25 Years In AppSec: Looking BackTwenty-five years ago I published a set of code review guidelines that I had crafted while working for a bank. I released them (thanks…Aug 10, 2021Aug 10, 2021
Ransomware is not the problemThere’s an infinite number of studies of ransomware lately, all breathlessly talking about how to fight this dangerous threat. They’re all…Jun 9, 20211Jun 9, 20211
Recording LecturesPeople sometimes ask me about my recording setup, and I wanted to share some thoughts about recording good learning content. The most…Jun 1, 2021Jun 1, 2021
Practical Cybersecurity ArchitectureThere’s an insightful comment, “Everybody has a testing environment. Some people are lucky enough enough to have a totally separate…May 26, 2021May 26, 2021
nack My Year Without FlyingIt was just over a year ago that I last walked out of the Seattle airport. Before the pandemic, I was a very frequent flyer. As the…Feb 18, 2021Feb 18, 2021
“Better OKRs Through Threat Modeling”Abhay Bhargav has a really excellent post on Better OKRs for Security through Effective Threat Modeling. I really like how he doesn’t…Feb 15, 2021Feb 15, 2021
VaccinesYou may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.Dec 28, 2020Dec 28, 2020
Dinosaur FeathersScientists have discovered a chunk of amber with a dinosaur tail in it. (Poor dinosaur!) National Geographic has the story, which is not…Dec 24, 2020Dec 24, 2020
The Asset TrapAs we look at what’s happened with the Russian attack on the US government and others via Solarwinds, I want to shine a spotlight on a…Dec 16, 2020Dec 16, 2020
Fireeye Hack and CultureFireeye’s announcement of their discovery of a breach is all over the news. The Reuters article quotes a ‘Western security official’ as…Dec 9, 2020Dec 9, 2020