About Cyber Lessons Learned


Peter Sullivan

Peter Sullivan


Hi!  I’m Peter Sullivan, author of the Cyber Lessons Learned blog. Thanks very much for visiting my blog.  I really appreciate your interest.

About This Blog

I set up this blog in order to answer a question I get asked frequently when a new cybersecurity incident occurs.  That question is, “How do I avoid or prevent this problem from occurring in my organization?”  I get this question from my consulting clients as well as my students in the information security, incident response, risk management, and digital forensics classes I teach for the Software Engineering Institute (SEI) at Carnegie Mellon University.  The SEI is the home of the CERT Coordination Center (CERT/CC) one of the world’s first and foremost computer security incident response organizations.

The classes I teach at the SEI are “professional development” classes. The students in my classes are not traditional university students but working professionals from a whole variety of commercial and government organizations from around the world.  These students identify themselves as information security professionals.

And that’s the intriguing part.  The information security professionals I teach and work with are not sure how to protect their organizations.  Or at the very least, there exists for them a constant nagging level of uncertainty over whether the information assets their organizations rely upon are truly secure from outside intrusion or internal sabotage.  Given the frequency that cybersecurity incidents seem to occur, and the apparently increasing size and scope of these incidents, I guess that a degree of uncertainty is warranted and justified.

By analyzing recent cybersecurity incidents, the Cyber Lessons Learned blog aims to help information security professionals better understand these incidents and the reasons they occur.  The intent is that  understanding the root causes of cybersecurity incidents can lead to a better understanding of how to protect your organization.

About Me


My background in information security began almost 20 years ago with the U.S. Army.  I was a member of a pre-Cyber Command information operations unit.  The focus of the unit I was a member of was incident response.  As a result of that focus, the Army sent me a number of times to the Software Engineering Institute (SEI) for train-the-trainer classes in information security and incident response.  Eventually, the SEI offered me a position as a Visiting Scientist in information security and incident response.  That was almost 15 years ago.  I continue to work for the SEI as a teacher, course developer, and consultant in information security, incident response, information security risk management and digital forensics.

I also run a consultancy known as InfoSecure Solutions, LLC.  InfoSecure helps clients developing plans, policies and procedures that focus on incident response.  I have operated InfoSecure Solutions for more than 14 years.

Other Projects

In addition to my work at the SEI, at InfoSecure Solutions,LLC, and operating this blog, I am also developing training to be offered on-line later this year.  The first course that I plan on releasing will be a course on how to develop an incident management plan.  That course will be launched early fall.  Sign up here to receive notification when the course launches.