I get asked a lot what my go-tos are for security content. My top four recommendations…

If you’re reading this you’re underslept and over-caffeinated due…

We should have a new internet group called The Vigilant—a group of open-source…

If you’re on InfoSec Twitter you’ve probably seen the recent iteration of…

In a previous post I talked about how security questionnaires are security theater.…

This post will talk about my initial thoughts on The OWASP Top 10 release for…

I’ve always been fascinated by security that was “just good enough”.…

There’s massive confusion in the security community around Security Through…

There’s a paradox in information security where the community wants two…

Twitter is great for quick ideas that may or may not be useful. I had one the…

Every year I like to look at Verizon’s DBIR report and see what kind of…

Casey Ellis (of Bugcrowd fame) had a great post on Twitter today about security…

I was on Twitter the other day and saw someone suggest that we could fix people…

If you know anything about internet security then you likely spend a lot of your…

There are recon tools, and there are recon tools. @tomnomnom—also called…

A lot of people are surprised when I tell them that computer security isn’t…

I am often asked for my thoughts on the Bug Bounty / RECON / Asset Inventory /…

I think there are four main trends that will play out in the field of information…

I have an unpopular opinion about the security conference scene. Basically, it’s…

VPNs are more popular than ever, but I think many are confused about why they’re…

I’ve been writing a lot on ransomware recently, and wanted to comment on…

The US is currently being ravaged by ransomware. Google News Results for US Ransomware…

Since 2007 the InfoSec industry has been talking about TheBigOne™—the…

Threat modeling is a superpower. When done correctly it gives you the ability…