We Still haven’t Figured Out Cyber — Here’s What’s Coming NextI’ve been in the security game for 20 years and I can tell you two concrete facts: 1) the security world is constantly evolving and 2) it…Feb 22, 2022Feb 22, 2022
My Experience With Log4jOk — let’s talk about the shit storm that was and is Log4j and what, as an attacker — I saw and learned about security over the past…Jan 13, 2022Jan 13, 2022
I wrote a book!I get a lot of folks asking about how I think about this or that. Lots of conference rooms, video meetings, and hallway discussions about…Oct 19, 2021Oct 19, 2021
RDP Is Not As Big A Security Risk As You ThinkExposed RDP is interesting to an attacker if they have credentials — focus instead on, MFA, strengthening passwords and minimizing…Oct 14, 2021Oct 14, 2021
Defending Assets You Don’t Know AboutNot all assets are created equal. Back in the 90s, we all used to build massive firewalls around our systems and spent our day-to-day…Sep 1, 2021Sep 1, 2021
Why Your VPN is an Attacker’s Next TargetPeople like to group things into categories, like problems and solutions. But in the security world, automatically lumping certain…Aug 3, 2021Aug 3, 2021
A Hacker’s Take on the Hardest Security to CrackRarely have I heard someone tell me an IT problem to which the answer is: add a new piece of equipment. Rather, the best security posture…Jun 23, 2021Jun 23, 2021
Trusting Your Security Appliance Is Your Weakest LinkSecurity tools are kind of like credit cards. Not enough and you won’t function; too many and they all become useless.Jun 3, 2021Jun 3, 2021
How to Make Your Security Program Resilient to the Next Big Ransomware AttackThe US’s largest fuel pipeline was hit with a ransomware attack that took it offline. It is expected to be inoperational for more than a…May 12, 20211May 12, 20211
Security Is the Kobayashi Maru — An Unwinnable Game. No Wonder You’re Burnt out.I’m Givin’ Her All She’s Got, Captain!Apr 14, 2021Apr 14, 2021