My Writing

• Malware When Malware Distributes Links Through Social Networks
  Malware like Koobface spreads on social networks by posting links from compromised accounts—people click because they trust friends' shares. Telling users to stop clicking won't work. Better tools...
• Leadership The Worrisome State of the Cybersecurity Industry
  What's most telling about the security community's long list of complaints is how little it has changed over the years. Tools that don't fit our needs, vendors that overpromise, spending divorced...
• Malware Analysis Announcing REMnux Version 2: Linux Distro for Malware Analysis
• Risk Management Non-Financial "Currency" for Framing Security Discussions
  Frame security discussions using internal "currency" beyond dollars—reputation, service availability, trade secrets. Also consider individual concerns: looking bad in front of managers, being fired...
• Malware Metrics for Measuring Enterprise Malware Defenses
  Tracking "infections caught" provides little insight because changes could reflect better detection or just more attacks. More useful metrics include percentage of systems with current AV signatures,...
• Social Engineering Social Engineering in On-Line Scams: "Home Income Kit"
  Online scams use psychological factors to lower victims' guard: greed (easy money), laziness (little work), social compliance (fake Facebook likes and comments), transitive trust (mimicking news...