I have written for a number of IDG-based print and Web publications, including Computerworld, Infoworld, PC World, Network World, CSO Online and ITWorld.
CSO Online articles
I began writing for them in 2017.
- IDS/IPS buyer’s guide (10/24)
- AI-SPM Buyer’s Guide (9/24)
- Port shadowing, a new VPN issue (7/24)
- Analysis of the latest Kaspersky ban (7/24)
- What prevents SMBs from adopting SSO (6/24)
- The latest news on NSO and Pegasus (6/24)
- Interview with Amazon CISO Amy Herzog (6/24)
- Third-party open source library issues (5/24)
- Microsoft Build session on AI security with Mark Russinovich (5/24)
- Why it is time to get rid of NTLM (5/24)
- IAM explained (updated 5/24)
- A dozen of the top data security posture management tools (4.24)
- Protecting your Kubernetes estate from cyber attacks (2/24)
- Traffic Light Protocol (2/23)
- Secure browsers (10/22)
- CNAPP review (9/22)
- How to manage your certificates (5/22)
- VPNs for enterprise security and privacy (4/22)
- Understanding SOC-as-a-Service providers (updated 3/22)
- Securing your WordPress site (revised 3/22)
- Risk-based authentication (2/22)
- Red/blue teaming lessons learned (1/22)
- Email security suites (11/21)
- How to find the right testing tool for Okta, Auth0, and other SSO solutions (9/21)
- Mitre’s D3FEND explained (7/21)
- CSPM explained (6/21)
- MFA attacks (6/21, revised 8/24)
- Top 7 mistakes in migrating your apps to the cloud (1/21)
- Homomorphic encryption products (10/20)
- Microsoft Teams security (9/20)
- Common cloud configuration errors (9/20)
- Time to deploy passwordless options (8/20)
- MFA tools: an update (revised 9/19)
- Top 5 email encryption products: an update (revised 9/19)
- What is a CASB? What you need to know before you buy? (revised 7/19 and then 5/24)
- Reviewing SSO tools (revised 7/19)
- Evaluating DNS security providers (7/19)
- What is Magecart? (6/19)
- preparing your SOCaaS RFP (6/19)
- How to improve container security (4-19)
- How online polls are hacked (2-19)
- Building your forensics analysis toolset (1-19)
- Securing your WordPress site (1-19)
- Beefing up your Slack security with ten tools (11-18)
- How to set up a digital forensics program (11-18)
- Top application security tools for 2019 (11-18)
- What is application security? (10-18, updated 9-20)
- The Sony hacker indictment: what lessons IT can learn (9-18)
- Keeping your AWS infrastructure secure with CloudGoat (8-18)
- Rethinking the process of doing risk assessments (6-18)
- Risk based authentication (5-18)
- Honeypots as deception solutions: What to look for and what to buy (5-18)
- What is the Mitre ATT&Ck framework and what red teams need to know (4-18, revised 9-21)
- Review of ATT&CK tools from Endgame, Uber, and others (4-18)
- How RSA handles fraudulent banking transactions at their Israeli command center (3-18)
- Planning a CTF contest (3/18)
- Understanding PowerShell exploits (2/18)
- Mastering email security with DKIM, SPF and DMARC (2/18)
- Check Point’s SandBlast Mobile (7/17)
- Using whitelisting to block malware (7/17)
Infoworld
I started writing for them back in the middle 1990s, and ended up with what turned out to be one of my longest stints as a bylined columnist for any single publication. (Note: the link to the portal on my site above has more broken than working links, but it is an interesting historical document.) I have begun writing for them again in 2022.
I was first hired as a columnist by Stewart Alsop and Bob Metcalfe in 1993. We called my column “The Network Curmudgeon” and I had a lot to say about the various networking products back in the day. Then the column morphed into was probably one of my most fun gigs for any magazine. Called “On Site”, I would travel to different cities and test a new product on site with the cooperation of the IT shop and the vendor who’s product we were trying to install. If reality TV was around back then, I could have had my own series, maybe. More than 150 people contributed to this effort alone over the years that I wrote these series, and thanks to the editing talents of Rachel Parker the columns were a great chronicle of how hard it (still) is to get new products installed, even when you have the vendor’s developers and other resources at your beck and call. I also helped get their initial Web site started.
