I’ve been delivering talks at security conferences for over a decade — from small regional BSides events to DEF CON and RSA. My talks are built on one principle: everything I present should be something you can actually use. No theoretical frameworks that fall apart in the real world. Just practical, deployable techniques you can take home and implement.
I speak on topics including DNS security, network defense, log analysis, security policy, compliance for mid-sized enterprises, and building security cultures that stick. I’m available to speak at conferences, corporate events, and executive briefings.
Conference Talks | Training | Podcast & Media | Publications | Blog Posts
Conference Talks
Taming the Hydra: Managing Security Tool Sprawl Through Strategic Governance
HouSecCon | September 2025
Session Recording
Most organizations don’t have a tool problem — they have a governance problem. This talk presents a strategic framework for aligning cybersecurity tool selection and prioritization with the NIST Cybersecurity Framework to bring order to the chaos of security tool sprawl.
From Hacker to CISO: Navigating the First 90 Days
Hackfest Canada | October 2024
Session Recording
A question posted on X — “What 5 things would you do starting a new role as a systems administrator?” — sparked an unexpectedly passionate response from the security community. This talk examines the disconnect between the hacker mindset and the business leadership mindset, and provides those aspiring to leadership roles with actionable steps that will actually lead to success.
Corporate Reputation Attacks: Dissecting the Latest Job Offer Scams
RSA Conference | April 2023
Session Recording
A criminal organization impersonated our company and several employees to lure victims into fraudulent job offers, resulting in significant financial harm. This session dissects the attack, presents the evidence gathered, and shares best practices for identifying and responding to this increasingly common threat.
Unclassified Threat Briefing: Corporate Reputation Attacks — Dissecting the Latest Job Offer Scams
FBIIC-FSSCC Joint Meeting | August 2023
No public archive
An unclassified briefing delivered to the Financial and Banking Information Infrastructure Committee and Financial and Banking Information Sharing and Analysis Center joint meeting on corporate impersonation and job offer fraud.
Strategy for Responding to Corporate Reputation Attacks
HouSecCon | October 2023
No public archive
A real-world account of how our organization identified, responded to, and recovered from a coordinated corporate reputation attack — and what others can learn from it.
Cross Platform Playbook Automation: A Theoretical Discussion
Graylog GO | September 2022
Event Page
The promise of SOAR has been oversold. This talk challenges the “single pane of glass” mythology and explores how a well-integrated ecosystem of focused, communicative tools — rather than one monolithic platform — can deliver more effective incident response and continuous compliance monitoring.
Extortion, Chaos & Needless Busywork AKA Vendor Risk Management
BSides Charm | April 2022
Session Recording
Vendor Risk Management has spawned an industry of third-party rating vendors, unwieldy questionnaires, and questionable processes. This talk dives into real-world problems created by the rush-to-rate frenzy and proposes rational, practical solutions for effectively assessing and managing vendor risk.
Panel Discussion: Security Strategy for Small-Medium Business
Blue Team Con | August 2021
Session Page
A panel discussion moderated by Russell Mosley with blue teamers experienced across organizations of all sizes — from startups and universities to government contractors and large enterprises. Topics covered SMB capabilities and constraints, blue team leadership, threat models, compliance, and cloud adoption at SMB scale.
Addressing the Cluster that is AD DNS Logging Using Graylog and a Custom Plugin
Graylog GO | October 2021
Session Recording
Microsoft Active Directory DNS can log all query data — but the format is awful and the configuration requires PowerShell wizardry. This talk covers practical configuration of AD DNS for logging, shipping those logs to Graylog, and using the resulting data to detect misconfigurations and end-user device compromise.
DNS: Strategies for Reducing Data Leakage & Protecting Online Privacy
Hacker Halted | October 2019
Conference Recap
A practical roadmap for securing DNS infrastructure to protect online privacy, minimize data leakage, and take control of your network’s DNS traffic.
Decrypting the Mess that is SSL/TLS Negotiation — Preparing for the 2020 Apocalypse
ITEN Wired | October 2019
Slide Deck
With major browser vendors moving to deprecate TLS 1.0/1.1 and SSL 3.0 already gone, organizations faced a hard deadline. This talk examines what the deprecation means in practice, covers associated exploits like POODLE and BEAST, and presents techniques for detecting and remediating vulnerable endpoints.
