My Projects

I build tools, training, and content that help security practitioners sharpen their craft. Working on these projects helps me learn and contribute to the community.

REMnux

I created REMnux to make it easier for people to examine malicious software. What started in 2010 as a small project has grown into the go-to analysis environment for malware analysts worldwide. This free, open-source Linux toolkit bundles hundreds of community-built tools into a distro that just works, allowing analysts to focus on investigation rather than installation.

Incident responders and reverse engineers can get REMnux as a dedicated virtual machine, run it as a container, or add it to an existing compatible system.

Cybersecurity Training

I created the Reverse-Engineering Malware course at SANS Institute to help others enter this field. The course originated from a paper I wrote in 2001 that systematized the analysis process. Over two decades later, I continue to update it as the primary author, keeping up with the evolution of malware techniques. Many of today's incident responders got their start analyzing malware in this class.

I also realized that technical skills aren't enough—security professionals need to communicate effectively to be heard. To fix this gap, I created Cybersecurity Writing: Hack the Reader. This SANS course teaches security professionals how to create content that drives action. I wrote about the philosophy behind it when I released the course.

Community Presentations

I speak at industry events to share what I've learned about cybersecurity strategy and tactics. Here are some of the talks with videos available for you to view:

• How to Keep Your Cool and Write Powerful Incident Response Reports (RSA Conference): What frameworks and checklists are available to help professionals rein in the chaos of incident response and deliver useful and actionable reports?
• Whoa, You've Been the CISO for 3 Years—Now What? (RSA Conference): What opportunities are available to CISOs who decide to stay in their roles after making an initial impact? Co-presented with Yael Nagler.
• Writing Effective Threat Reports (SANS Summit): How can security professionals create effective threat reports to inform a diverse set of stakeholders?
• How Security and Privacy Teams Break Barriers Together (RSA Conference): How can security and data privacy teams collaborate to strengthen their respective programs? Co-presented with Edy Glozman.

This Blog

I've been writing on this site since 2010 as a way to think out loud and share resources with the community. I've explored a variety of topics, including malware analysis, security leadership, professional communication, and more. I've also published cheat sheets that condense many security and IT concepts into actionable references.

Writing is how I make sense of the industry. I hope you find something in the collection that helps you do the same. If you want to wander around, click here to read a random article.