Here are links to my stories:
- Roblox and Hashi fix an outage (1/22)
- Software asset management technologies (3/22)
- What app developers need to do now to fight Log4j exploits
(1/22) - Making sense of Microsoft’s Azure (10/08)
- The unintended consequences of new privacy legislation (9/08)
Network World articles
I have written for Network World for many years. One of my older but still favorite articles is this one from 2001 where I examined the networking infrastructure of Disney’s theme parks. The most recent reviews:
- Cloud costing analysis tools (updated, 6/22)
- Lessons learned from the Atlassian network outage (5/22)
- Securing the smart home series:
- General issues (4/17)
- Amazon Alexa vs. Google Home (4/17)
- Linksys Velop routers (5/17)
- Making the right product choices (5/17)
- Philips Hue smart lighting systems (6/17)
- Google Nest thermostat (7/17)
- Netgear’s Arlo webcams (8/17)
- Review of five email encryption tools (3/17)
- Review of Microsoft’s Windows Defender AV (1/17)
- Review of Check Point Sandblast technology (10/16)
- Endpoint protection products review (7/16)
- Multifactor authentication products review (6/16)
- Israel wants to become a cyberpower (2/16)
- Google Pixel C tablet review (1/16)
- 10 Password managers reviewed (12/15)
- Cylance and Carbon Black review (11/15)
- Review of encrypted email tools (7/15)
- Review of SSO tools (6/15)
- Revew of Cloud Costing Services (4/15)
- Review of NAC tools (3/15)
- Review of Uptime Software management tool (1/15)
- Review of UTM SMB appliances (1/15)
- Review of DYN’s Internet Intelligence (10/14)
- Review of Citrix Xen Mobile MDM (8/14)
- How Aryaka’s global private network speeds access to Internet apps (7/14)
- Unisys Stealth to protect your network itself (5/14)
- Secure browsing technologies (4/14)
- VM Security still a work in progress (3/14)
- The Mac and Me: 30 years later (1/14)
- Mobile device managers (12/9/13)
- Best tools for protecting passwords (9/3/2013)
- UTM appliances for small businesses (6/16/13)
- Two factor authentication services (5/20/13)
- Social Media Engagement tools (March 2013)
- Eight different single sign-on products (December 2012)
- Eight different Web-based conferencing services (October 2012)
- Of Checkpoint’s latest R80 Firewall version (May 2011)
- A comparison of VM protection products (March 2011)
ITWorld articles and blog entries
Here are links to my feature stories, where I can reconstruct them. This site was taken off-line in 2015:
- A get-up-to-speed guide on hyper-converged infrastructure (8/15)
- A get-up-to-speed guide on VDI (8/15)
- A get-up-to-speed guide on moving legacy apps to the cloud (8/15)
- 5 Ways to save money on your cloud costs (7/15)
- Hyper-Converged Systems Modernize the Enterprise Data Center (5/15)
- These organizations will train, mentor and help you find your next job for free (4/15)
- Enterprise Mobility: Enabling the Mobile Worker (4/15)
- Why Israel could be the next cyber security world leader (3/15)
- How to bridge and secure air gap networks (12/11/14)
- How to pick the right MOOC (10/9/14)
- Why – and how – to do a better job of listening to your end user customers (10/23/14) (Teradata conference)
- How to get the most value out of your data dashboards (9/23/14) (Tableau Conference)
- Maximizing your online training (9/15/14)
- Why your data needs a data artist in residence (8/6/14)
- Finding the right moment of trust (7/7/14)
- Enterprise mobility management (6/25/14, PDF reg.)
- How to raise a tech entrepreneur (6/22/14)
- Going for the Hackathon Gold (4/3/14)
- What IT Should Fear Most about the Netflix/Comcast deal (2/27/14)
- Virtual Storage Roadmap (1/14, PDF)
- Your strategic guide to VDI (12/13
- A/B Tests cut the fluff and make the pixels count (11/27/13)
- Six mapping trends to help businesses (11/15/13)
- How post-industrial St. Louis made itself a startup hotbed (9/5/13)
- Controlling the BYOD Chaos (8/17/13)
- Optimizing cloud performance (8/13) (PDF)
- Keep bad guys off your network with geofencing (6/6/13)
- Deb Estrin wants to open source your life (5/25/13)
- Quirky tech conferences worth attending (5/3/13)
- LinkedIn makeover for software developers (4/17/13)
- Try out your Hadoop app on the world’s largest cluster (4/11/13)
- 12 LinkedIn profile mistakes to avoid (4/3/13)
- How to choose a social media monitoring tool (4/1/13)
- How smart crowds are solving big data problems (3/23/13)
- eSignature review (8/13/12)
- Tame users’ gadgets with mobile device managers (7/23/12)
- NoSQL: Breaking free of structured data (6/9/11)
- Make open source mapping work for you (5/3/11)
- Amazon Cloud Drive vs. Google Docs vs Microsoft Skydrive (4/1/11)
- 12 Questions to ask your cloud computing provider (3/25/11)
- Accept mobile credit card payments anywhere with your iPhone (3/21/11)
- TechSoup case study (2/7/11)
- Behind the scenes at the Cowboys stadium before Super Bowl XLV (2/1/11)
- Various cloud computing tips (1/5/11)
- How to prevent data from leaving your network (8/30/10)
- How to run IE v6 on Windows 7 (8/27/10)
- How to safely travel without your laptop (8/18/10)
- Desktop virtualization first steps (8/3/10)
- XP to Windows 7 migration: 6 tools to help you make the move (6/21/10)
- New Windows Server 2008 versions (4/11/10)
- Four ways enterprise software is becoming social (3/30/10)
- Simple online database sharing (3/21/10)
- How to buy a web application firewall (3/1/10)
- A guide to Amazon Web Services for corporate IT managers (2/16/10)
- Understanding the economics of thin clients (12/21/09)
- VDI Strategies to get started (12/17/09)
- Effortless Email Encryption (12/1/09)
- Windows 7 Networking Changes (11/30/09)
During 2009, I wrote the blog “Tech That Matters” for ITworld with frequent posts of interesting technology and tactics for IT managers.
