Over the years I have written many blog posts for various corporate clients. Here are links to these efforts. Note, blogs come and go, some links may no longer be active.
I began writing articles and working as the site evangelist in August 2015. Here is a link to my work.
In March 2020 I began writing a series of posts of tips and commentary about various infosec topics.
In April 2020 I began writing both blog posts and ebooks for them, mostly on security topics.
Various RSA blogs
I was the blogger-in-residence for the annual RSA Archer conference in 2018. I also contributed these blog entries:
- Paying down your technical security debt (1/7/21)
- Security predictions (12/14/20)
- Understanding security chaos engineering (12/9/20)
- Endpoints are the new security perimeter (11/4/20)
- Non-binary security decisions (9/16/20)
- Favorite RSA products of the past (9/1/20)
- Enabling the virtual SOC (08/13/20)
- Making the next digital transition (6/23/20)
- Do you know where your firewalls are located? (5/19/20)
- Think Long-Term: Learning from Today’s Lessons in Business Resiliency (3/25/20)
- Renaissance of the OTP hardware token (3/20/20)
- The tried and true is still relevant (Bruce Schneier book, 2/20)
- Why you need a chief trust officer (12/19)
- Giving thanks and looking forward to 2020 (11/19)
- Are you really cyber aware? (10/19)
- The digital risk challenges of a smart city (9/19)
- Understanding who owns your security infrastructure (8/19)
- Taking hybrid cloud security to the next level (7/19)
- Risk analysis vs. assessment: the key to digital transformation (6/19)
- Managing the security transformation for the truly distributed enterprise (5/19)
- Third-party risk is the soft underbelly of cybersecurity (4/19)
- Understanding the trust landscape (3/19)
- Security predictions for 2019 (12/18)
- Tips to make your Archer deployment successful (11/18)
- Time to practice cybersec awareness every day (October 2018)
- Experts speak out about managing risk (October 2018, contributor)
HPE’s Enterprise.Nxt blog
I began writing for them in 2017.
- CISO faces breach on first day on the job (11/19)
- Lessons learned from watching infosec TED talks (10/19)
- Ways that ransomware can indicate poor IT planning (6/19)
- Six megatrends from the Verizon DBIR (5/19)
- Top 10 security trends to watch for in 2019 (10/18)
- Malware authors using rare Windows services, here is how to protect against them (1/18)
- How enterprises are using open source (12/17)
- Getting better CEO infosec hygiene (10/17)
- What developers can learn from the best museum designers about UX (9/17)
- The rise of ransomware (9/17)
- What to look for in your next CISO (6/17)
- IoT Security: some lessons learned from the Mirai botnet (2/17)
- Nine ways to improve IoT device security (1/17)
Red Hat Developer Blog
I began writing for them in October 2019 on various issues.
In September 2019, I began writing for them on infosec topics.
I began writing security-related articles for them in 2016. They have removed most of these articles, contact me if you want any copies of them.
- We still have plenty of network printer attacks (3/18)
- A tour of current blockchain exploits (2/18)
- Ten ways to harden WordPress (2/18)
- The year of vulnerabilities in review (12/17)
- What is HTTP Strict Transport Security? (12/17)
- How to cope with malicious PowerShell exploits (10/17)
- How to secure containers (10/17)
- Implementing better email authentication systems (10/17)
- What is WAP billing and how is it being exploited? (9/17)
- The difference between anonymity and privacy (9/17)
- What is OAuth and why should I care? (8/17)
- The dark side of SSL certificates (8/17)
- What is the CVE and why is it important (8/17)
- Why you need to deploy IPv6 (7/17)
- Three-part series on the new rules of MFA (7/17)
- What is fileless malware? (6/17)
- How ransomware is changing the nature of customer service (6/17)
- WannaCry: Where do we go from here? (5/17)
- What is a booter and a stressor? (12/16)
- The challenges and opportunities for managing IoT (12/16)
- Who are the bug bounty hunters (11/16)
- How to heighten HIPAA security (10/16)
- Why grammar counts in decoding phished emails (10/16)
- How to communicate to your employees after a breach (9/16)
- 6 Lessons Learned from the US Secret Service on How to Protect Your Enterprise (9/16)
- Economist paints a dark future for banking industry (8/16)
- Wireless keyboards vulnerable to hacking (8/16)
- Hacking Your Network Through Smart Light Bulbs (8/16)
- Windows 10 Anniversary security features: worth the upgrade (8/16)
- How to implement the right BYOD program (8/16)
- The benefits and risks of moving to BYOD (8/16)
- There is no single magic bullet for IoT protection (7/16)
- Beware of wearables (7/16)
- Understanding the keys to writing successful ransomware ((7/16)
- It’s Time to Improve Your Password Collection (6/16)
- Euro banking cloud misperceptions abound (6/16)
- Beware of ransomware as a service (6/16)
- When geolocation goes south (5/16)
- Turning the tide on polymorphic malware (5/16)
- How stronger authentication can better secure your cloud (4/16)
- The Internet-connected printer can be another insider threat (4/16)
- Beware of malware stealing credentials (4/16)
Citrix Synergy show blog
During May 2017, I wrote a series of blog posts from the annual show.
