Re: Shodan value

["Dixon, Cameron" <cameron.dixon () HQ DHS GOV>]

I'm really real: really from the government and really here to help! 

I'll also point out that the message Valerie Vogel sent earlier today ("Cybersecurity for Higher Ed Fact Sheet from the 
REMS TA Center") includes a link to a PDF [1] that calls attention to our services; see pg. 6. Additionally, the 
Department of Education's Office of Educational Technology just published "Building Technology Infrastructure for 
Learning" [2] which cites our service, see pg. 40. 

It's certainly not my intent to hawk like a vendor, merely to increase awareness of our offerings.

Valerie wrote:

> > You guys willing to work with a university that says "We have 2 /16's, but we're only really worried about these 12 
> > /24's in that space?"
> > Also, do you do IPv6? :)

No issue taking on multiple /16s, and if you're only interested in a subset, you're welcome to just include those 
addresses in our scan.



[1] http://rems.ed.gov/docs/Cybersecurity_Considerations_for_Higher_ed_Fact_Sheet_508C.pdf
[2] https://tech.ed.gov/infrastructure/ 

Cameron Dixon
Department of Homeland Security
National Cybersecurity Assessments and Technical Services

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin 
Wilcox
Sent: Friday, July 28, 2017 9:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Shodan value

On 28 July 2017 at 01:53, Cameron Dixon <cameron.dixon () hq dhs gov> wrote:

> Hello there, new listserv-er here. I'm the ops lead for the DHS NCATS scanning service mentioned previously-- a 
> colleague of mine alerted me to this discussion, so I hope you'll forgive the interjection. Cyber Hygiene, our 
> service that scans internet-facing systems, is (basically) available to all comers, and the 
> https://github.com/dhs-ncats/services link outlines the contours of the service decently-- I'm also happy to answer 
> any questions you might have.

<snip>

Wait a second, let me get this right.

There's an entity offering a service and you represent that entity...so you're basically a vendor...but you don't 
reference Gartner whitepapers, you don't mention being a leader in the Magic Quadrant or "best in breed/class" and you 
aren't going on about how your "next gen scanning service" can detect all the things and help identify problems with 
machine learning/next gen AI/etc.

Does anyone know if Cameron and this "DHS" actually exist or is this an elaborate Sys-Admin Day hoax to Rick-roll 
everyone visiting their github project?

Seriously, welcome to the group. I don't know if/when the SPC program committee will hit you up to be in Baltimore, or 
if any schools who are using the service are interested in presenting about their experiences, but I know *I* would 
certainly try to go to a presentation by <x schools> and the ops lead for a .gov vulnerability scanning service.

kmw