DNS — Strategies for Reducing Data Leakage & Protecting Online Privacy
NolaCon | May 2019
Talk Page | Video Recording
A deep dive into how DNS works, how it can be exploited, and how to build a layered DNS solution that ensures authenticity, protects privacy, and hides DNS traffic from prying eyes using TLS encryption, VPN tunneling, and Tor routing.
Decrypting the Mess that is SSL/TLS Negotiation — Preparing for the 2020 Apocalypse
CypherCon | April 2019
Video Recording
The SSL/TLS deprecation story told with real-world data: SSL downgrade attacks, intermittent service outages, and how to proactively identify clients and servers still negotiating with deprecated protocols before they become your problem.
Demystifying DNS Security — Practical Steps for Reducing Exposure and Detecting Compromise
BSides San Francisco | April 2018
Video Recording
From authoritative to recursive DNS, this talk examined common DNS exploits, strategies for securing DNS infrastructure, and practical monitoring techniques for identifying signs of compromise before they escalate.
What A Long Strange Trip It’s Been
DerbyCon | September 2017
Video Recording
A personal journey from degreed biologist and microbiologist, to founding Internet companies, to the current state of information security. This talk uses history as a lens to examine where we’ve been, appreciate how far we’ve come, and make better decisions moving forward.
DNS — Devious Name Services: Destroying Privacy & Anonymity Without Your Consent
DEF CON 25 | July 2017
Video Recording | Slide Deck
You’ve planned the engagement. Your proxies and VPNs are tested. Then you get blocked — and your ISP calls. The culprit? Your DNS resolvers and EDNS0 options betraying your activity. This talk covers how EDNS OPT code data exposes online activity, how to detect implementation by upstream providers, and what steps you can take to protect yourself.
DNS Dark Matter Discovery — There’s Evil In Those Queries
CircleCityCon | June 2017
Video Recording
DNS amplification, data exfiltration, botnet C2 — the evidence is hiding in your query logs. This talk covers practical, open source-based methods using Graylog, Elasticsearch, Kibana, Packetbeat, and NXLog to detect compromised devices and malicious activity through DNS log analysis.
EDNS Client Subnet (ECS) — CDN Magic or Security Blackhole?
NolaCon | May 2017
Video Recording
EDNS0 Client Subnet (RFC 7871) enables geographically optimized DNS responses — but at what cost to privacy? This talk provides an overview of ECS implementation in practice, examines the privacy and security implications, and shares real measurement data on ECS proliferation across major DNS providers.
Demystifying DNS Security — Practical Steps for Reducing Exposure and Detecting Compromise
ITEN Wired | October 2018
No public archive
From authoritative to recursive DNS, this session examined common DNS exploits, strategies for securing DNS infrastructure, methods for detecting attacks in progress, and practical monitoring techniques for identifying signs of compromise.
DNS — Don’t Neglect the Signs!
BSides Atlanta | November 2016
No public archive
Examining how DNS is exploited for amplification attacks, data exfiltration, and botnet C2 communication, and how open source tools like Graylog, Elasticsearch, Kibana, Packetbeat, and NXLog can be used to proactively detect and respond to these threats.
Network Security Isn’t Red or Blue — It’s Purple!
ITEN Wired | October 2016
No public archive
Red Team meets Blue Team. Together they make Purple — the ideal combination for maximum cooperation, maximum learning, and maximum security.
DNS Hardening: Proactive Network Security Using F5 iRules and Open Source Analysis Tools
BSides Las Vegas | August 2016
Video Recording
As a DNS service provider facing unique challenges around open cache resolution, DDoS mitigation, and network compromise detection, this talk tells the story of building a DNS security solution using F5 iRules combined with Graylog, Elasticsearch, and Kibana to protect service integrity and isolate compromised machines.
Analyzing DNS Traffic for Malicious Activity Using Open Source Logging Tools
NolaCon | May 2016
Video Recording
An early exploration of using open source log aggregation tools to baseline DNS traffic and surface malicious activity — the foundation for much of the DNS security work that followed in subsequent years.
DNS — The Unsung Hero in Network Security
ITEN Wired | October 2015
No public archive
DNS does the heavy lifting for virtually every network transaction, yet it’s chronically overlooked from a security perspective. This talk makes the case for taking DNS seriously.
