outputs. By focusing on these considerations, #GovCon leaders can help their clients navigate the evolving landscape of AI regulations and ensure compliance with NIST’s Draft Guidelines. Look for the final next year. Feel free to view NIST's Artificial Intelligence Risk Management Framework: Generative AI Profile (AI 600-1) from July 2024, here Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile (nist.gov) #publicsector #techconsulting #federalai #govcons #aipolicy #aibias #secureai
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Douglas Brush in United States
-
Douglas Brush
Head of Regional Controlling - Americas at BASF
-
Douglas Brush
Retired from Pfizer
-
Douglas Brush
parts manager at Voss Auto Network
-
Douglas Brush
--
17 others named Douglas Brush in United States are on LinkedIn
See others named Douglas Brush