Blog Posts

2025

• Blocking Zoom Webinar Spam with Microsoft 365 Mail Flow Rules
• Bad Scanner: A Tool for Simulating Poor Quality Document Scans
• SANS Timer
• Getting Started with YARA
• Ways That Human Intelligence is Different from AI
• File Organizer: A Python Utility for Efficient File Management

2020

• Interactively Exploring NTFS Timestamps

2019

• Create an EC2 that Runs Chrome for Sandboxed Web Surfing
• The Equifax Data Breach and the Apache Struts Vulnerability
• Test Early, Test Often
• Check Multiple AWS S3 Buckets for Missing Default Encryption

2018

• Timestamp bash_history with every command

2017

• Information Security at Startup Companies
• Has SHA-1 been hacked?

2016

• FIPS 140-2 in a Nutshell
• The Trust-Value Equation
• The Encryption Magic Bullet
• Capture a spurious outbound connection with NETSTAT
• Modify a line in wtmp - Linux Accounting
• HTTPS: Is it Possible to Forge a Web Server Certificate?
• Are BitTorrent Pieces 250Kb Long?
• SOC 1 vs SOC 2

2015

• Questions to Ask Executive Management when Considering a New Job
• A Python Parser for BitTorrent Metainfo Files
• Bash Script Tests for OS and Run as Root
• How to Install TSHARK in Unattended Mode via Script
• Change config settings using a bash script
• CISSP vs CEH vs Security+
• The Contracting Life Cycle
• Define: PCI Service Provider

2014

• A Mission from God, Blues Brothers Style

2013

• Defense-in-depth, Part 2
• ZeroBin XSS Vulnerability Patched in 0.19
• ZeroBin as a XSS Attack Platform
• Defense in Depth
• Security Policy Exceptions
• Shannon Entropy of Various File Formats
• Calculate File Entropy
• Securely Delete Files with SDelete
• Why Have Security Policy?
• Goodbye Oz Data Centa
• The Difference Between Leaders & Non-Leaders
• Eight Traits for Vision

2012

• PowerShell Script to Log Network Connections
• Looking in Pastebin at the Hactivism Carnage
• CMM & Organizational Process Maturity
• Lessons Learned from the JFK Jet Skier Incident
• Zero Factor Authentication
• Be an Actor, Not a Reactor
• Success Has Many Fathers
• OPSEC is Really Not OPSEC
• Ironic OpSec
• How Hackers Get Passwords
• What does trust have to do with it?
• Are We More Secure Today?
• Security & Customer Trust
• The Sources of Influence Behind My Leadership Style

2011

• My Security Philosophy
• Management Paradigms
• Skype in the Enterprise
• Hire Yourself as a Consultant
• Is Server Downtime an Information Security Incident?
• Moments of Truth - Examining Your Organization's Customer Service
• Maxwell's Law of the Scoreboard
• Alligator Fighting
• Take Steps to Achieve Greatness
• Plan - Do - Check - Act
• A Quality Thought

2010

• Separation of Duties in Scrum Software Development