Shut the Front Door and the Back Door Too! (How and Why Hackers Attack and What to Do About It)
ITEN Wired | October 2014
No public archive
A practical introduction to attacker techniques and the defensive measures organizations can implement to reduce their exposure.
Training
Using Open Source Log Aggregation Tools to Improve Enterprise Security
BSides San Francisco | March 2019
Course Listing
Co-presented with Lennart Koopmann (Graylog founder). A full-day hands-on workshop covering log aggregation, analysis, and alerting using real-world scenarios. Students received virtual machines and workable demos to take back and implement in their own environments. Topics included detecting malicious login attempts, device compromise, data exfiltration, unexpected network traffic, unauthorized file changes, and rogue application installations.
Using Open Source Log Aggregation Tools to Improve Enterprise Security
CircleCityCon | June 2018
No public archive
A hands-on training course providing students with practical, real-world log aggregation, analysis, and alerting skills using open source tools. Covers RFC 5424/Syslog-based centralized log analysis, cross-referencing techniques, and practical alert development for detecting signs of compromise.
Podcast & Media Appearances
Security & Compliance at Small and Medium Businesses
SC Media — Security Weekly | November 2019
Video Recording
With Russell Mosley. A discussion of security and compliance at small and medium businesses, covering NIST 800-171, 800-53 (FISMA), and SOC frameworks, and how to achieve meaningful security and meet compliance requirements with limited staff and resources.
The Privacy, Security & OSINT Show — Episode 124: Does DNS Matter?
Intel Techniques with Michael Bazzell | May 2019
Episode Page
A conversation with Michael Bazzell on DNS services and how DNS configuration choices affect the privacy and security of your internet traffic.
Paul’s Security Weekly #531
SC Media | October 2017
Video Recording
Discussion with Paul Asadoorian, Jeff Man, and Ed Skoudis on DNS, EDNS0, and the privacy implications of how ISPs and DNS providers handle query data.
Publications
Corporate AI Governance: Best Practices for a Secure and Ethical Future
RT Insights | June 2025
Read Article
The starting point for any responsible corporate AI strategy is a comprehensive, dynamic usage policy — one that evolves with the technology. Static policy isn’t worth the paper it’s not even printed on when AI capabilities change as rapidly as they do today.
HowTo: Balance Cybersecurity Budgets and Risk in Midsize Enterprises
Infosecurity Magazine | June 2023
Read Article
CISOs at midsize enterprises face the same complex threat landscape as their enterprise counterparts — but with fewer staff, limited tooling, and smaller budgets. Practical strategies for managing risk within those constraints.
Rebooting Your Cybersecurity Hygiene: Best Practices to Combat Miscommunication
CPO Magazine | May 2023
Read Article
Digital transformation increases cybersecurity risk, and the solution requires collaboration across devops, IT, and end users. This piece examines how miscommunication between these groups creates security gaps and what organizations can do to close them.
EVERYONE is Part of the Security Team and Solution
Cyber Defense Magazine | August 2022
Read Article
Security is not purely a technology problem. Effective cybersecurity requires purposeful collaboration across all departments, with goals that engage employees and demonstrate value back to the organization.
How to Move Cybersecurity From a Cost Center to a Revenue Enabler
Brilliance Security Magazine | June 2022
Read Article
A conversation examining how organizations can reframe security from a line-item cost to a driver of customer trust, competitive advantage, and measurable revenue impact.
The Importance of the Human Element of Security
Security Magazine | June 2022
Read Article
Security technologies exist to make people’s lives easier — and everyone has a shared security responsibility. What it means to build a people-first security program where tools enable rather than overwhelm the teams using them.
Don’t Let DNS Flag Day Become Your DNS Doomsday
Tripwire State of Security | December 2018
Read Article
DNS Flag Day 2019 was coming and a lot of DNS was quietly broken. This post explains the history of EDNS(0), why so many implementations were non-compliant, and what administrators needed to do to avoid service disruption.
Overcoming the Blame Game — Improving Security Without Destroying Careers
Tripwire State of Security | February 2018
Read Article
How security teams can build a culture of accountability without the finger-pointing that poisons collaboration and sidelines careers.
