Sadly, most of the writing I have done for the Internet is no longer available online. But here are some links to works of mine that are.

• For Pepperdata
  • eBook: Reducing Costs and Increasing Efficiency with Autonomous Big Data Optimization
• For Ransomware.org
  • Phishing Is Still Easy—and Effective
• For Venafi
  • Comparing Capabilities of Venafi Jetstack Secure with Open Source cert-manager
  • eBook: Cloud Native Certificate Management – Exploring How cert-manager is Used in Kubernetes Production Environments
  • How to achieve FIPS 140-2 compliance for cert-manager
  • Global Bank Eliminates Kubernetes CertificateBased Outages with Venafi Jetstack Secure
  • Blogs:
    • China-Linked Cybercrime Group Attacks Asian Certificate Authority, Breaches Government Agencies
    • The CA/Browser Forum Won’t Yet Require HSMs Yet, But You Should
    • OpenSSL Update Patches High Severity Vulnerabilities
    • Keeping the Web Secure: Certificate Revocation Lists (CRLs) Rise from the Dead
    • Lloyds Backs Off Insurance for State-Sponsored Cyberattacks
    • Key Cryptography Standard Still Not Functional, FIPS 140-2 Going Out to Pasture
    • Study Shows Widespread Abuse of Code Signing Certificates
    • Microsoft Backs Off Internet Office Macro Ban [Update]

• For Hewlett-Packard Enterprise (click here for all of my writing, with highlights below):
  • RPKI brings security, reliability to BGP routing
  • DNS security still an issue
  • Automation and artificial intelligence are the future of security, according to new report
  • Security and quantum computing: Planning next generation cryptography
  • With WebAuthn, web authentication is finally getting smart
  • WPA3: How and why the Wi-Fi standard matters
  • Windows cross-platform client software is hard to do
  • Serverless computing explained
  • Data encryption: How to avoid common workarounds
  • Say yes to the progressive web
  • The state of patch management
  • The case for and against decentralizing data for security
  • Open source vs. open standards: Know the difference
  • Can you really put your desktop in the cloud?
  • SHA-1 and the art of digital certificate management
  • Enterprise password management: A field guide

• 3 ways to monitor encrypted network traffic for malicious activity (for CSO)
• Top tools and resources for running a capture the flag competition (for CSO)
• A Secure Key Management Architecture for the Thales nShield Family of Hardware Security Modules (for Thales e-Security)
• Comparative review and analysis of web APIs for e-Signing services (for ProgrammableWeb/Mulesoft)
• Securing Your Private Keys as Best Practice for Code Signing Certificates (a 2010 post-Stuxnet white paper for Thawte)
• Articles on web API for Internet commands like whois (for ProgrammableWeb)
• Article on problems with VPNs and open Wi-Fi  (for Ars Technica)
• Feature on the potential for mobile websites to supplant native mobile apps (for Ars Technica)
• My work in Betanews
• Migrating to Office 365 (for InformationWeek)
• Hundreds of articles on ZDNet, mostly on security targeting enterprise IT
• White paper, infographic, and webinar on their “Windows to Go” devices (for IMation )
• The use of GOTO in modern programming (for Dr. Dobb’s Journal, I’m very proud of this one)