My Writing

• Training Tying Shoelaces and Information Security
  Most people tie shoelaces with the weaker knot because the stronger version is harder for children to learn. Similarly, security "best practices" we've followed for years may not be optimal—tribal...
• Career Are Anxious People More Vigilant in Information Security?
  Research suggests nonanxious individuals may detect early warning signs of trouble better than anxious people, whose brains leap into action only after threats reach an obvious threshold. Calm...
• Risk Management The Risks of Remote Desktop for Access Over the Internet
  Exposing RDP to direct Internet connections is risky—beyond credential-guessing opportunities, critical vulnerabilities like CVE-2012-0002 can allow remote code execution without authentication....
• Career Hiring Strong Candidates for Information Security Roles
• Risk Management Why Are Executives More Prone to Accept Risks?
  Research links high status and power to greater trust in others and overconfidence in one's own knowledge. Executives may accept security risks while being overly trusting and without spending...
• Social Engineering An Example of SMS Text Phishing
  SMS phishing ('smishing') messages impersonate carriers like Verizon to direct victims to credential-harvesting websites using spoofed sender numbers and lookalike domains. Mobile users are...