My Writing
- Career Reflections of a Security Professional: Podcast Interview A career in information security involves learning from failures, being inspired by others, and developing business and communication skills alongside technical expertise. Professional certifications...
- Social Engineering Misleading Trademark Registration Invoices and Scams Misleading trademark registration "invoices" solicit fees for private registry listings that provide little value, while appearing to be official government bills. These schemes have operated for...
- Social Engineering How to Send Customer Emails That Don't Look Like Phishing Many legitimate business emails look indistinguishable from phishing attempts, training customers to accept fraudulent messages. Secure customer messages should avoid deep links, come from validated...
- Malware How Would You Detect and Impede Ransomware on an Endpoint? Anti-ransomware tools can detect malicious encryption by flagging processes that read or write too many files too quickly, or by monitoring for changes to files' entropy values. Decoy files that...
- Cloud Run Metasploit Framework as a Docker Container Without Installation Pains Running Metasploit Framework in a Docker container avoids the pain of installing the tool and its dependencies. The approach is especially useful for quickly deploying to a cloud server for...
- Cloud How You Can Set up Honeytokens Using Canarytokens to Detect Intrusions Honeytokens are data or computing resources that exist solely to alert you when someone accesses them, offering intrusion detection with relatively low false positives. The open source Canarytokens...