PC World Net Work Columns
During 2009, I wrote for PC World including a series of blogs and columns under the title of “Net Work” covering practical tips for SMB networking and communications solutions. Here are the links:
- Six annoying router problems and how to fix them (7/17/10)
- Endpoint security choices (6/29/09)
- How To Choose the Right Network Printer (6/6/09)
- Is it time to switch to an all-wireless network? (5/27/09)
- Making international cell calls (5/22/09)
- Better ways to share documents (5/13/09)
- Do you really need a file server? (5/8/09)
- Keep up with the news with personalized Web portals (4/29/09)
- How to use Internet faxing (4/22/09)
- How to do email lists right (part 2, 4/14/09)
- Choosing the right email list services (4/10/09)
- Picking the right cell data provider (4/1/09)
- How to protect your network with OpenDNS (3/26/09)
- Using online backup service providers (3/19/09)
- Protect your data with whole disk encryption products (3/18/09)
- Recover your laptop from theft, electronically (3/17/09)
PC World feature articles
- Master of your own Internet domain (9/4/09)
- Sharing spreadsheets the Web way (5/18/09)
- Setting schedules and meetings electronically (5/21/09)
- Seven lessons that SMBs can learn from big IT (10/13/08)
Computerworld
I first started writing for Computerworld print back in the mid-1990s. Here are links to my stories:
- Peak and Tibbr review (8/14/14)
- Three collaboration tools: Glip, Flow and Slingshot (7/23/14)
- Cloudshare.com review (4/13/11)
- My favorite iPhone apps (4/1/11)
- Six annoying router problems and recommendations (6/17/10)
- Top iPhone Apps for IT professionals (11/12/09)
- Three social networking multiple posting services (7/20/09)
- Three email encryption applications (6/2/09)
- Your boss is spying on you now (7/23/07)
- Aventail Connect Mobile secures smart phones (7/2/07)
- Welcome to the world’s largest computing grid (Teragrid, 6/26/07)
- Data center moving day (REJIS, 6/19/07)
- How to prepare your business network for VOIP (5/30/07)
- Safend endpoint security (5/23/07)
- Review of Linksys low-end IP PBX (5/11/07)
- Enterprise IM strategies (3/21/07)
- On the go gadgets (12/18/06), a review of the TomTom GO 510 portable in-car GPS for the annual gift guide
- Why Bluetooth in the enterprise is still a pain (11/8/06 online and an op/ed in the 12/4 print edition)
- Six steps to a wireless site survey(10/31/06)
- Broadband wireless data on the go(9/22/06)
- Comparison of TrustELI and Sofaware DSL modem/router/gateway products (9/6/06)
- Ten ways to secure your SOHO network (9/5/06)
- How to setup WPA2 on your network (8/25/06)
- How to build your own corporate IM system (7/27/06)
- AIM Pro — Still in the amateur leagues (7/27/06)
- DNS for people: eTelemetry’s Locate (7/11/06)
- How to be a better blogger — and still keep your day job (5/29/06)
- Three wireless email mobile devices (9/1999)
- Executive technology: Smart Pagers (8/17/98)
Hi David,
I have crossed by your magnificent piece of content
(Top application security tools for 2019)
Thank you for this informative content.
I noticed there is another tool could be added to Runtime Application Self-Protection section.
It is Shieldfy software: https://shieldfy.io/
Shieldfy is a Runtime Application Self-Protection (RASP) software ,made by developers for developers, for security mentoring and protection web application. It also allows you to detect vulnerabilities in both development & production stages and help you fix it. In addition to providing detailed reports on your attacks.
It will be great if you could add shieldfy to this list.
Keep rocking the useful content Dstorm
Thanks in advance 😄