My Projects

I build tools, training, and content that help security practitioners sharpen their craft. Working on these projects helps me learn and contribute to the community.

REMnux

I created REMnux to make it easier for people to examine malicious software. What started in 2010 as a small project has grown into the go-to environment for malware analysts worldwide. This free, open-source Linux toolkit bundles hundreds of community-built tools into a distro that just works, allowing analysts to focus on investigation rather than installation.

Incident responders and reverse engineers can get REMnux as a dedicated virtual machine, run it as a container, or add it to an existing compatible system.

Cybersecurity Training

I created the Reverse-Engineering Malware course at SANS Institute to help others enter this field. The course originated from a paper I wrote in 2001 that systematized the analysis process. Over two decades later, I continue to update it as the primary author, keeping up with the evolution of malware techniques. Many of today's incident responders got their start analyzing malware in this class.

I also realized that technical skills aren't enough—security professionals need to communicate effectively to be heard. To fix this gap, I created Cybersecurity Writing: Hack the Reader. This SANS course teaches security professionals how to create content that drives action. I wrote about the philosophy behind it when I released the course.

Community Presentations

I speak at industry events to share what I've learned about cybersecurity strategy and tactics. Here are some of the talks with videos available for you to view:

• How to Keep Your Cool and Write Powerful Incident Response Reports (RSA Conference): What frameworks and checklists are available to help professionals rein in the chaos of incident response and deliver useful and actionable reports?
• Whoa, You've Been the CISO for 3 Years—Now What? (RSA Conference): What opportunities are available to CISOs who decide to stay in their roles after making an initial impact? Co-presented with Yael Nagler.
• Writing Effective Threat Reports (SANS Summit): How can security professionals create effective threat reports to inform a diverse set of stakeholders?
• How Security and Privacy Teams Break Barriers Together (RSA Conference): How can security and data privacy teams collaborate to strengthen their respective programs? Co-presented with Edy Glozman.

This Blog

I've been writing on this site since 2010 as a way to think out loud and share resources with the community. I've explored a variety of topics, including malware analysis, security leadership, artificial intelligence, and more. I've also published cheat sheets that condense many security and IT concepts into actionable references.

Writing is how I make sense of the industry. I hope you find something in the collection that helps you do the same. If you want to receive my blog posts by email, subscribe to my newsletter. And if you want to wander around, click here to read a random article or search for something specific.