I blog on Medium.
How to brainstorm defensive security controls • identifying and understanding threats, prevent/detect/respond framework, kill chains
Risk quantification: what I’ve learned • does risk quant solve a problem?, proposed tools for quantifying the risk of a data breach programmatically, tips for entrepreneurs
6 things I wish I knew about state management when I started writing React apps • mitigating prop drilling, six types of state, state vs view layer, shared vs non-shared components
7 techniques for assessing frequency when quantifying risk • examine the data, testing, standardized tables, human forecasting, attack graphs
A proposal for attacker profiling • designing a dynamic honeynet to learn attackers’ motives, skill level, determination, TTPs
Incident response stack • capabilities every IR team should have for responding to security incidents in corporate networks