The Three Keys to Success in Cybersecurity
One of the big questions that I often get is: How does someone become successful in a cybersecurity career? In this blog I want to share with you the three key lessons I’ve learned during my 18-year journey in the cybersecurity industry. These lessons have paved the way for my ... Read More
The Importance of Opting Out of CPNI Data Sharing
Let’s talk about a topic that’s incredibly important for your privacy and data security. In this blog I’m going to talk about why you should opt out of the sharing of CPNI data and why that seemingly simple annual email from your mobile phone provider is more significant than you ... Read More
The Legacy of The Hacker Manifesto
I was 11 years young when The Hacker Manifesto was originally published in 1986 (yes, I’m that old). I had no idea about the manifesto at that age but several years later I begin tinkering with my first computer (an Apple IIe) and convinced my parents that I needed a ... Read More
Introducing the Shared Security Weekly Blaze Podcast
As many of you may know, I’ve been co-hosting the Shared Security Podcast (formally known as the Social Media Security Podcast) with my fabulous co-host Scott Wright from Security Perspectives Inc. We’ve been recording this podcast every month (mostly) since 2009 and over the years we’ve had feedback from many of ... Read More
Using Technology to Defend Digital Privacy & Human Rights – Presentation Notes
If you attended my talk “Using Technology to Defend Digital Privacy & Human Rights”, thank you! Here’s a list of supplemental material discussed during the presentation as well as where you can find out additional information about the topics covered. I’m happy to answer any questions that you might have ... Read More
Top 5 Attack Vectors Report: Defend It Before You Hack It
Each year my team conducts hundreds of Penetration Tests in a wide variety of industries, ranging from Healthcare to Retail, Finance to Manufacturing, and many more. The team analyzed data collected from each of our penetration tests at SecureState since 2011 and found common themes in the methods of compromise utilized to ... Read More
Project Mayhem to be Unleashed at Black Hat Abu Dhabi
For the last several months I’ve been performing research on techniques attackers could use for performing accounting fraud in popular accounting systems. This research coincides with a whitepaper that SecureState has developed entitled “Cash is King: Who’s Wearing Your Crown?” To perform this research I have collaborated with a coworker of mine, ... Read More
Burp Suite Series: Efficient use of Payload Options when Attacking HTTP Basic Authentication
In this series of blog posts I’ll be discussing some handy Burp Suite techniques we often use on our penetration tests. Burp Suite is our de facto tool of choice for assessing web applications and conducting web based brute force attacks. First up are some techniques to use when conducting ... Read More
SANS Mentor brings Security 542: Web App Penetration Testing and Ethical Hacking (GWAPT) to Cleveland
I’m proud to be teaching SANS Security 542 here in Cleveland through the SANS Mentor Program beginning in August. The SANS Mentor Program allows you to save thousands on your training budget and still experience live SANS training on the GWAPT classes – live training without traveling! COURSE DETAILS: Security ... Read More
Are We Reaching Security Conference Overload?
I saw a post from my friend Matt Neely on Twitter about how CarolinaCon and BSidesROC are on the same weekend this year. I’ve also had conversations with others earlier this week about DerbyCon (September 28-30) and GrrCon (September 27-28) being back to back as well. This is a trend ... Read More
