I know it has been a while since I have posted here; but lots has changed. I have left the DoD contracting realm and moved on to a (very) large company where I work on their national incident response team. The team is big, and my specific group gathers intelligence on the current persistent threats and implements controls to thwart those threats. Of course, we're all incident handlers at heart, so when the alerts go off, we get dirty in the incident response process.
I absolutely love it. Along with my other duties, I'll be delving into intrusion detection; something I do not have much experience doing. Because of who my employer is, I am not at liberty to discuss the specifics of what we do, the incidents we face, and any of the specific threats we are combating. A), I have a non-disclosure agreement. B) Obviously, I can't give away secrets that would aid the adversaries.
However, I plan to keep the blog alive, talk incident response, intrusion detection, the state of those niches in incident response, and other current security issues that fit that mold. Within incident response, I'm passionate about incidents dealing with the trusted insider - so there may be some posts in that vein.