Lazy Days in the Cloud
The cloud brings scalability, reliability and security features that allow companies of all sizes to run their online business efficiently. These powerful capabilities often bri...
So you want to be a better programmer
I get asked sometimes how some people on my team can become a better programmer. I think it’s useful to think in terms of different evolutions of the programmer. In the beginnin...
Digital Currencies
I recently got interested in Digital Currencies, such as Bitcoin and others and decided to start learning about what they were, why they’re interesting, and how to invest. There...
Why You Should Have Trust Issues with Pokemon Go, and Every Other App on Your Phone
Viral Game Highlights Calls Attention to Timeless Security Debate I want to run into traffic, fall into a pond, catch Pokémon while my wife is in labor, and find ...
In Defense of Reverse Engineering and Responsible Disclosure
I was pretty disappointed after reading Mary Ann Davidson’s blog post discouraging customers from reverse engineering their software for any reason. As CSO of Oracle, one of the...
Ruby open allows command injection if user controlled
We’ve been getting a lot of Ruby on Rails Penetration tests and code reviews at Security Innovaiton, and I’ve been writing a decent amount of it myself. In general it’s a great ...
An Hour of Code with Code.org
I am staggered and truly impressed by what the team at Code.org has accomplished in such a short period of time. When Hadi Partovi started conversations in May of this year with...
New Mac Install Guide
This guide may help you install some required and some helpful settings on a new mac. I originally wrote this for my company, Security Innovation, where we have very strict comp...
Understanding Customer Needs and Helping Them Mature
(Originally posted on the Security Innovation Blog) ##Security Innovation’s manifesto on being a trusted advisor Each client has different backgrounds as well as a different dep...
The Importance of Vulnerability Disclosure Programs and Bug Bounties
I’ve written before about how important responsible disclosure is for Security Researchers. That responsibility falls on both sides of the discussion. Of course it falls on the ...