DEF CON 25: A First-Time Speaker Experience
Tripwire State of Security | November 2017
Read Article
A personal account of what it’s actually like to present at DEF CON for the first time — the preparation, the nerves, and the experience of standing in front of that crowd.
KRACK Attack: Major Wi-Fi Vulnerabilities Disclosed
AppRiver Blog | September 2017
No longer available
A breakdown of the KRACK (Key Reinstallation Attack) WPA2 vulnerability and practical steps organizations could take to minimize exposure on wireless networks.
There’s No Crying in InfoSec
Tripwire Blog | June 2017
No longer available
Not another WannaCry post — this one focused on the lack of consensus around proper prevention and incident response, and what the community’s reaction revealed about our collective approach to security.
Password Reuse Attacks — Constant Security Concern
AppRiver Blog | June 2017
No longer available
Data breaches keep coming, and the lesson is always the same: users love insecure, reused passwords. This post examined major 2017 breaches and provided practical steps for reducing credential reuse risk.
Spam and Virus Filtering For My Business? Why?
AppRiver Blog | March 2017
No longer available
A look inside a real international spamming operation, examining the layers of infrastructure, tactics, and sophistication that make spam filtering a far more complex operation than most realize.
Justifying the Value of Conference Attendance to Your Boss
Tripwire State of Security | March 2017
Read Article
Practical advice for communicating the business value of conference attendance to leadership, drawn from real conversations with practitioners.
DNS Evil Lurking Around Every Corner
Tripwire State of Security | January 2017
Read Article
The potentially devastating impact of allowing domain name registrations to lapse when those domains contain active name servers — a risk most organizations don’t know they’re taking.
Highlights from BSides Las Vegas & DEF CON 24 — Part 2: DEF CON 24
AppRiver Blog | November 2016
No longer available
A recap of DEF CON 24 at Bally’s and Paris — highlights, talks, and takeaways from the final event of Hacker Summer Camp 2016.
Massive DDoS Attacks — What You Can Do To Help Protect Your Business
AppRiver Blog | October 2016
No longer available
A breakdown of the October 2016 Mirai botnet DDoS attack that took down Dyn DNS and with it Twitter, PayPal, Netflix, Reddit, and dozens of other major services — and what organizations could do to reduce their exposure.
How I Became a CISSP — A Journey to Certification
Tripwire State of Security | October 2016
Read Article
The honest story of preparing for and passing the CISSP — what worked, what didn’t, and what the certification actually means in practice.
Highlights from BSides Las Vegas & DEF CON 24 — Part 1: BSides Las Vegas
AppRiver Blog | September 2016
No longer available
A recap of BSides Las Vegas 2016 — the first stop in Hacker Summer Camp — covering the talks, community, and experience of attending one of the best security conferences in the world.
Securing the Enterprise — The ABCs of a Network Security Policy
AppRiver Blog | September 2016
No longer available
A deep dive into what a security policy should actually contain: the components, supporting documentation, and definitions organizations need to make a corporate security policy meaningful rather than decorative.
Securing the Enterprise — Why A Security Policy Matters
AppRiver Blog | June 2016
No longer available
The case for having a well-defined corporate security policy — and what happens when you don’t.
DNS Amplification — Protecting Unrestricted (Open) DNS Resolvers
Tripwire State of Security | September 2016
Read Article
Practical steps for protecting open DNS resolvers from being weaponized in amplification attacks.
Challenges in Securing Unrestricted (Open) DNS Resolvers
Tripwire State of Security | July 2016
Read Article
A look at the unique challenges of operating as a DNS service provider — and how those challenges shaped the development of AppRiver’s SecureSurf DNS security service.
BSidesLV 2016: DNS Hardening — Proactive Network Security Using F5 iRules & Open Source Analysis Tools
Peerlyst Blog | July 2016
No longer available
A companion post to the BSides Las Vegas 2016 talk, covering the DNS hardening approach and tools used in the presentation.
Update F5 Data Group File From Remote Location Via HTTPS
Peerlyst Blog | July 2016
No longer available
A technical how-to on automatically updating F5 data groups from a central location via HTTPS.
Web Developers & Hosters Beware!
AppRiver Blog | July 2016
No longer available
Analysis of a phishing campaign targeting web developers and hosting providers, with a walkthrough of the attack mechanics.