I have tried to put in handy page tabs on the top nav bar to link you to most of my current work, but there are some other notable works that don’t easily fit. Here are links to these efforts. Note, blogs come and go, some links may no longer be active.

IBM’s SecurityIntelligence.com

I began writing articles and working as the site evangelist in August 2015. Here is a link to my work.

Avast blog

In March 2020 I began writing a series of posts of tips and commentary about various infosec topics.

Various RSA blogs

I was the blogger-in-residence for the annual RSA Archer conference in 2018. I also contributed these blog entries:

• Do you know where your firewalls are located? (5/19)
• Think Long-Term: Learning from Today’s Lessons in Business Resiliency (3/25)
• Renaissance of the OTP hardware token (3.20)
• The tried and true is still relevant (Bruce Schneier book, 2/20)
• Why you need a chief trust officer (12/19)
• Giving thanks and looking forward to 2020 (11/19)
• Are you really cyber aware? (10/19)
• The digital risk challenges of a smart city (9/19)
• Understanding who owns your security infrastructure (8/19)
• Taking hybrid cloud security to the next level (7/19)
• Risk analysis vs. assessment: the key to digital transformation (6/19)
• Managing the security transformation for the truly distributed enterprise (5/19)
• Third-party risk is the soft underbelly of cybersecurity (4/19)
• Understanding the trust landscape (3/19)
• Security predictions for 2019 (12/18)
• Tips to make your Archer deployment successful (11/18)
• Time to practice cybersec awareness every day (October 2018)
• Experts speak out about managing risk (October 2018, contributor)

HPE’s Enterprise.Nxt blog

I began writing for them in 2017.

• CISO faces breach on first day on the job (11/19)
• Lessons learned from watching infosec TED talks (10/19)
• Ways that ransomware can indicate poor IT planning (6/19)
• Six megatrends from the Verizon DBIR (5/19)
• Top 10 security trends to watch for in 2019 (10/18)
• Malware authors using rare Windows services, here is how to protect against them (1/18)
• How enterprises are using open source (12/17)
• Getting better CEO infosec hygiene (10/17)
• What developers can learn from the best museum designers about UX (9/17)
• The rise of ransomware (9/17)
• What to look for in your next CISO (6/17)
• IoT Security: some lessons learned from the Mirai botnet (2/17)
• Nine ways to improve IoT device security (1/17)

Red Hat Developer Blog

I began writing for them in October 2019 on various issues.

Kaspersky blog

In September 2019, I began writing for them.

CDW’s FedTech and StateTech Magazines

These are print magazines each published quarterly. My latest review is of the HP EliteBook laptop in the 5/19 issue. You can read my other articles here, including software and hardware reviews and stories about networking topics. Here is a review of Watchguard’s Firebox UTM box (1/15) and a story about how state governments can use SSO tools (3/18)

iBoss blog

I began writing security-related articles for them in 2016. They have removed most of these articles, contact me if you want any copies of them.

• We still have plenty of network printer attacks (3/18)
• A tour of current blockchain exploits (2/18)
• Ten ways to harden WordPress (2/18)
• The year of vulnerabilities in review (12/17)
• What is HTTP Strict Transport Security? (12/17)
• How to cope with malicious PowerShell exploits (10/17)
• How to secure containers (10/17)
• Implementing better email authentication systems (10/17)
• What is WAP billing and how is it being exploited? (9/17)
• The difference between anonymity and privacy (9/17)
• What is OAuth and why should I care?  (8/17)
• The dark side of SSL certificates (8/17)
• What is the CVE and why is it important (8/17)
• Why you need to deploy IPv6 (7/17)
• Three-part series on the new rules of MFA (7/17)
• What is fileless malware? (6/17)
• How ransomware is changing the nature of customer service (6/17)
• WannaCry: Where do we go from here? (5/17)
• What is a booter and a stressor? (12/16)
• The challenges and opportunities for managing IoT (12/16)
• Who are the bug bounty hunters (11/16)
• How to heighten HIPAA security (10/16)
• Why grammar counts in decoding phished emails (10/16)
• How to communicate to your employees after a breach (9/16)
• 6 Lessons Learned from the US Secret Service on How to Protect Your Enterprise (9/16)
• Economist paints a dark future for banking industry (8/16)
• Wireless keyboards vulnerable to hacking (8/16)
• Hacking Your Network Through Smart Light Bulbs (8/16)
• Windows 10 Anniversary security features: worth the upgrade (8/16)
• How to implement the right BYOD program (8/16)
• The benefits and risks of moving to BYOD (8/16)
• There is no single magic bullet for IoT protection (7/16)
• Beware of wearables (7/16)
• Understanding the keys to writing successful ransomware ((7/16)
• It’s Time to Improve Your Password Collection (6/16)
• Euro banking cloud misperceptions abound (6/16)
• Beware of ransomware as a service (6/16)
• When geolocation goes south (5/16)
• Turning the tide on polymorphic malware (5/16)
• How stronger authentication can better secure your cloud (4/16)
• The Internet-connected printer can be another insider threat (4/16)
• Beware of malware stealing credentials (4/16)

Citrix Synergy show blog

During May 2017, I wrote a series of blog posts from the annual show.

