After nearly three decades in cybersecurity, hundreds of interviews, and building global security teams, here are the lessons I wish someone had shared when I was starting out.
All in Tips & Best Practices
After nearly three decades in cybersecurity, hundreds of interviews, and building global security teams, here are the lessons I wish someone had shared when I was starting out.
A fake CAPTCHA on a trusted website tried to trick me into opening Terminal and executing a malicious command. That experience led to a deeper investigation into ClickFix, a rapidly growing social engineering technique that exploits trust instead of software vulnerabilities, and why attackers are increasingly impersonating security itself.
Passwords remain one of the most common ways attackers gain access. Despite years of awareness, weak credentials, reuse, and exposure continue to drive breaches.
Earlier this month, Anthropic's Claude Mythos Preview AI model discovered 27-year-old bugs that survived decades of human review. The Cloud Security Alliance, SANS, and over 100 CISOs just published emergency guidance. Here's what vendors need to do now.
Running a vulnerability scan is easy. Treating every finding as urgent is not. This model helps teams prioritize real risk instead of chasing severity scores.
What came after a dramatic Louvre heist highlights the risks of leaving legacy technology untreated in your enterprise, and how to mitigate them before they make the news.
Step-by-step guide to changing your Venmo privacy settings, including how to make past transactions private and hide your public payment history. Updated for 2026.
Skip the cybersecurity overwhelm. This 10-minute weekend checklist covers the essential security tasks that actually matter—from software updates to MFA setup. No jargon, no scare tactics, just practical steps anyone can follow to lock down their digital life.
Think fake job applicants are just awkward interviews and padded resumes? Think again. One North Korean operative nearly infiltrated a U.S. crypto firm by pretending to be a software engineer named “Steven Smith.” This story, and the red flags it raised, is a must-read for anyone hiring online.
Passwords are still the leading cause of breaches, and most of us still treat them like an afterthought. This post breaks down where we’re going wrong, what’s finally getting better, and why passkeys might be our best shot at a password-free future.
Laptops are magnets for thieves, hackers, and nosy strangers on airplanes. This guide walks you through 10 smart ways to secure your laptop—physically, digitally, and privately—so your files stay safe, your data stays yours, and your webcam isn’t watching you back.
Quishing is phishing’s slicker, sneakier cousin. It hides behind QR codes, shows up on flyers and parking meters, and tricks you into handing over your credentials, often before your coffee kicks in. Here’s how it works, who it’s targeting, and how to stop it.
When I tried to lock down my smart thermostats, I discovered how hard it is to control what IoT devices connect to. Here’s what I learned—and why we need NetBOM.
Ransomware: Because Who Doesn’t Want to Be Held Hostage by Their Own Files?
Ransomware is no longer just a hacker’s side hustle—it’s big business. In this post, we break down what ransomware is, how it works, who it targets (on purpose and by accident), and what you can do to stay safe. Featuring real-world examples, including some very aggressive office printersmme.
Still using passwords? It might be time to move on.
Passkeys are a simpler, more secure way to log in—no typing, no phishing, no stress. In this post, I break down how passkeys work, why they matter, and how you can start using them today.
Most home devices can access the entire internet—and often each other. Segmentation helps, but without visibility into what your devices are doing, you’re still exposed.
Even cybersecurity experts fall for phishing attacks. When Troy Hunt, creator of Have I Been Pwned, clicked a malicious link and entered his credentials, it was a wake-up call for all of us. In this post, we break down what happened, why today’s phishing is more convincing than ever, and what you can do to protect yourself.
UPDATED December 16, 2021
If you are reading this, you likely have heard about Log4Shell, the December, 2021 critical zero-day remote-code execution vulnerability in the popular Log4j software library that is developed and maintained by the Apache Software Foundation. Apache has patched this vulnerability in version 2.15.0, however vendors who use this library will need to…
October is Cybersecurity Awareness Month and Breast Cancer Awareness Month. Since this is a cybersecurity blog, we will focus on cybersecurity but let’s take a moment to talk about the important topic of breast cancer.
The Colonial Pipeline ransomware attack took down the largest fuel pipeline in the United States and resulted in consumer hoarding of fuel and a short-term shortage of gasoline on the east coast of the U.S.. What could they have done to prevent this attack and what can you do today to prevent a similar attack?