musings

It's been nearly 2 years since I've written anything for my blog here, and I can't say that there's much of a good reason for it. Part of the reason has been ...

I don't know about you, but I am happy to see 2018 ended. Personally, it was a very difficult year, capping a very difficult decade. Now, as we embark into 2019, it's ...

I started my security (post-sysadmin) career heavily focused on security policy frameworks. It took me down many roads, but everything always came back to a few simple notions, such as that policies ...

There are shenanigans afoot, I tell ya; shenanigans! I was recently contacted by an intermediary asking if I'd be interested in writing a paid blog post slamming analysts, to be published on ...

October was National Cybersecurity Awareness Month. Since today is the last day, I figured now is as good a time as any to take a contrarian perspective on what undoubtedly many organizations ...

Anton Chuvakin and I were having a fun debate a couple weeks ago about whether incremental improvements are worthwhile in infosec, or if it's really necessary to "jump to the next curve" ...

I have a pet peeve. Ok, I have several, but nonetheless, we're going to talk about one of them today. That pet peeve is security professionals wasting time and energy pushing a ...

I recently had the privilege of attending BJ Fogg's Behavior Design Boot Camp. For those unfamiliar with Fogg's work, he started out doing research on Persuasive Technology back in the 90s, which ...

Soul-crushing failure. If asked, that is how I would describe the last 10 years of my career, since leaving AOL. I made one mistake, one bad decision, and it's completely and thoroughly ...

In a moment of introspection last night, it occurred to me that working from home tends to amplify any perceived slight or sources of negativity. Most of my "human" interactions are online ...