Just as IT organizations around the world began to believe in life after critical-path-security-product-outages, to loosely quote Cher, the satirical security intern appears again Intern-al Monologue: This time will be different! I'm going to start out making a difference in my new career at the certificate authority. I&

AWS Security Groups This is a series on practicing skills used to hunt for bugs, make the world a better place, and earn some coin. This series is by many accounts, a list of failures...since none of the things I write about were considered vulnerabilities or valid for fix.

I have encountered a lot of questions by customers lately around the effectiveness of tagging external emails.  All the questions and pushback on these programs have made me introspective.  I never personally felt much passion about email tagging before, it has always struck me as metadata, something out of the

It's true, it is urgent, and if you already upgraded to 2.15.0, or the Java 7 equivalent, getting to 2.16.0 or higher should not be prohibitive!  But, if working in security has taught me one thing, it is to take nothing for granted.  Maybe

Learning new things regularly is important.  I make it a habit to find new things to learn even when they do not have a direct focus on information security.  Projects like this give me a chance to draw upon a more broad set of experiences in the work I do,

Alright, thats a pretty dramatic title!  Here's how my background in penetration testing helped to keep me safe during an amateur project I took on recently My Trusty MultimeterIt was time to replace an in-sink disposal but while getting into the project I noticed that there had been

I was approached by a coworker I didn’t know very well yet the other day with a simple question, “what antivirus do you use?” You probably sense it too: there has to be more to this question! I asked if there were specific concerns they had regarding AV? They