I often get asked through both work and social media channels how and where do I obtain all of the Information Security knowledge that I routinely share. So I though I would share my own personal workflow for how I cultivate Infosec knowledge and others can use what I’ll describe in this blog post as … Read more
Having been working in the Information Security industry for almost two decades, I’ve seen what has and has not worked well for organizations approach to Security. One of the biggest pitfalls I’ve seen is a type of insanity in repeating the same mantras over and over again to supporting groups and stakeholders and then wondering … Read more
Having worked in the Information Security field for close to 20 years now, one of my biggest pet peeves is when Security professionals use technical terms that no longer comport to current realities. So as a word of warning this blog post is going to be a rant. It is first important to understand some … Read more
I was recently asked to give recommendations for Cybersecurity Podcasts to students in college that are majoring in Security. The usual problem with security podcasts (and podcasts in general) is that they frequently become static and in some cases a year or more goes by before they are updated. There are actually a large number … Read more
Recently I attempted to build the new Rapid 7 Metasploitable 3 VM for use in my pentest lab on Ubuntu 16.10. Followed the instructions on their Github page to the letter, but failed in variety of areas. The good news is that I was able to hack my way through all them to get it … Read more
Here are some new security-related (for the most part ;) links from the month of March 2016 Bitcoin Wisdom – Trading-type Terminal for Bitcoin – https://bitcoinwisdom.com/ Zone Transfer Tutorial – https://digi.ninja/projects/zonetransferme.php Debian Hardening Wiki – https://wiki.debian.org/Hardening Standard Password Manager for UNIX – https://www.passwordstore.org/ Is your Browser safe against tracking? – https://panopticlick.eff.org Have I been Pwned? … Read more
Made a blunder on the droplet that runs this blog on Digital Ocean and lost the previous two security link blogs. Luckily had a backup from August that I was able to restore from. Anyways, here’s the security links for February 2016. Application Security Learning Resources – https://github.com/paragonie/awesome-appsec#application-security-learning-resources A Dead Simple TCP Intercepting Proxy Tool … Read more
This past week I attended the Northeast Ohio Cyberconsortium conference sponsored by a number of entities in the Cleveland,Oh area. The goal of the conference was to stimulate a collaborative effort around building up and sharing information around Cyber Security as it relates to the North East Ohio area. One of the main talks was … Read more
At this years Debconf15, a nice overview of the Let’s Encrypt project was given that you can view here. It’s a nice exposition as to the current broken state of CA’s and the projects plan to solve them. Let’s Encrypt is going to be making free certificates available in the next month or so. Will … Read more
I have been doing Information Security for a decade and a half and there is a disturbing pattern that still to this day has not abated. That pattern involves more of a philosophy than the actual scaling you would need to for designing a security solution for an organization. The scaling law I’m talking about … Read more