Talks, Publications & Appearances
More than twenty conferences and counting. My talks are practical by design. I want audiences to walk away with something they can actually implement.
“I'm not interested in theoretical frameworks that look great on slides and fall apart in the real world. I want audiences to walk away with something they can actually use on Monday morning.”
Conference Talks
Taming the Hydra: Managing Security Tool Sprawl Through Strategic Governance
HouSecCon · September 2025
Security teams accumulate tools faster than they can manage them. This talk presents a governance framework for evaluating, consolidating, and maximizing the value of a security tool portfolio without sacrificing coverage.
Watch RecordingFrom Hacker to CISO: Navigating the First 90 Days
Hackfest Canada · October 2024
A practical guide for security leaders stepping into a new CISO role — what to assess, what to prioritize, and how to build credibility fast without making costly early mistakes.
Watch RecordingStrategy for Responding to Corporate Reputation Attacks
HouSecCon · October 2023
Extends the RSA 2023 research into operational response strategy — how organizations can detect, document, and counter campaigns that weaponize their brand against job seekers and customers.
Unclassified Threat Briefing: Corporate Reputation Attacks
FBIIC-FSSCC Joint Meeting · August 2023
An invitation-only briefing for federal financial regulators and financial sector security leaders on emerging corporate impersonation and job scam campaigns targeting major institutions.
Corporate Reputation Attacks: Dissecting the Latest Job Offer Scams
RSA Conference · April 2023
Original research on threat actors who clone corporate identities to run large-scale job offer fraud — how the campaigns are structured, who gets targeted, and what security teams can do to detect and disrupt them.
View TalkCross Platform Playbook Automation: A Theoretical Discussion
Graylog GO · September 2022
A conceptual exploration of automating security playbooks across disparate platforms — examining where automation adds leverage and where human judgment remains essential.
Event PageExtortion, Chaos & Needless Busywork AKA Vendor Risk Management
BSides Charm · April 2022
A candid look at why vendor risk management programs so often produce friction without insight — and a practical alternative approach that scales without burying security teams in questionnaires.
Watch RecordingAddressing the Cluster that is AD DNS Logging Using Graylog and a Custom Plugin
Graylog GO · October 2021
A technical deep-dive into the challenges of collecting and normalizing Active Directory DNS logs, and a walkthrough of a custom Graylog plugin built to make that data actionable for threat detection.
Watch RecordingPanel Discussion: Security Strategy for Small-Medium Business
Blue Team Con · August 2021
Panelist discussion on building effective security programs under the constraints of SMB budgets, staffing, and risk profiles — covering prioritization, tooling, and building a security culture without a large team.
Session PageDNS: Strategies for Reducing Data Leakage & Protecting Online Privacy
Hacker Halted · October 2019
Examination of how DNS traffic leaks sensitive organizational and personal data, and practical defensive strategies including RPZ, DNS-over-HTTPS, and query filtering to reduce exposure.
Conference RecapDecrypting the Mess that is SSL/TLS Negotiation — Preparing for the 2020 Apocalypse
ITEN Wired · October 2019
A practical guide to understanding TLS negotiation failure modes and preparing infrastructure for the deprecation of TLS 1.0/1.1 — covering cipher suite selection, certificate management, and monitoring.
View Slide DeckDNS — Strategies for Reducing Data Leakage & Protecting Online Privacy
NolaCon · May 2019
A conference presentation covering DNS as a surveillance and exfiltration vector, with practical defensive techniques organizations can implement to limit privacy exposure and detect malicious DNS activity.
Watch RecordingDecrypting the Mess that is SSL/TLS Negotiation — Preparing for the 2020 Apocalypse
CypherCon · April 2019
Conference edition of the TLS deprecation talk — helping developers and security engineers understand what breaks when TLS 1.0/1.1 is disabled and how to fix it before regulators force the issue.
Watch RecordingDemystifying DNS Security — Practical Steps for Reducing Exposure and Detecting Compromise
ITEN Wired · October 2018
A practitioner-focused session on DNS security fundamentals — covering common attack patterns, logging strategies, and detection techniques applicable to organizations of any size.
Demystifying DNS Security — Practical Steps for Reducing Exposure and Detecting Compromise
BSides San Francisco · April 2018
Hands-on walkthrough of DNS-based attack techniques and the defensive countermeasures available to defenders, with emphasis on open-source tooling and practical implementation.
