There are recon tools, and there are recon tools. @tomnomnom—also called…
3 Metrics That Will Indicate We’re Taking Security Seriously
A lot of people are surprised when I tell them that computer security isn’t…
Analysis of the RECON/Attack Surface Management Space
I am often asked for my thoughts on the Bug Bounty / RECON / Asset Inventory /…
The New Reality of State-sponsored Attacks on US Businesses
The Lawfare Podcast is one of my few staples, and I just listened to another great…
Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec
I think there are four main trends that will play out in the field of information…
I Actually Like Remote and Pre-recorded Presentations
I have an unpopular opinion about the security conference scene. Basically, it’s…
You Should Be Running Your Own VPN Server
VPNs are more popular than ever, but I think many are confused about why they’re…
Ransomware Groups Add a Third Threat Vector: DDoS
I’ve been writing a lot on ransomware recently, and wanted to comment on…
Operation Fortify: A US Ransomware Plan
The US is currently being ravaged by ransomware. Google News Results for US Ransomware…
Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware
Since 2007 the InfoSec industry has been talking about TheBigOne™—the…
Everyday Threat Modeling
Threat modeling is a superpower. When done correctly it gives you the ability…
No, Moving Your SSH Port Isn’t Security by Obscurity
I just came across another post on Hacker News talking about why you shouldn’t…
Our Problem is Gullibility, Not Disinformation
I think we’ve lost the plot on disinformation. It’s not the attacks that…
Zuboff vs. Doctorow vs. Miessler: What’s the Greatest Threat to Human Privacy?
Shoshana Zuboff came out with a brilliant work called Surveillance Capitalism…
Mechanizing The Methodology
Download the Slides. I presented at DEFCON’s Red Team Village on August…
How to Initiate Contact With a Mentor
I’ve been in security for over 20 years now and have received thousands of emails…
What They Don’t Tell You About Being a Bounty Hunter or Content Creator
I have been following the bug bounty and security creator/influencer scenes since…
Reverse Threat Modeling for Pursuing Attribution
I was thinking about the recent Twitter hack the other day and thought of a simple…
Why I Believe Trump is Compromised by Russia
Whenever the topic of Trump’s behavior towards Russia and Putin comes up,…
Analysis of the 2020 Verizon Data Breach Report
TOPIC: In this episode, Daniel takes a look at the 2020 Verizon Data Breach Investigations…
10 Behaviors That Will Reduce Your Risk Online
I wrote an article recently on how to secure your home network in three different…
A 3-Tiered Approach to Securing Your Home Network
A lot of people are thinking about the security of their home network right now,…
Opening vs. Closing is a False Dichotomy
If you want to have a productive discussion on a difficult topic, start by discarding…
Everything is Insecure: What Matters is What You’re Getting vs. Giving Up
I’ve been thinking a lot about this Zoom situation. It’s fascinating…
This Zoom Hate is Silly
I’ve been processing my thoughts on the Zoom Security stuff for a couple…