• 09 Nov 2024

    Extremely blessed to go from near death to keynote speaking again

    My rising from the ashes moment... Just a few weeks ago, I had the opportunity to serve as a keynote speaker to hundreds of people at the TribalNet conference in Las Vegas, NV. What a show! Great people. Super well-run event. 👍 This wasn't just any speaking engagement for me, though...Three years ago, I was one notch above being bedridden...most of the time. I was experiencing pain and dozens and ...

    Continue Reading...
  • 31 Oct 2024

    It’s 2024, yet college football’s Power Four teams were using unencrypted GSC helmet communications

    Just when you think most people understand the basics of security, along comes a story like the following: Sources: College helmet communications on unencrypted frequencies Really!? All those efforts that coaches go to covering their mouths with their play cards...then this. According to the ESPN piece, execs for the SEC, Big 12, Big Ten and ACC have worked with GSC, the manufacturer of these coach to player communication systems, to ...

    Continue Reading...
  • 02 Sep 2024

    Career networking success – what you should do…and not do

    If you work in IT or information security, there's one thing that you'll want to be good at: networking. No, not the TCP/IP and Ethernet stuff but networking for your career. You can do this both internally within your own company as well as externally, networking with outsiders. Even if you have a job, rubbing elbows with the right people today can end up landing you work down the road ...

    Continue Reading...
  • 05 Apr 2024

    Find at-risk internal user accounts with myNetWatchman’s Active Directory Audit tool

    I'm always on the lookout for new tools that can do new and interesting things for those of us working in information security. They are few and far between, it seems, at least in the context of vulnerability and penetration testing. However, I've found one that can pay huge dividends. It's called Active Directory Audit by threat intelligence company, myNetWatchman. You know how threat intelligence vendors can find compromised login ...

    Continue Reading...
  • 28 Feb 2024

    3 resources to help with the SEC’s cybersecurity ruling on incident reporting

    There's been a lot of buzz in recent months regarding the new US Securities and Exchange Commission (SEC) cybersecurity ruling involving incident resporting. Check out the following resources I created for the folks at web application and API vulnerability scanning vendor Probely. We help you cut through the noise and understand what really matters in the context of incident reporting/response and, especially, its impact on overall application security. SEC Cybersecurity ...

    Continue Reading...
  • 10 Nov 2023

    Too many people, too many policies, too much busy work! Security has to wait…

    Busy, busy, busy...That's what everyone working in and around IT/security seems to be these days. Ditto for the average user. So many things to do and not enough time to do them. It appears that everyone is completely overwhelmed with work, putting out fires, rather than focusing on  productive work that moves the business forward. But is this really the case? Based on studies I've seen and things I witnessed ...

    Continue Reading...
  • 27 Aug 2023

    Cybersecurity All-In-One For Dummies – a new book my vulnerability and penetration testing content is featured in

    I was recently surprised to find out about this new book - Cybersecurity All-In-One For Dummies - that much of my Hacking For Dummies content is featured in. The following chapters from my book are included: Introduction to Vulnerability and Penetration Testing Cracking the Hacker Mindset Developing Your Security Testing Plan Hacking methodology Information Gathering Social Engineering Physical Security With all the other content included, this book is a very ...

    Continue Reading...
  • 10 Aug 2023

    The tautology of “Russian hacking” + why you can’t believe everything you hear/read

    Remember back in 2017/18 during the rise of the Trump regime, when the media kept repeating over and over and over again how the Russians were meddling in the election? It was convenient for them to talk about this so-called "Russian hacking" because those who control the messaging understand the average person knows very little about hacking. Interestingly, I happened to be writing a book of mine at the time ...

    Continue Reading...
  • 11 Jul 2023

    My health story is a reminder that we need to rely on the right experts

    I'm back! After quite the hiatus dealing with a rare health condition, I'm coming back to life and getting better every day! My story is quite complicated...I'm currently writing a book on the whole situation and I will share that here once it's out. Briefly...I've been dealing with debilitating neck issues, namely something called cervical instability that led to a rare condition called Eagle syndrome. My surgeon did a documentary ...

    Continue Reading...
  • 27 Apr 2022

    It’s here! Hacking For Dummies, 7th edition

    Hot off the press, the latest (7th) edition of my best-selling book on security vulnerability and penetration testing, Hacking For Dummies, is here! Hacking For Dummies is one of the oldest and most successful books on information and computer security and, as of 2019, it has been translated into 9 different languages. Who would've thought all the blood, sweat, and tears that I put in to the first edition of ...

    Continue Reading...