- Better ways to manipulate data than Google Docs (7/16)
- Is it Time for Citizen Developers to Replace IBM Notes (7/16)
- Signs You Should Replace Microsoft Access with an Online Database (7/16)
- The benefits of being in a hackathon (6/16)
- How Can a Non-Programmer Learn to Build Business Applications? (6/16)
- Lessons Learned From IT Asset Management (6/16)
- How Citizen Developers Can Manage Their Own Apps Better (6/16)
- How to make meetings more productive (4/16)
- How much code do you need to collaborate (4/16)
- Signs your team is misusing email for collaboration (4/16)
- Recognize the warning signs of spreadsheet abuse (3/16)
- Spreadsheet horror stories (9/14)
- Time to end spreadsheet abuse (3/14)
- Why firewalls aren’t your only friend (7/16)
- What kind of tools do you need to secure mobile apps? (5/16)
- Why is SQL injection still around? (3/16)
I wrote a series how-to articles for this site in the summer of 2015. A complete collection of my articles can be found here. They cover how to set up various VPNs and other products.
VMware Erdos/ IT outcomes blogs
I began writing several items for them in 2015:
- How to defend the cloud (7/15)
- Simplifying storage solutions (4/15)
- Virtualize Scale-up, Scale-out, and Every Application in between (4/15)
Bright Computing Blog
Solution Providers for Retail blog
(This blog has been taken down, sorry.) Between 2013-15, I contributed a series of articles on how VARs can better support their retail customers, including information gleaned from an extensive report on the restaurant industry.
IT Central Station
I have been contributing content to this community-driven site for several years, mostly reprints of my video screencast product reviews. Here is an article on application performance monitoring that I did for them in March 2015.
New Relic Blog
In 2014 I began writing some pieces for them about programming-specific topics.
Ricoh-sponsored blog called WorkIntelligent.ly
I have written a series of general interest stories for this blog from 2013-5, including security, personal productivity, and IT management topics. The blog has been taken down.
Software development tools vendor Smartbear has a rich blog full of interesting articles on this topic, and I have written a couple of pieces during 2013 here.
I have written another series of technically-minded articles for their blog that began in 2012, including security, IT management, and Internet-related topics. Sadly, these were taken down.
AT&T Networking Exchange Blog
I wrote a couple of posts on network security for them several years ago, and the blog is no longer operating.
The Freelancer blog
This blog, which was begun in 2012, covers generally freelancing work issues and I have written several stories about my own freelancing business and strategies learned over the years from the school of hard knocks. Here is a collection of my stories.
Internet Protocol Journal
This semi-scholarly periodical covers advanced Internet topics. I have written for them several times:
- Understanding fileless malware ( 2018)
- The Demise of Web 2.0 (2012)
- How Internet Messaging is transforming the enterprise network (2006)
- The state of secure email (with Marshall Rose, 1999)
Beginning in 2013, I wrote these security and cloud-related stories for several CA-sponsored blogs. Most of this content has been removed. Here is one sample:
HP-sponsored website called Input/Output
This is a custom published site with independent editorial content with HP as its sole sponsor. I have been writing for them for several years, here are some samples of the pieces that I have done for them. Sadly, HP took down the blog.
- This Ain’t Your Father’s Web Application
- Six ways to share your photos online discreetly
- The changing face of malware and endpoint security
- How to measure latency in the cloud
- Understanding Enterprise Printer Fleet Management
This is a Dell-sponsored IT information site that was begun in 2009 and now discontinued. I have written product reviews, case studies, how-to articles, and screencast review videos. Many of these articles concern how to migrate from XP to Windows 7.
I write occasional white papers for clients on technical topics, including security, network applications, and Internet services.