My Writing

• Social Networking When Bots Control Content on Social Networking Sites
  Bots on social networks build fake friendships to improve reputation, mimic human profiles to evade detection, and flood discussions with spam to drown out legitimate content. Social networking sites...
• Malware When Malware Distributes Links Through Social Networks
  Malware like Koobface spreads on social networks by posting links from compromised accounts—people click because they trust friends' shares. Telling users to stop clicking won't work. Better tools...
• Malware The Worrisome State of the Information Security Industry
  The security industry faces fundamental problems: tools don't cater to our needs, vendors misrepresent capabilities, professionals preach to the choir rather than connecting with colleagues, spending...
• Malware Analysis Announcing REMnux Version 2: Linux Distro for Malware Analysis
• Risk Management Non-Financial "Currency" for Framing Security Discussions
  Frame security discussions using internal "currency" beyond dollars—reputation, service availability, trade secrets. Also consider individual concerns: looking bad in front of managers, being fired...
• Malware Metrics for Measuring Enterprise Malware Defenses
  Tracking "infections caught" provides little insight because changes could reflect better detection or just more attacks. More useful metrics include percentage of systems with current AV signatures,...