Watch RecordingWhat A Long Strange Trip It's Been
DerbyCon · September 2017
A career retrospective and lessons-learned talk on transitioning from technical security practitioner to security leader — what the journey looks like and what it takes to succeed at each stage.
Watch RecordingDNS — Devious Name Services: Destroying Privacy & Anonymity Without Your Consent
DEF CON 25 · July 2017
Original research presented at DEF CON on how DNS infrastructure is used to track, profile, and surveil users — exposing privacy risks most users and organizations don't know exist, with defensive recommendations.
Watch RecordingDNS Dark Matter Discovery — There's Evil In Those Queries
CircleCityCon · June 2017
A threat hunting focused talk on using DNS query analysis to surface malicious activity — covering C2 beaconing patterns, DGA detection, and data exfiltration via DNS tunneling.
Watch RecordingEDNS Client Subnet (ECS) — CDN Magic or Security Blackhole?
NolaCon · May 2017
An examination of the EDNS Client Subnet extension — how CDNs use it for performance optimization, what privacy and security tradeoffs it introduces, and what network defenders need to understand about it.
Watch RecordingDNS — Don't Neglect the Signs!
BSides Atlanta · November 2016
Practical guidance on using DNS logs as a defensive signal — identifying the indicators that most security teams overlook and building detection logic around them.
Network Security Isn't Red or Blue — It's Purple!
ITEN Wired · October 2016
A talk advocating for purple team approaches to network security — why offensive and defensive teams need shared context, shared tooling, and shared language to actually improve organizational security posture.
DNS Hardening: Proactive Network Security Using F5 iRules and Open Source Analysis Tools
BSides Las Vegas · August 2016
A technical session on using F5 iRules combined with open-source log analysis to build proactive DNS security controls — detecting and blocking malicious DNS traffic at the infrastructure layer.
Watch RecordingAnalyzing DNS Traffic for Malicious Activity Using Open Source Logging Tools
NolaCon · May 2016
A practical walkthrough of building a DNS threat detection pipeline using open-source tools — from log collection and normalization to detection rules and alerting.
Watch RecordingDNS — The Unsung Hero in Network Security
ITEN Wired · October 2015
An introduction to DNS as a security control point — making the case for why DNS visibility should be a core component of any network security program and what defenders gain from investing in it.
Shut the Front Door and the Back Door Too! (How and Why Hackers Attack and What to Do About It)
ITEN Wired · October 2014
An accessible overview of attacker methodology — how threat actors identify targets, gain access, and move through networks — and the defensive controls that disrupt each stage of the attack chain.
Training Courses
Using Open Source Log Aggregation Tools to Improve Enterprise Security
BSides San Francisco · March 2019
A full-day training course covering log aggregation architecture, normalization strategies, and detection rule development using open-source SIEM tooling — designed for security engineers building or improving their logging programs.
Course ListingUsing Open Source Log Aggregation Tools to Improve Enterprise Security
CircleCityCon · June 2018
Hands-on training workshop introducing attendees to open-source log aggregation pipelines — building practical skills for collecting, parsing, and querying security-relevant log data at enterprise scale.
Podcast & Media Appearances
Security & Compliance at Small and Medium Businesses
SC Media — Security Weekly · November 2019
A conversation with Russell Mosley on the unique security and compliance challenges facing SMBs — covering risk-appropriate controls, resource constraints, and building a security program that scales with the business.
Watch EpisodeThe Privacy, Security & OSINT Show — Episode 124: Does DNS Matter?
Intel Techniques with Michael Bazzell · May 2019
A deep-dive conversation with privacy and OSINT expert Michael Bazzell on how DNS exposes personal and organizational data, what defenders and privacy-conscious individuals can do to limit that exposure, and why DNS is the most underappreciated security control point.
Episode PagePaul's Security Weekly #531
SC Media — Paul's Security Weekly · October 2017
A wide-ranging interview covering DNS security research, the state of network defense, and the work behind the DEF CON 25 presentation on DNS privacy and surveillance risks.
Watch EpisodePublications
Invite Me to Speak
Looking for a practical, no-nonsense cybersecurity speaker? Let's talk about what your audience needs.
Get In Touch