Posts in "Technology"


Nearly a decade ago I was approached by a defense colleague with this crazy idea of creating a high school cybersecurity summer camp program. We knew it would be a lot of work, but we also knew there was a very real need in our industry: we just don’t have enough people to help secure… Continue reading

Common Sense Security

The occurrence of data breaches has been on a continual rise over the past 18-24 months. Some of this is arguably due to increased reporting, but what about the rest? How do some of the largest companies in the world manage to get breached by so-called “advanced” threats. There are many detailed reasons, of course. But I believe the… Continue reading

Adaptive Password Policies

Stanford recently published a new security policy allowing their users to choose length over complexity.  Password complexity has always been the go-to answer for creating secure passwords. Of late, there has been a big push to change that; and for good reason! Password complexity isn’t as straight-forward as one would think. For example, it’s logical to assume… Continue reading

Open Source Enterprise Security

My second presentation at BSides Orlando 2014 was on Open Source Enterprise security solutions. The idea was to present a number of tools to help the struggling small business meet enterprise security objectives.  It’s easy to forget that many (most?) small businesses out there have to make trade-offs between buying tools and “making payroll.” This struggle extends… Continue reading

Decoding the Air (SDR)

Last weekend I gave a talk at BSides Orlando on Software Defined Radio. I wanted to do a tutorial on getting started with SDR rather than just showing all the cool stuff you could listen to (that’s what YouTube is for). All-in-all, I think it went well… The presentation is geared towards using the RTL dongles rather… Continue reading