In a previous post I talked about how security questionnaires are security theater.…

This post will talk about my initial thoughts on The OWASP Top 10 release for…

I’ve always been fascinated by security that was “just good enough”.…

There’s massive confusion in the security community around Security Through…

There’s a paradox in information security where the community wants two…

Twitter is great for quick ideas that may or may not be useful. I had one the…

Every year I like to look at Verizon’s DBIR report and see what kind of…

Casey Ellis (of Bugcrowd fame) had a great post on Twitter today about security…

I was on Twitter the other day and saw someone suggest that we could fix people…

If you know anything about internet security then you likely spend a lot of your…

There are recon tools, and there are recon tools. @tomnomnom—also called…

A lot of people are surprised when I tell them that computer security isn’t…

I am often asked for my thoughts on the Bug Bounty / RECON / Asset Inventory /…

I think there are four main trends that will play out in the field of information…

I have an unpopular opinion about the security conference scene. Basically, it’s…

VPNs are more popular than ever, but I think many are confused about why they’re…

I’ve been writing a lot on ransomware recently, and wanted to comment on…

The US is currently being ravaged by ransomware. Google News Results for US Ransomware…

Since 2007 the InfoSec industry has been talking about TheBigOne™—the…

Threat modeling is a superpower. When done correctly it gives you the ability…

I just came across another post on Hacker News talking about why you shouldn’t…

Shoshana Zuboff came out with a brilliant work called Surveillance Capitalism…

Download the Slides. I presented at DEFCON’s Red Team Village on August…

I’ve been in security for over 20 years now and have received thousands of emails…