Top Categories

Spotlight

todayAugust 18, 2020

secure development + malware Jake

Network security concepts in school safety plans

As summer nears its end, there’s a lot of discussion about how and when to reopen schools and universities. As a security professional, I can’t help but see the parallels between protecting students and faculty from a pandemic and protecting networks from malware. This post will examine those similarities from [...]


  • All
  • vulnerabilities
  • vendor guides
  • secure development
  • malware
  • industry

Network security concepts in school safety plans

As summer nears its end, there’s a lot of discussion about how and when to reopen schools and universities. As a security professional, I can’t help but see the parallels between protecting students and faculty from a pandemic and protecting ...

Security doesn’t have to be a blocker

A few months ago during a conversation at a secops event, the topic of granting exceptions came up. One of the attendees was shared his dismay. “Management is always steamrolling me” he complained, “people are just being lazy, they should ...

SIGRed: A new critical vulnerability Explained

Last Tuesday, as they do every second Tuesday, Microsoft released its monthly patch updates. One in particular (CVE-2020-1350) has been drawing a lot of attention. The vulnerability is called “SIGRed”, like that lunch I may have left in the office, ...

ThiefQuest: The new macOS ransomware that’s more than it seems

Last week a new macOS malware threat was discovered. Mac ransomware, while not unheard of, is still interesting enough to be of interest to security researchers. So, when Dinesh Devadosh of K7 Labs announced his discovery over twitter. His colleagues; ...

A Threat Overview of Contact Tracing technology

This past year, as the Covid-19 virus began to spread so did the efforts to digitize the contact tracing process. As fast as the virus grew, so did the number of technical efforts by countries, institutions, enterprises and hobbyists 1. ...

Cleaning up users in 1password

Recently I was helping a company audit their 1password account. Thought I’d share some useful snippets using jq and the 1password CLI tool. This command suspends users who haven’t logged in for 3 months After suspending all the users for ...

Shifting left with vulnerability management

Recently a friend of mine told me his company, in an effort to improve security, was launching a bug bounty program. I’m a huge fan of bug bounty programs, hiring professionals to test your code is a great way to ...

Maturity in devops

As a consultant, I tend to work with a variety of clients and teams all across the product maturity spectrum. Some are just starting; maybe they have an MVP, maybe they are still building it. Others have existed in their ...

Trying Pritunl Zero

Pritunl is an open source OpenVPN and IPSec solution that comes with a somewhat popular VPN client. Pritunl Zero fills in a few more gaps by providing zero trust access to SSH and Web Services similar to products such as ...