Writing
Opinions, analysis, and insights from real engagements. No vendor fluff.
All Posts
Security Metrics That Actually Matter
Measuring security program effectiveness with meaningful KPIs.
Read MoreVulnerability Prioritization: Beyond CVSS Scores
A practical framework for prioritizing remediation efforts.
Read MoreCommunicating Security Risk to Executives
Translating technical findings into business language.
Read MoreWriting Effective Penetration Test Reports
How to write reports that drive action and communicate risk.
Read MorePhishing Evasion: Bypassing Email Security
How phishing campaigns evade modern email security controls.
Read MoreDefense Evasion: Hiding from Logs and Monitoring
Techniques attackers use to avoid leaving forensic evidence.
Read MoreNetwork Evasion: Hiding in Plain Sight
Techniques for evading network-based detection.
Read MorePayload Obfuscation: Avoiding Signature Detection
Techniques for modifying payloads to evade static analysis.
Read MoreLiving Off the Land: Using Built-in Tools
Abusing legitimate system tools to avoid detection.
Read MoreProcess Injection Techniques: Living in Memory
Methods for executing code in other processes for stealth.
Read MoreExplore More
Read my expertise pages, research, or prepare for a pentest.