Writing
Selected posts from a Tuesday/Thursday LinkedIn cadence, plus the occasional longer essay, built around one idea: that security practitioners who understand both how attacks work and how defenses fail are more valuable than those who specialize in only one. The posts that landed hardest were the ones that documented failure as clearly as success.
-
Your Browser Is an Environment, Not a Tool
Three recent browser changes, FROST, Gemini Nano, and Manifest V3, are each defended in the language of your security while transferring control to the vendor. The justification is the tell.
Read the essay → -
What threat intel citation patterns reveal about the observer
The most-cited ATT&CK techniques across CISA and The DFIR Report don't reveal what adversaries do. They reveal how threat intel gets written.
Read on LinkedIn → -
Opening a folder shouldn't hand an attacker your credentials
A .url file in a network share captures Net-NTLMv2 credentials when the folder is opened. No click required. The defensive baseline is two controls, neither enabled by default.
Read on LinkedIn → -
The certification discourse is broken
On what cert stacks actually signal, what they don't, and why the conversation keeps missing the point.
Read on LinkedIn →