WARNING: This post is a VERY candid rant. It might trigger you. If it does, think about why it triggered you. Let’s cut the bullshit. The information security industry is flooded with frauds—people who look the part, talk the talk, but can’t actually secure a damn thing. We’ve built a system where knowing something is treated the same as being able to do it. But…
Some people love to say, “What you don’t know can’t hurt you.” That’s bullshit. What you don’t know can absolutely hurt you, and in security, it usually does. The truth is, ignorance is easy. It’s comfortable, and it’s lazy. It lets you avoid responsibility. It’s easier to believe that security is someone else’s job. It’s easier to assume compliance means protection. It’s easier to pretend…
You’ve heard it a million times: “The only stupid question is the one that wasn’t asked.” Sounds nice, doesn’t it? But let’s get real—how many of us actually live by this? In cybersecurity (and honestly, in life), we don’t ask enough questions. Why? Fear. Ego. Impostor syndrome. Toxic cultures. Pick your poison. And the result? We screw up, miss opportunities, or let preventable disasters unfold—all…
Let’s talk about something that’s been bugging me for years: the cybersecurity job market. It’s a complete mess. And if you’ve spent any time looking for a job in this industry—or trying to hire someone—you’ve probably felt it too. We’re told there’s this massive talent shortage, that companies are desperate to fill cybersecurity roles. Yet, the reality for many job seekers is rejection after rejection,…
Closing out 2024, it’s time to look back at the cybersecurity stories that made the headlines and shook our industry to its core. Each of these events left its mark, and if we’re paying attention, they’ve also left us with lessons—hard-earned, but invaluable. Let’s break it down, no bullshit, just the truth. 1. Salt Typhoon’s Infiltration of U.S. Telecommunications The Story: Chinese state-sponsored hackers breached…
Twas the night before Christmas, and all through the net, Not a creature was stirring, not even a botnet. The firewalls were hung by the servers with care, In hopes that St. Nicholas would not find malware. But in the glow of our twinkling, festive LED lights, The digital Grinches were plotting their cyber plights. They didn’t want toys, or cookies, or cheer, They wanted…
Thanksgiving is a time to express gratitude for the blessings in our lives, cherish connections with loved ones, and reflect on shared abundance. Thanksgiving is also a mix of chaos and comfort: a time when families gather to feast, share laughs, and occasionally debate something that should be off-limits for such gatherings (politics, UFO evidence, unsolicited opinions/advice, etc.). As you’re carving the turkey and dodging…
You’ve probably heard me say this many times: Information security is NOT about information or security as much as it is about PEOPLE. When I say this, people usually nod their head in agreement, but beyond that it might seem like nothing more than a catchphrase. It’s not. Pithy catchphrases are mostly useless. This quote is a deep personal truth, rooted in a story….
NOTE: I don’t normally write posts like this, but I might have been bored. If you find value in this article, let me know and maybe I’ll write more like it. Introduction Black Basta is a relatively new ransomware group that emerged around April 2022, and they’ve been in the news ever since. This morning, SecurityWeek (and others) announced that Black Basta has hit 500+…
Hope you had a wonderful Independence Day (July 4th)! We’ve gone through a lot together in this country, and I love this place we call home. Lots to do in making the USA better, but this will always be the case. This is the best country in the world, and I’m grateful! In case you missed it, two big events last week; the Kaseya ransomware…