Blog

My writing focuses on information security, with topics ranging from broad IT trends to detailed technical advice on malware. Scroll through the posts to see whether my interests overlap with yours. Follow this blog to keep up with my latest publications.

Joining Axonius to Tackle Cybersecurity Asset Management

I’m drawn to large-scale problems, I guess: At the onset of cloud computing, I was helping companies benefit from cloud economics without undue risks. Later, I switched to protecting data at numerous retail businesses that thought they couldn’t afford security. Next, I focused on stopping a seemingly endless stream of malware designed to bypass endpoint…

Read more

Cybersecurity Advice for Political Campaigns

Political campaigns are targets of cybercriminals and nation-state adversaries, who possess formidable persistence and expertise. Yet, campaign participants can resist these malicious actors by taking specific proactive steps and practicing ongoing vigilance. This article suggests such measures based on the attacks observed in recent years. If you’re participating in a political campaign, the best publicly…

Read more

How to Get and Set Up a Free Windows VM for Malware Analysis

If you’d like to start experimenting with malware analysis in your own lab, here’s how to download and set up a free Windows virtual machine: Step 1: Install Virtualization Software Step 2: Get a Windows Virtual Machine Step 3: Update the VM and Install Malware Analysis Tools Step 4: Isolate the Analysis VM and Disable…

Read more

A Cybersecurity Writing Course Just for You

My new writing course for cybersecurity professionals teaches how to write better reports, emails, and other content we regularly create. It captures my experience of writing in the field for over two decades and incorporates insights from other community members. It’s a course I wish I could’ve attended when I needed to improve my own…

Read more

The Language and Nature of Fileless Attacks Over Time

The language of cybersecurity evolves in step with changes in attack and defense tactics. You can get a sense for such dynamics by examining the term fileless. It fascinates me not only because of its relevance to malware—which is one of my passions—but also because of its knack for agitating many security practitioners. I traced the…

Read more

Making Sense of Microsoft’s Endpoint Security Strategy

Microsoft is no longer content to simply delegate endpoint security on Windows to other software vendors. The company has released, fine-tuned or rebranded  multiple security technologies in a way that will have lasting effects on the industry and Windows users. What is Microsoft’s endpoint security strategy and how is it evolving? Microsoft offers numerous endpoint…

Read more

Retired Malware Samples: Everything Old is New Again

I’m always on the quest for real-world malware samples that help educate professionals how to analyze malicious software. As techniques and technologies change, I introduce new specimens and retire old ones from the reverse-engineering course I teach at SANS Institute.  Here are some of the legacy samples that were once present in FOR610 materials. Though these…

Read more

Scammers Use Breached Personal Details to Persuade Victims

Scammers use a variety of social engineering tactics when persuading victims to follow the desired course of action. One example of this approach involves including in the fraudulent message personal details about the recipient to “prove” that the victim is in the miscreant’s grip. In reality, the sender probably obtained the data from one of…

Read more

Cyber is Cyber is Cyber

If you’re in the business of safeguarding data and the systems that process it, what do you call your profession? Are you in cybersecurity? Information security? Computer security, perhaps? The words we use, and the way in which the meaning we assign to them evolves, reflects the reality behind our language. If we examine the factors…

Read more

Communicating About Cybersecurity in Plain English: Haiku!

When cybersecurity professionals communicate with regular, non-technical people about IT and security, we often use language that virtually guarantees that the message will be ignored or misunderstood. This is often a problem for security and privacy policies, which are written by subject-matter experts for people who lack the expertise. If you’re creating security documents, take…

Read more