Avatar

Tim (Wadhwa-)Brown

Security Research Lead

CX Technology & Transformation Group

Tim Brown joined Cisco as part of their acquisition of Portcullis for whom he worked for almost 12 years. He is equally happy performing white box assessments with access to source code or where necessary diving into proprietary binaries and protocols using reverse engineering methodologies. Tim has contributed to a number of Cisco’s bespoke methodologies covering subjects as diverse as risk and compliance, secure development, host hardening, ERP and SCADA. In 2019-2020, Tim looked at targets as varied as intelligent transportation in cars, enriching threat models with data analytics, threat hunting on high-end UNIX environments, PLC protocol security, 5G mobility solutions as well as co-developing a number of operational maturity models. Tim also received awards from both Cisco (Global Security Champion) and MEF (Top 5 Contributor) for his contributions to security research. Outside of the customer driven realm of information assurance, Tim is also a prolific researcher with papers on ATT&CK, Active Directory, UNIX, KDE, Vista and web application security to his name. Tim is credited with over 150 vulnerability advisories covering both kernel and userland, remote and local. Most recently Tim spoke at Def Con on some of his vulnerability and data analytics research. Tim particularly like to bug hunt enterprise UNIX solutions.

Articles

August 12, 2020

SECURITY

Intelligence, Modelling and Hunting Through an ATT&CKers Lens

3 min read

Unless you’ve been asleep recently, you’ll probably be aware of MITRE’s ATT&CK framework. This is a game changer for defenders as it maps out the common threats that an enterprise will face. ATT&CK aligns this to protective and detective controls and allows everyone within the enterprise to speak a common language on how attackers might […]

February 12, 2019

SECURITY

So You Want To Build A SOC: Security Intelligence and Technical Considerations (Part 2)

3 min read

As security consultants, we go into an extraordinary array of organisations’ security environments, all with very differing levels of maturity. Our clients consistently state a common desire:   "We need a...

February 5, 2019

SECURITY

So You Want to Build a SOC: Foundations for Your Security Operations Team (Part 1)

3 min read

As security consultants, we go into an extraordinary array of organisations with very differing levels of maturity and one thing keeps on coming up: "we need a SOC". Whilst this...

November 10, 2018

SECURITY

War Games: A WOPR of a Security Test (Part 4)

2 min read

These blue team actions should be performed on top of any specific remedial actions that are carried out to resolve specific issues.

November 3, 2018

SECURITY

War Games: A WOPR of a Security Test (Part 3)

12 min read

The Team believes that the likelihood of a successful Internet delivered attack by either a malicious insider or via an external actor is high, given the systemic failures identified in these scenarios.

August 22, 2018

SECURITY

Securing the Cloud: Assessing the Security of TLS

2 min read

Moving from self-hosted infrastructure to cloud-based environments increases the demand for resiliency and security. Cisco's cloud security solutions give our customers the visibility they desire.

October 27, 2018

SECURITY

War Games: A WOPR of a Security Test (Part 2)

3 min read

Having defined the scenarios, you can see how these could be linked together in different ways to form comprehensive attack vectors.

October 20, 2018

2

SECURITY

War Games: A WOPR of a Security Test (Part 1)

3 min read

In what was an interesting change to the usual technical and risk/compliance focused consultancy, the Team carried out a War Games exercise - similar to a "Red Team" engagement.

June 6, 2018

1

SECURITY

The Importance of Logs

3 min read

It's funny how the world turns. I started off in security working for a bank. The model there was very much build it, break it, fix it with our Operational...