Blog Posts

2026

• Mar 31 When Your AI Keeps Making the Same Mistake
• Mar 30 Why Your Agent Needs a Credential Broker - Introducing CB4A
• Mar 27 When Your GitHub Organization Becomes the Exfiltration Channel: Lessons from TeamPCP
• Mar 06 Teaching My AI to Learn from Its Mistakes
• Mar 05 Teaching My AI Assistant to Manage Monkeys
• Mar 02 Forensic Detection of AI-Generated Images: A Practical Walkthrough
• Feb 20 Securing SSH Keys in Cloud Environments

2025

• Nov 18 Rethinking 'Identity Is the New Perimeter'
• Nov 11 Swimming Upstream: Taking Ownership of Your Professional Growth
• May 27 Blocking Zoom Webinar Spam with Microsoft 365 Mail Flow Rules
• Mar 26 Bad Scanner: A Tool for Simulating Poor Quality Document Scans
• Mar 10 Getting Started with YARA
• Mar 10 SANS Timer
• Jan 31 Ways That Human Intelligence is Different from AI
• Jan 06 File Organizer: A Python Utility for Efficient File Management

2020

• Jul 12 Interactively Exploring NTFS Timestamps

2019

• Jan 26 Create an EC2 that Runs Chrome for Sandboxed Web Surfing
• Jan 12 Check Multiple AWS S3 Buckets for Missing Default Encryption
• Jan 12 Test Early, Test Often
• Jan 12 The Equifax Data Breach and the Apache Struts Vulnerability

2018

• Sep 21 Timestamp bash_history with every command

2017

• Jun 11 Information Security at Startup Companies
• Jan 01 Has SHA-1 been hacked?

2016

• Aug 26 FIPS 140-2 in a Nutshell
• Jul 12 The Encryption Magic Bullet
• Jul 12 The Trust-Value Equation
• Mar 13 Capture a spurious outbound connection with NETSTAT
• Mar 12 Are BitTorrent Pieces 250Kb Long?
• Mar 12 HTTPS: Is it Possible to Forge a Web Server Certificate?
• Mar 12 Modify a line in wtmp - Linux Accounting
• Jan 12 SOC 1 vs SOC 2

2015

• Nov 12 A Python Parser for BitTorrent Metainfo Files
• Nov 12 Questions to Ask Executive Management when Considering a New Job
• Sep 13 Bash Script Tests for OS and Run as Root
• Sep 12 How to Install TSHARK in Unattended Mode via Script
• Sep 03 Change config settings using a bash script
• Aug 12 CISSP vs CEH vs Security+
• Jan 15 The Contracting Life Cycle
• Jan 12 Define: PCI Service Provider

2014

• Oct 12 A Mission from God, Blues Brothers Style

2013

• Aug 12 Defense-in-depth, Part 2
• Jul 19 ZeroBin XSS Vulnerability Patched in 0.19
• Jul 12 Defense in Depth
• Jul 12 ZeroBin as a XSS Attack Platform
• May 27 Security Policy Exceptions
• May 19 Shannon Entropy of Various File Formats
• May 18 Calculate File Entropy
• Apr 13 Securely Delete Files with SDelete
• Feb 13 Goodbye Oz Data Centa
• Feb 13 Why Have Security Policy?
• Jan 10 The Difference Between Leaders & Non-Leaders
• Jan 02 Eight Traits for Vision

2012

• Dec 17 PowerShell Script to Log Network Connections
• Nov 13 CMM & Organizational Process Maturity
• Nov 13 Looking in Pastebin at the Hactivism Carnage
• Oct 19 Lessons Learned from the JFK Jet Skier Incident
• Oct 13 Be an Actor, Not a Reactor
• Oct 13 Zero Factor Authentication
• Sep 13 Success Has Many Fathers
• Sep 10 OPSEC is Really Not OPSEC
• Aug 13 Ironic OpSec
• Jul 13 How Hackers Get Passwords
• Jul 07 What does trust have to do with it?
• Apr 13 Are We More Secure Today?
• Apr 04 Security & Customer Trust
• Jan 13 The Sources of Influence Behind My Leadership Style

2011

• Dec 11 My Security Philosophy
• Jul 13 Management Paradigms
• Jul 04 Skype in the Enterprise
• Jun 06 Hire Yourself as a Consultant
• Jun 04 Is Server Downtime an Information Security Incident?
• May 01 Moments of Truth - Examining Your Organization's Customer Service
• Apr 01 Maxwell's Law of the Scoreboard
• Mar 01 Alligator Fighting
• Feb 15 Plan - Do - Check - Act
• Feb 15 Take Steps to Achieve Greatness
• Jan 01 A Quality Thought

2010

• Oct 05 Separation of Duties in Scrum Software Development