Top 10 Security, Business, and Technology books of 2017

I've compiled my annual list of top books.  Not your typical top ten list.  Check it out at OODA Loop


Every Cyber Attacker is an Insider

"What enterprise executives need to realize is that in today’s environment, every cyber attacker is a potential insider. Given the prevalence of BYOD (bring your own device), supply chain integrity issues, foreign travel, and the plethora of…


10 Red Teaming Lessons Learned Over 20 Years

I've written a few popular blog posts over at OODA Loop. Here is one I did on red teaming lessons learned. "I often get asked what lessons I’ve learned over the past twenty years, so I started putting together this list of 10 lessons learned over 20…


Virtual Reality paper from 1993

Before Neo awakened to the existence of the Matrix and before Mark Zuckerberg donned his first Oculus Rift VR goggles, I was writing about the relationship between immersive virtual reality, philosophy, and human behavior (adopting a position of do…


Virtual Tradecraft Paper outline from 2006

Capturing this here for posterity. A friend in the intelligence community got me interested in Second Life which lead to putting together some thoughts on the intelligence implications of virtual worlds. We were talking about this seven years…


Kill with a borrowed sword - An Origins Story

If you've seen me speak in the past 15 years, you've seen a slide that looks something like this: It was my adaptation of an ancient Chinese stratagem for the information age in which an adversary would use our infrastructures as weapons against…


State Sponsored Cyber Threats - The Long View

"Thinking about state-sponsored cyber threats over the long term doesn't come easy to Western strategists. This essay takes a look at at the strategic implications of thinking only in the short-term." Source: OODA Loop - State Sponsored Cyber…


Computer Mod That Made Me Smile

Only really funny if you've read this paper.


Physical attacks against digital targets

Anyone who has seen me present or has been a student in my class is familiar with the matrix below. In fact, this matrix was the guiding principle for an entire conference session in Sweden 18 months ago and I've briefed on it least 300 times to…