WindowsITpro

• Going beyond the password (9/16)
• Microsoft ups its Azure security features (9/16)
• Choosing among various Slack-like communication tools (8/16)
• The best tools to predict and manage cloud computing costs  (8/16)

Quickbase Blog 

I write occasional pieces on collaboration and spreadsheet-related topics.

• Better ways to manipulate data than Google Docs (7/16)
• Is it Time for Citizen Developers to Replace IBM Notes (7/16)
• Signs You Should Replace Microsoft Access with an Online Database (7/16)
• The benefits of being in a hackathon (6/16)
• How Can a Non-Programmer Learn to Build Business Applications? (6/16)
• Lessons Learned From IT Asset Management (6/16)
• How Citizen Developers Can Manage Their Own Apps Better (6/16)
• How to make meetings more productive (4/16)
• How much code do you need to collaborate (4/16)
• Signs your team is misusing email for collaboration (4/16)
• Recognize the warning signs of spreadsheet abuse (3/16)
• Spreadsheet horror stories (9/14)
• Time to end spreadsheet abuse (3/14)

Veracode Blog

• Why firewalls aren’t your only friend (7/16)
• What kind of tools do you need to secure mobile apps? (5/16)
• Why is SQL injection still around? (3/16)

EventTracker Blog

• Dealing with privilege escalation (8/16)
• Why anti-virus isn’t enough anymore (6/16)

GoDaddy Garage

I wrote a series how-to articles for this site in the summer of 2015. A complete collection of my articles can be found here. They cover how to set up various VPNs and other products.

GigaOm

Ah, the dearly departed. I wrote longer research papers for the subscription side of GigaOm, called GigaOm Pro, between 2012-14. It was fun while it lasted.

• Customer-driven infrastructure: building future apps (June 2014)
• A progress report on OpenStack (November 2012)
• Understanding cloud costs. (Aug 2012)
• Virtualization Trends 2012-13 (Aug 2012)

VMware Erdos/ IT outcomes blogs

I began writing several items for them in 2015:

• How to defend the cloud (7/15)
• Simplifying storage solutions (4/15)
• Virtualize Scale-up, Scale-out, and Every Application in between (4/15)

Masergy blog

• How cloud computing changes IT service delivery  (2/15)

Bright Computing Blog

• Arguments every OpenStack user should make (2/15)

Ars Technica

During 2013 I wrote a couple of networking stories for this site:

• 100Gbps and beyond: What lies ahead in the world of networking
• Merge ahead? Why it’s not time to converge your networks

Solution Providers for Retail blog

(This blog has been taken down, sorry.) Between 2013-15, I contributed a series of articles on how VARs can better support their retail customers, including information gleaned from an extensive report on the restaurant industry.

IT Central Station

I have been contributing content to this community-driven site for several years, mostly reprints of my video screencast product reviews. Here is an article on application performance monitoring that I did for them in March 2015.

New Relic Blog

In 2014 I began writing some pieces for them about programming-specific topics.

Ricoh-sponsored blog called WorkIntelligent.ly

I have written a series of general interest stories for this blog from 2013-5, including security, personal productivity, and IT management topics. The blog has been taken down.

Smartbear blog

Software development tools vendor Smartbear has a rich blog full of interesting articles on this topic, and I have written a couple of pieces during 2013 here.

Mozy blog

I have written another series of technically-minded articles for their blog that began in 2012, including security, IT management, and Internet-related topics. Sadly, these were taken down.

AT&T Networking Exchange Blog

I wrote a couple of posts on network security for them several years ago, and the blog is no longer operating.

The Freelancer blog

This blog, which was begun in 2012, covers generally freelancing work issues and I have written several stories about my own freelancing business and strategies learned over the years from the school of hard knocks. Here is a collection of my stories.

Internet Protocol Journal

This semi-scholarly periodical covers advanced Internet topics. I have written for them several times:

• Understanding fileless malware ( 2018)
• The Demise of Web 2.0  (2012)
• How Internet Messaging is transforming the enterprise network (2006)
• The state of secure email (with Marshall Rose, 1999)

CA Blogs

Beginning in 2013, I wrote these security and cloud-related stories for several CA-sponsored blogs. Most of this content has been removed. Here is one sample:

• Making Your Mobile Apps More Secure

HP-sponsored website called Input/Output

This is a custom published site with independent editorial content with HP as its sole sponsor. I have been writing for them for several years, here are some samples of the pieces that I have done for them. Sadly, HP took down the blog.

• This Ain’t Your Father’s Web Application
• Six ways to share your photos online discreetly
• The changing face of malware and endpoint security
• How to measure latency in the cloud
• Understanding Enterprise Printer Fleet Management

ITExpertVoice.com

This is a Dell-sponsored IT information site that was begun in 2009 and now discontinued. I have written product reviews, case studies, how-to articles, and screencast review videos. Many of these articles concern how to migrate from XP to Windows 7.

DigitalLanding.com

In 2006-7, I was the editor-in-chief of a new Web site devoted to helping consumers understand how to best use broadband Internet connections, and hired a collection of writers and editors to build more than 100 different articles on the topic, including how to use VOIP, digital photography, choosing between cable and DSL connections, and more. The site was sponsored by Acceller, a company that provides back office software to telcos and cable companies to help provision broadband customers.

White papers

I write occasional white papers for clients on technical topics, including security, network applications, and Internet services.