Content
Strategic insights on blockchain, AI, security, leadership, and career in an age of disruption.

The $285M Handshake: Why Trust is Your Biggest Security Risk
North Korea's Drift Protocol hack exploited trusted relationships, not code vulnerabilities. Learn how social engineering bypassed blockchain security and what it means for your defenses.
Recent Essays

AI Agents and Wellbeing: Design for Focus, Not Chaos
AI agents will either protect your focus or destroy it. The difference isn't technology—it's design. Learn why context-aware agents matter for knowledge worker wellbeing.

Why AI Getting Boring Is Actually Good News
As AI companies go public, the hype fades but real business value emerges. Here's what crypto taught us about infrastructure over narratives.

Why Superior Tech Loses: Betamax vs AI Agents
Technical excellence doesn't guarantee market success. Learn why distribution and demand beat superior engineering—a critical lesson for AI and blockchain leaders.

Beyond the Hype: What Really Matters in Crypto Launches
Strip away blockchain announcements to find what's defensible: distribution, regulatory track record, and market infrastructure—not just copyable technology.
All Content
681 posts
Updated for 2014: Online Classes for the Information Security Professional
Explore the latest online courses for information security professionals, featuring 11 top picks across computer security, in-depth topics, and InfoSec-related areas to enhance your cybersecurity skills.
Are Airline Kiosks The Next Fraud Vector?
Explore how airline kiosks might become the next target for credit card fraud, drawing parallels to the infamous Target breach. Learn about potential vulnerabilities and the implications for travelers.
Securing Amazon Web Services - Jay Schulman
The complete guide to securing Amazon Web Services.
Running Ghost on Heroku
Learn how to effortlessly deploy Ghost on Heroku with a few simple tweaks in your config.js file. Follow our step-by-step guide to set up, test, and push your Ghost blog live in no time!
4 Coursera Classes for the InfoSec Professional
Discover key Coursera classes for info security pros, including cryptography and risk management, along with unique offerings like equine nutrition, to broaden your skills and perspectives.
Why I Use Toto
If you scroll to the bottom of the page, the footer says "powered by toto." Toto is a minimalist blogging engine that runs on Ruby and is fully compatible with the Heroku platform.
Interviewing Security Professionals
I was reading a recent 37signals post about why they don't hire programmers based on puzzles or parlor tricks, and it got me wondering what strange tricks I played on the security professionals interviewing with me.
Write Down Your Passwords
The usual protocol when it comes to passwords is to create one that is hard to guess but easy to remember, because you shouldn't write it down. Yet I was still surprised to see a product specifically designed to write your passwords in.
Non Profit Wanted
Looking for a non-profit focused on helping other non-profits and charities with their information security issues, if you know of one.
A Refrigerator Has Never Been Hacked
Today's WSJ had an ad from the US Postal Service touting the security of a printed document over e-mail and the internet. Beyond the security of the printed letter, mail is great out-of-band communication with your customer.
Hacking Made Easier
NPR, along with a number of other media outlets, has been talking about new user-friendly hacking tools that let the average user be an elite hacker. I'm not an advocate for creating hacking tools, but I'd like to know what an attacker is going to use.
Keep It Simple
I had the privilege of hearing Harry Kraemer, former CEO of Baxter, present on leadership. One of his key tenets is Keeping Things Simple, and it applies directly to how security professionals sell security to the organization.