Research, demonstrations, and popcorn

How to lose an InfoSec job before you’re hired

Recently I have seen many posts from out-of-work security researchers who are looking for gainful employment.  It is never a bad idea to exhaust every resource you can when looking for a job, but you should be mindful about the request you are making, the demands you have, and the impact to your acquisition of…

Continue Reading


After doing some research into MongoDB for the company I currently work for, I started looking around at some servers online.  What I found was amazing.  Database servers almost never need to be exposed on the perimeter of a network, but there are thousands upon thousands out there exposed.  I have seen excuses ranging from “We have our…

Continue Reading

Do your MongoDB admins know what they are doing?

Note:  This was originally posted to LinkedIn, but I have moved it over here to go along with the update I posted about the explosion of malicious ransom demands. MongoDB by default does not have very good security configured out of the box. Unfortunately, the technology is new enough and different enough that people tend…

Continue Reading

Black Market SaaS

Black Market SaaS – The world of cybercrime changed

Historically, cybercriminals committed crimes in small groups or organized through larger groups like the mob.  To use botnet, It took some skilled people writing malware, infecting a ton of computers, and then using it to steal information or throw a server offline through a DDoS (distributed denial of service) attack. Today, this is changing. Today, someone…

Continue Reading

Five Things I Want to See in 2015

Well, we spun around the sun once again and are back where we started.  It is now 2015.  I am excited to see what this year will bring.  There are many changes in information security coming and many issues we will need to address this year.  Here are a list of InfoSec related things I…

Continue Reading