My Writing

• Malware APT Cartoon #6: APT Goes Mainstream on TV
• Malware Why I Make Fun of Advanced Persistent Threat (APT)
• Malware Market Segmentation in Computer Attacks
  Computer attackers segment victims by organization size (focused enterprise targets vs. mass-scale SMBs), geography (paying more for North American infections), and industry. Defenders need to...
• Tools SWFREtools for Analyzing Flash Malware
  SWFREtools provides free utilities for reverse-engineering malicious Flash programs, including Flash Dissector for examining SWF structure and disassembling ActionScript. FP Debugger traces Flash...
• Risk Management Know the Alternatives When Negotiating IT Risk Mitigation Approaches
  When business managers reject expensive security recommendations, present alternative mitigation options—such as virtual patching as a stopgap before code fixes. Understanding your BATNA (Best...
• Risk Management Why Business Managers Ignore IT Security Risk Recommendations
  Business managers may dismiss security recommendations for multiple reasons: they're better positioned to make risk decisions, they've become immune to FUD, they're fatigued from constant...