My Writing

I write about security leadership and technology, sharing strategies, practical frameworks, and field notes. My goal is to capture what I've learned and contribute to conversations in our community.

• Privacy Security of Third-Party Keyboard Apps on Mobile Devices
  Keyboard apps offer better predictions, voice transcription, and AI-powered writing, all requiring users to send what they type to remote servers. Mobile OS vendors set the rules but can't enforce...
• Assessments A Report Template for Security Assessments
  The technical severity of an assessment finding tells only part of the story. A customizable report template helps you document the scope, rate findings by risk, and write for the executives and...
• Encryption The Past, Present, and Future of the Web's Trust Model
  Observability, short-lived credentials, and active enforcement hold the web's trust model together. Without them, a decade of Certificate Authority failures would've collapsed it. Will those same...
• Threat Intelligence A Report Template for Cyber Threat Intelligence
  Cyber threat intelligence analysts produce credible reports by weighing signals at tactical, operational, and strategic levels. A customizable CTI report template helps analysts capture activity,...
• Threat Intelligence Six Signals for Threat Attribution
  Credible threat attribution weighs six signals together. Each signal has a disciplined methodology behind it, with citations and stress tests to back the conclusions.
• Deception Plant Decoy Personas to Detect Impersonation Attacks
  Decoy personas extend honeytoken thinking to user accounts and public profiles. The technique gives defenders a tripwire on the identity surface that other detection layers don't cover.