- Encryption The Past, Present, and Future of the Web's Trust Model
Observability, short-lived credentials, and active enforcement hold the web's trust model together. Without them, a decade of Certificate Authority failures would've collapsed it. Will those same...
- Threat Intelligence A Report Template for Cyber Threat Intelligence
Cyber threat intelligence analysts produce credible reports by weighing signals at tactical, operational, and strategic levels. A customizable CTI report template helps analysts capture activity,...
- Threat Intelligence Six Signals for Threat Attribution
Credible threat attribution weighs six signals together. Each signal has a disciplined methodology behind it, with citations and stress tests to back the conclusions.
- Deception Plant Decoy Personas to Detect Impersonation Attacks
Decoy personas extend honeytoken thinking to user accounts and public profiles. The technique gives defenders a tripwire on the identity surface that other detection layers don't cover.
- Artificial Intelligence Making Sense of Security for AI: The AI Defense Matrix
The AI Defense Matrix maps eight AI asset classes to NIST CSF functions, giving security leaders one grid to assign ownership, find gaps, and select controls. Sounil Yu and I co-authored it as the...
- Tools Build a Decoy MCP Server to Catch AI Agent Attackers
Your AI agent's MCP config can be a target for an attacker who reaches your machine. A decoy MCP server entry pointing at a Cloudflare Worker can reveal the attacker's presence and their intent.