Richard Bejtlich, CSO for Mandiant, was kind enough to invite me to MirCon 2012, where I presented as part of the Management track. The event was thoroughly enjoyable, and the venue superb. In my presentation, I discussed an information source about which I had recently become aware: the Comment Letters occasionally sent to regulated firms by the SEC.
Given the new guidance the SEC’s Corporate Finance Division has issued regarding disclosures related to “cyber” incidents and risk, and inspired by some recent articles I had seen by journalists in the IT and finance beats (and cited in my slides), I put together a presentation discussing what we might learn from “Reading the SEC’s Mail”. I hope this is useful in a small way, if only to provoke some thought. Please note that although the slides use a “MirCon” theme, this was done to provide a consistent experience for attendees, and is not meant to suggest anything else. My talk was recorded, but I am unsure of how (or whether) it will be made available. I will update this post accordingly.