A quick-look at a not-so-talked-about type of security assessment, the "Secure Configuration Review”. Here I introduce a quick methodology for conducting this sort of review and provide examples of configs/settings you might typically evaluate during the assessment. Consider using this assessment type in the context of triaging OWASP Top 10 "Security Misconfiguration" or CWE-16-type flaws.
In 2019 I started my blog but knew nothing of the #IndieWeb or #SmallWeb. Thanks in large part to the awesome #Mastodon community I was introduced to these concepts and have been diving in ever since, adding IndieWeb capabilities to my site and exploring the Indie World in its entirety. To help introduce others to the IndieWeb as well as catalog useful/interesting things I encounter I decided to write a post about it.
If you’re interested in checking out a #fediverse-based alternative to Reddit, come check out infosec.pub! It hosts a number of communities including one I’ve stood up for #cybersecurity / #infosec!
I wrote this “guide” / thoughts on #Mastodon after re-joining the Fediverse in November 2022 (soon after some sort of Twitter-related crisis). This coincided with one of the larger migrations of #infosec folks to Mastodon.
I have kept this post semi-updated with a lot of interesting Mastodon/Fediverse-related resources as well as information for the infosec community here.
I’ve really loved writing for and building my blog over the years, making it uniquely mine. I highly encourage everyone to have an Internet “home” of their own and even better, to publish their own writing/thoughts there! A few years ago I wrote about why I blog and why you should too!
If any #infosec (or prospective #cybersecurity) folks out there are looking to get into Vulnerability Management (#VM), take a look at this #free “Bootcamp” I whipped up a few years ago. Cheers!
I’m a big #inboxzero fan, both as a means to generally declutter but also as a mechanism to fuel a productive to-do driven life. Check out the two-part series on Inbox Zero below if you’re interested!
For #infosec folks out there, what’s your routine/strategy for “staying current” in the field? I’ve written about my daily reading routine here for anyone interested.
The post currently features 3300+ unique infosec-related blogs/sites and has a downloadable, importable .opml file for use in your RSS aggregator of choice.
If you have a blog or site you want included in the list or know of one that is missing, feel free to let me know!
In what is my longest (by word count) post to date, I write about my journey into infosec, advice for getting into the field, and provide a ton of resources and "mini"-reviews on the assortment of cybersecurity trainings/certifications I have taken (including a review of my Masters program at JHU).
A short, introductory guide I made on Intel assembly language. I created this guide during my masters for my “Computer Organization” class at John’s Hopkins. It was useful to me back then!
Good to see more people using the #MondayBlogs hashtag. Anyone in the #WritingCommunity could benefit from it. The only rules are no porn and no book promo. It's about your blogs. Boost posts throughout the day.
Early Sunday morning (I mean real early) I came across a post by some blogger and grant writer named Jake Seliger who's dying of cancer and has a lot of regrets for how he lived his life.
I couldn't help but wonder what good his regrets could possibly do him when the end of his journey is imminent. But rather than comment on his site I used my own.