The Blog
Essays and working notes on cybersecurity, GRC, and the craft of building software.
I've been on the hype train before. (Flashback to the early days of Blockchain valuations) I've been a (mostly) quiet skeptic about the use of AI - specifically LLMs - for code generation. Anyone who
The data management side of GRC is not a hard problem to solve. This is why, for many small companies, an Excel spreadsheet is the tool-of-choice. But, as Security professionals know (or quickly find
"SBOM"—or "software bill of materials"—is one of the hottest new buzzwords in cybersecurity today, and for good reason. Each day brings new headlines about the latest supply chain
Every day we’re inundated with news reports about the latest high-profile hack or malware outbreak. We hear how companies get shut down or have to pay large sums of money just to get their own data ba
Many years ago I created an Acceptable Use Policy (AUP) template that was intended for use by my small business clients. I wanted a policy that was short, understandable, and written to be read (not j
Many years ago, while working in an Army lab, I had the need for classification backgrounds. I thought I had seen them somewhere, but no one was able to point me to them when I needed them. Years late
IT and Security are both high-growth industries. It's easy to understand that times change, technologies change, and vendors change. It inevitable, and a certain degree of change is always expected. A
Is this what you expected to find at the URL you just clicked? Domain Doppelganger (aka Lookalike domains) are URLs that look similar to a trusted URL, but have subtle differences. Doppelganger doma
Nearly a decade ago I was approached by a defense colleague with this crazy idea of creating a high school cybersecurity summer camp program. We knew it would be a lot of work, but we also knew there
The occurrence of data breaches has been on a continual rise over the past 18-24 months. Some of this is arguably due to increased reporting, but what about the rest? How do some of the largest compan
Stanford recently published a new security policy allowing their users to choose length over complexity. Password complexity has always been the go-to answer for creating secure passwords. Of late, t
Last weekend I gave a talk at BSides Orlando on Software Defined Radio. I wanted to do a tutorial on getting started with SDR rather than just showing all the cool stuff you could listen to (that’s wh
My second presentation at BSides Orlando 2014 was on Open Source Enterprise security solutions. The idea was to present a number of tools to help the struggling small business meet enterprise security
A SWOT analysis is a great tool to understand your operating environment. However, misusing this tool can – at best – prove to be useless. This post is a quick introduction to the SWOT, how to use it,
The cornerstone of any decision making process is to know the environment in which you work. However, “knowing” your environment simply is not enough – in terms of strategic management, anyways. What