Latest stories

Hands-on with ZeroTier SD-WAN for Cloud Connectivity


In this week’s episode of SecurityGuy, I’m sharing my screen for a hands-on look at how to use a ZeroTier SD-WAN to provide secure connectivity into an Amazon Web Services (AWS) Virtual Private Network (VPC). SD-WAN is much more flexible than traditional VPN, and while this example shows how to connect an AWS VPC to the SD-WAN for secure access, it can do a lot more, including secure...

Bill C-11 (Canada)


This week’s episode of SecurityGuy is about Canadian Bill C-11: An Act to enact the Consumer Privacy Protection Act and the Personal Information and Data Protection Tribunal Act and to make consequential and related amendments to other Acts. (Say that three times quickly!)

Multi-factor Authentication


This week’s episode of SecurityGuy is about Multi-Factor Authentication (MFA). Why do we need it? How should it work? What choices do developers have? And which MFA solution is best?

While I recommend Yubico’s YubiKey products, this video is not sponsored, nor do I have any relationship with the companies mentioned other than as a customer.



Protect yourself, your family, and your small business against malware including viruses, spyware, and ransomware. In this episode of SecurityGuy, I discuss common types of malware, how to avoid them, and most importantly, how to protect your data. Or, for those who prefer audio only, episodes are now live on and most places you get your podcasts (still waiting on Apple). Disclosures:...

Cybersecurity 101


I’ve worked in cybersecurity for more than 25 years, dealing with issues that range from security governance and policy to product design and technical security issues. One of the challenges that my colleagues and I face is that few people have been taught the basics of cybersecurity, making security discussions more difficult than they need to be. Questions like, “Is this product...

Yet another domain renewal scam


Updated 2021-02-25 with response from TrustedSite. Criminals will try almost anything to separate people from their money. Here is another example of another unsophisticated scam that some domain owners may, unfortunately, fall victim to.In summary, website owners may receive a message like this one through the contact form on their site. I have redacted the domain name and removed hyperlinks so...

Florida water plant hack


There are only two things that surprise me about this: First, we found out about it. It’s refreshing to see a municipal government coming clean (excuse the pun) about their water plant being hacked, Second, the attacker’s motivation appears to have been to injure people. Normally these days we would expect ransomware, but this criminal was intent on harming residents. This article...

Insecure IoT devices become weapons


Many of us are concerned about global surveillance and unnecessarily intrusive government powers. But there is an even bigger danger lurking around the corner: Insecure IoT devices are being turned into cyberweapons. Causing widespread Internet disruptions is easier than ever.

You can read more in my column this week.

Pacific Lock Company


In my column this week I wrote about padlocks and parallels with cybersecurity. One of the many things I enjoy about writing is talking to companies about their products. When I started on the article, I reached out to several padlock manufacturers including Master Lock, Abus, and Abloy. Surprisingly, none of them would talk about their products to a security columnist! In my quest for an expert...

Follow me!


Privacy Preference Center