This site represents, in many ways, my desire to write about information security. I enjoy writing because it allows me to share a perspective and contribute to the industry, even if only in a small way. Throughout my career I've taken the opportunity to share my thoughts, perspectives, experience, and guidance through books, articles, and whitepapers, many of which have been referenced extensively and appeared in multiple languages. Here are some of my works with stories and descriptions, albeit only a portion of my writings on the topic of information security.
From 2000 to 2006 I wrote at least one, mostly two or more articles in every edition of the Information Security Management Handbook, the very foundation of the CISSP program, edited my Micki and Hal. Through these years I wrote articles, such as Identify Theft, Outsourcing Security, Network Monitors and Sniffers, Message Authentication, Reporting Incidents, Smart Cards, IPSec Key Management, and several others.
This was my first (if I recall correctly) and wrote on IPSec (surprise). Actually, at this point I had found some flaws in the very concept of VPNs and endpoint security so I wrote a chapter discussing these concerns and methods to avoid.
This was my second time around writing for the series. I took a leap and wrote about message authentication, which was difficult because, of course, it has to be perfect. I ran that article past so many people just to be sure.
By now, I established a good working relationship and had written several articles for the Journal and other publications. Some of these appear in this edition.