Collaborate Disseminate
In 2011, I was in the middle of sitting down when I suddenly felt prickling sensations start from my toes, spread up my legs, and make their way into my arms. I was gasping for air. As the sensation traveled up my spine, it overwhelmed my head, and my … Continue reading Mental Health for Hackers: Contents Under Pressure
Zero Trust is a security concept that is based on the notion that organizations should not take trust for granted, regardless of whether access attempts originate from inside or outside its perimeters. An enterprise needs to verify any attempt for conn… Continue reading Zero Trust Approach to Threat Intelligence – BSidesSF Preview
Managing security incidents can be a stressful job. You are dealing with many questions all at once. What’s the scope? Who do I need to engage? How do I manage all of this? As an Incident Commander (IC), you have many responsibilities. You’… Continue reading Crisis Management Automation for the Entire Organization with Dispatch – BSidesSF Preview
Post-exploitation can be one of the most time-consuming but worthwhile tasks that an offensive security professional engages in. Fundamentally, it is where you are able to demonstrate what an adversary may do if they compromise a business. A big compon… Continue reading MOSE: Using Configuration Management for Evil
Having worked with many individuals responding to incidents where their digital private images were shared without consent, social media or email accounts had unauthorised access, and even physical safety was a concern, it is all too familiar how terri… Continue reading A Guide to Digital Privacy for You and Your Family
What is cyber resilience? If you search the definition within the Oxford Dictionary, resilience alone is defined as “the capacity to recover quickly from difficulties; toughness.” If you narrow the definition down to cyber resilience, it sh… Continue reading Cyber Resilience – Everything You (Really) Need to Know
Phishing Attack A few years ago, I myself was vished, or ‘phished,’ over the phone. The caller was someone, likely offshore in a call center, who had done a little bit of research online to find my name, my phone number, my wireless phone c… Continue reading Protecting Organizations from Customized Phishing Attacks
There are dozens of implementations of authorization mechanisms. When there are complex requirements dictated by business processes, authorization mechanisms may often be implemented incorrectly or, at least, not optimally. The reason for that, in my o… Continue reading On Authorization and Implementation of Access Control Models
As a security consultant, I’m not going into an environment to design and build an organization’s network from the ground up in most situations. For the majority of the time, I’m working with legacy environments where some old technol… Continue reading Navigating ICS Security: Best Practices for ICS Decision-Makers
The cloud has changed how we use and consume IT services. Where data resides along with how it is transferred, stored and processed has fundamentally changed and with-it new risk management challenges. Let’s talk about some of those challenges. F… Continue reading Key Cloud Security Challenges and Strategies to Overcome Them