Blog

My writing focuses on information security, with topics ranging from broad IT trends to detailed technical advice on malware. Scroll through the posts to see whether my interests overlap with yours. Follow this blog to keep up with my latest publications.

Version 7 of the REMnux Distro Is Now Available

10 years after the initial release of REMnux, I’m thrilled to announce that REMnux version 7 is now available. This Linux distribution for malware analysis includes hundreds of new and classic tools for examining executables, documents, scripts, and other forms of malicious code. To start using REMnux v7, you can: Download REMnux as a virtual…

Read more

Unemployment Insurance Fraud and Identity Theft: Up Close and Personal

In June 2020, the Federal Trade Commission (FTC) warned that “imposters are filing claims for unemployment benefits [in the US], using the names and personal information of people who have not filed claims.” How do such scams look from the victim’s perspective, and what can you do if you’re affected? As a victim of this…

Read more

How You Can Write Better Threat Reports

Writing about cybersecurity threats, such as phishing campaigns, malware infections, and attack groups, is challenging for many reasons. How should you decide what details to include? How can you persuade the readers that your analysis is sound? How might you address the needs of multiple audiences? I’m happy to share what I’ve learned over the…

Read more

Learning Malware Analysis and Cybersecurity Writing Online

You can now take my malware analysis and cybersecurity writing courses online in two formats at SANS Institute, depending on how you prefer to learn: OnDemand: Self-paced, recorded training with four months of access to course materials and labs. You’ll like this if you prefer to start, stop, or speed up training any time they…

Read more

How to Set Up a SpiderFoot Server for OSINT Research

SpiderFoot is a tool for gathering Open Source Intelligence (OSINT) and threat intelligence about IPs, domains, e-mail addresses, and other research targets from many data sources, including services such as Shodan and Have I Been Pwned. Steve Micallef, the tool’s author, offers a free, open source version of SpiderFoot. His team also provides an affordable…

Read more

What’s It Like for a New CISO?

As of this writing, I’ve spent six months in the role of Chief Information Security Officer (CISO) at Axonius, a rapidly growing technology company. Though I’ve held a variety of leadership positions over the years, working in this capacity and setting is new for me. I’ve been capturing aspects of my journey in talks and…

Read more

Top 10 Cybersecurity Writing Mistakes

Want to strengthen your writing in under an hour? Watch the video I recorded to help you avoid the top 10 writing mistakes I’ve encountered when working as a cybersecurity professional. The mistakes you’ll see in this video—and the practical tips for avoiding them—span the key aspects of technical writing: structure, look, words, tone, and…

Read more

The State of Malware Analysis: Advice from the Trenches

What malware analysis approaches work well? Which don’t? How are the tools and methodologies evolving? The following discussion–captured as an MP3 audio file–offers friendly advice from 5 malware analysts. These are some of the practitioners who teach the reverse-engineering malware course (FOR610) at SANS Institute: Jim Clausing: Security Architect at AT&T and Internet Storm Center…

Read more

Joining Axonius to Tackle Cybersecurity Asset Management

I’m drawn to large-scale problems, I guess: At the onset of cloud computing, I was helping companies benefit from cloud economics without undue risks. Later, I switched to protecting data at numerous retail businesses that thought they couldn’t afford security. Next, I focused on stopping a seemingly endless stream of malware designed to bypass endpoint…

Read more

Cybersecurity Advice for Political Campaigns

Political campaigns are targets of cybercriminals and nation-state adversaries, who possess formidable persistence and expertise. Yet, campaign participants can resist these malicious actors by taking specific proactive steps and practicing ongoing vigilance. This article suggests such measures based on the attacks observed in recent years. If you’re participating in a political campaign, the best publicly…

Read more