Top Posts

This page contains links to the posts I’ve published which were the most popular or that I felt were the most important for my research. I often refer people back to many of these posts for further information about things I speak at in conferences or during my classes.

Investigation Theory

How Analysts Approach Investigations

The Effects of Opening Move Selection on Investigation Speed

Information Security Mental Models

On the Importance of Questions in an Investigation

The Role of Curiosity in Security Investigations

Accelerating Experience with Investigation Heuristics

Perception, Cognition, and the Notion of “Real Time” Detection and Analysis

Evolving Towards an Era of Analysis

Theory of Multiple Intelligences for Security Analysts – Initial Thoughts

Working Memory and the Visual Investigative Hypothesis

Teaching Good Investigation Habits Through Reinforcement

Inattentional Blindness in Security Investigations

Investigations and Prospective Data Collection

Investigating Like a Chef

Security Operation Center (SOC)

Differential Diagnosis of Network Security Monitoring Events

Three Useful SOC Dashboards

Information Security Incident Morbidity and Mortality (M&M)

General Information Security

So You Want To Write an Infosec Book?

Infosec Practitioner’s Guide to Philanthropy

Writing for Security: Why You Hate It

Network Security Monitoring

The 10 Commandments of Intrusion Analysis

Video: Building an NSM Lab

Packet Analysis

Packet Carving with SMB and SMB2

Sanitizing PCAP Files for Public Distrubution

Using ARP Cache Poisoning for Packet Analysis