Few people realize the risks that may lurk behind the facade of a nifty-looking QR code, an element of everyday customer journeys. So it's time to rethink the blind trust and add a little bit of caution to the mix. secureworld.io/industry-news/…

Underestimating the role of WAFs can be risky business for financial services. In my new blog for Tripwire, I explain the whys and wherefores: tripwire.com/state-of-secur…

With personal data anonymization being increasingly challenging, the zero-trace paradigm appears to show a lot of promise. Learn more in my new article. dzone.com/articles/zero-…

SC Media just posted my new column about CDN integration for web application security, on top of traditional DDoS mitigation and UX improvements. scworld.com/perspective/fo…

In case you're wondering how a harmless-looking QR code can become a cybersecuirty risk when handled without due cautions, find out by reading my latest article that went live on on the CSA Blog. cloudsecurityalliance.org/blog/2025/07/3…

Low-code development is definitely fun - until a security incident occurs. Tripwire just published my new blog about the risks the prevail in such ecosystems, and actionable ways to mitigate them. tripwire.com/state-of-secur…

While trying to facilitate compliance through AI, some organizations struggle to address the security pitfalls of the process. My new column on SC Media explains how to strike a balance between the two worlds. scworld.com/perspective/fi…

As AI becomes a core component of many SaaS platforms, including those relying on multi-tenant infrastructure, SaaS testing is increasingly complex. My new article explains how automation can be the answer to this complexity. unite.ai/testing-ai-saa…

At some point, every crypto investor faces a dilemma: whether to maintain complete control of their assets and private keys, or to use third-party storage for that. My new article goes over the pros and cons of both tactics. benzinga.com/Opinion/25/10/…

Virtual Desktop Infrastructure (VDI) is the average org's go-to choice for managing BYOD workers and contractors. My new article on Tripwire explores this set-up's vulnerabilities and explains how to minimize associated risk. tripwire.com/state-of-secur…

My new column on SC Media focuses on what adversarial OSINT on C-suite executives looks like, the potential consequences for the organization, and guardrails against this style of attack. scworld.com/perspective/si…

AI can be a double-edged sword when it comes to IoT security, as it can help strenghthen the defenses, and on the other hand, become a tool in attackers' hands. Read my new article on the amazing SecureWorld News to learn more. secureworld.io/industry-news/…

My latest article on CSA Blog looks at how three popular BYOD security deployments (VDI, DaaS, Local Secure Enclaves) perform in terms of the Cloud Controls Matrix (CCM) playbook to mitigate risks tied to data leakage, endpoint compromise, and compliance. cloudsecurityalliance.org/blog/2025/11/0…

Disaster recovery often implies a systems rollback to an earlier state, but doing so can open old security loopholes. My new column on SC Media explains what these pitfalls are, and how to steer clear of them. scworld.com/perspective/ro…

When it comes to migrating an enterprise infrastructure to the cloud, the shared responsibility model is often the elephant in the room. My new column on SC Media explains why, and how to provide proper cloud security. scworld.com/perspective/wh…

CSA just posted my new blog that shines a light on the role of micro-segmentation for achieving the efficiency and zero trust based security of physical hosts in large networks. Read this to learn more. cloudsecurityalliance.org/blog/2025/12/1…

It seems malicious actors are cashing in on hyper-volumetric DDoS attacks that have seen a significant growth since late 2025 and continuing in early 2026. My new column on SC Media explains how orgs can stay safe from this incursion vector. scworld.com/perspective/fi…

The piece discusses how AI’s ability to surface vast amounts of potential cyber threats creates a paradox - greater visibility but less clarity of what are real dangers and false positives. Read more if this topic piques your interest. unite.ai/why-ai-is-maki…

The rise of synthetic identity fraud, fueled by deepfake technology, is undermining traditional security checks. My latest article on SecureWorld highlights layered defenses and modern verification strategies to counter these evolving threats. secureworld.io/industry-news/…

Prompt injection exploits scarce separation between instructions and data in LLMs, and input filtering can't fully solve it. To address this, regulated industries are increasingly applying defense‑in‑depth principles to AI pipelines. scworld.com/perspective/wh…