9 Ways You’re Doing MFA All Wrong

As we witnessed in the MGM attack recently, you may have MFA setup correctly, but it may not be effective as you think in securing your account.

Root Cause of MGM Hack, and How It Could Have Been Prevented

A simple phone call, globally available Okta login, and pervasive IAM permissions possibly made this attack extremely pervasive.

5 Problems With Startup Security

Startups don't really care about security. They're just looking to survive and grow. With cybersecurity scrutiny coming from everywhere now, they can no longer avoid it.

DEF CON 31 Recap

SO MUCH happened (and didn't happen!) this year at #DEFCON31. Here's a snippet of what you may have missed.

Oppenheimer, CISO's, And The Politics of Cybersecurity

CISO's are under fire and are scared. Oppenheimer was a brilliant scientist, but not a politician. Lessons learned from his security hearing.

DEF CON: A Beginner's Guide Part II (Updated 2023)

DEF CON is an experience, not a conference. With 30+k attendees, it's HUGE and can be overwhelming. Here's a guide to help you navigate.

Who Is This?

Every once and awhile we get a message from a number that we don't recognize. How do we authenticate them? How do we authenticate our users?

Bug Out Planning: Preparing for Disaster in Cybersecurity and the Real World

How to Stay Calm and Handle Cybersecurity Threats Like a Pro

From Overbearing Moms to Poorly Run Security Teams: The Danger of Not Seeking Input

How to Shift from Mom Mode to Friend Mode in Cybersecurity

Getting Started With Appsec for SMBs

A quick and dirty guide to getting started in appsec from scratch

The 2023 RSA Conference: A Glimpse into the Future of Cybersecurity

A Beginner’s Guide To BSidesSF

Someone asked me recently what kind of conference was BSidesSF... so this is what my answer would be in 10 minutes...