It’s common to hear that it’s hard to get into cybersecurity, and…

I’m starting a new series with this 2022 edition where I think about what…

A lot of people, especially in the security industry, are concerned that NFTs…

There’s something strange about how our InfoSec community is reacting to…

I get asked a lot what my go-tos are for security content. My top four recommendations…

If you’re reading this you’re underslept and over-caffeinated due…

We should have a new internet group called The Vigilant—a group of open-source…

If you’re on InfoSec Twitter you’ve probably seen the recent iteration of…

In a previous post I talked about how security questionnaires are security theater.…

This post will talk about my initial thoughts on The OWASP Top 10 release for…

I’ve always been fascinated by security that was “just good enough”.…

There’s massive confusion in the security community around Security Through…

There’s a paradox in information security where the community wants two…

Twitter is great for quick ideas that may or may not be useful. I had one the…

Every year I like to look at Verizon’s DBIR report and see what kind of…

Casey Ellis (of Bugcrowd fame) had a great post on Twitter today about security…

I was on Twitter the other day and saw someone suggest that we could fix people…

If you know anything about internet security then you likely spend a lot of your…

There are recon tools, and there are recon tools. @tomnomnom—also called…

A lot of people are surprised when I tell them that computer security isn’t…

I am often asked for my thoughts on the Bug Bounty / RECON / Asset Inventory /…

I think there are four main trends that will play out in the field of information…

I have an unpopular opinion about the security conference scene. Basically, it’s…