Are You Ready: Security Readiness, 2022-10, Thoma Bravo CIO-CISO Summit

Getting Testy: Making Sure Your Defenses Will Work When It Matters Most, 2022-09, Rocky Mountain Information Security Conference (RMISC)

Prioritizing Data Sources for Minimum Viable Detection, 2019-10, MITRE ATT&CKcon 2.0

Blue team keeping tempo with offense (w/ Casey Smith) [Video], 2017, DerbyCon VII


Fall Technology Series, Ransomware, 2016-09-07, Federal Trade Commission, Washington, D.C.


We have an analysis problem, 2018-04-02, Cyber Security Interviews

The Mysteries of Detection Engineering: Revealed! , 2021-08-16, Cloud Security Podcast

Accessibility of cybersecurity solutions for small business, 2023-01-25, CyberWire

Posts and publications

Published on

A three-part series on our modern security operations model:

Build vs. Buy: Not Mutually Exclusive, 2018-07-18

Open source projects

Atomic Red Team


Media Features

Red Canary Co-Founder: MSPs Key To Closing ‘Haves And Have-Nots’ Security Gap, 2022-09, CRN

More can be done to curb misuse of Cobalt Strike, expert says, 2022-03, VentureBeat

Media Mentions

Quantum computing will require massive software updates. Doing that securely will be its own challenge, 2022-08, Protocol

Trends, threats and techniques that comprised the 2021 threat landscape, 2022-03-25, Help Net Security

The Third-Party Okta Hack Leaves Customers Scrambling, 2022-03-22, Wired

Secret Service Creates Cyber Fraud Task Forces, 2020-07, Threatpost

How to thwart human-operated ransomware campaigns?, 2020-04, Help Net Security

Process Injection Tops Attacker Techniques for 2019, 2020-03-18, Dark Reading

Signal Upgrade Process Leaves Unencrypted Messages on Disk, 2018-10, Bleeping Computer

FTC Panel Encourages Basic Security Hygiene to Counter Ransomware, 2016-09-08, Threatpost

At FTC’s ransomware workshop, FBI says: Don’t pay, 2016-09-08, International Association of Privacy Professionals (IAPP)