I make security and privacy easier to understand.

Hi, I'm Mark. I’m a forensic scientist, speaker, and technology analyst exploring how we think about privacy and security. I write, create videos, give talks, and coach others to help deepen their understanding of these topics and the systems we build to preserve these ideas.

Need perspective on a security challenge? Want to learn more about privacy? Let's talk.

Latest

Security is a service business...one star

Security teams have grown to address very specific needs. Their structure can make it especially challenging to deliver great service to other areas of the business. Here's how you can start other change that.

Read more...

Let's Talk Cloud

Let's Talk Cloud was a show I launched for Trend Micro. Each episode I spoke with a member of the wider community and together we explored a specific topic in cloud security.

Read more...

Mornings with Mark

A look back at my security and privacy vlog from 2018—2019.

Read more...

My years on CBC

Over eight years, I had a lot of fun appearing on CBC helping Canadians to better understand technology and how it impacts us and our communities.

Read more...


Show more essays and talks

Helping people get the most out of AWS re:Invent

AWS re:Invent is the biggest conference in cloud and has been growing year over year. For several years in a row, I wrote THE guide that helped hundreds of thousands of folks get the most out of the show.

Read more...

How (not)? to move a security practice to the cloud

Most security practices make the same set of mistakes when moving to the cloud. This talk looks at those mistakes and how to avoid them.

Read more...

Updating your security practice for the cloud, step-by-step

There are massive opportunities to advance your security practice as your business moves into the cloud. This talk provides a step-by-step approach that will help you maximize them.

Read more...

How to build strong security guardrails in the AWS Cloud with minimal effort

Misconfigurations are the number one security concern in the cloud. Guardrails can help you prevent misconfigurations from happening. This talk shows you the principles behind sustainable, useful guardrails.

Read more...

Mistakes were made, lessons were learned

There’s always more than one way to solve a problem. That’s a big advantage of AWS, but it can also be overwhelming to deal with. You will make mistakes. That's ok.

Read more...

Strong security made simple

Organizations struggle with extending their security practices to the cloud. Traditional approaches don’t work, and new cloud-only practices duplicate work for an already overtaxed team. The goal of cybersecurity is simple: to ensure that what you build works as intended and only as intended.

Read more...


All essays

Foundational

Stop your password from opening the door to hackers

Passwords suck. Why are we forced to follow these weird rules. Do they really keep us safe? Here is a solid way to safely handle all of your passwords.

Read more...

The goal of cybersecurity

To make sure that systems work as intended and only as intended. That's the goal of cybersecurity.

Read more...

The Unicorn Project through a security lens

The Unicorn Project is the latest book from Gene Kim, one of the leaders of the DevOps movement. The book focuses on developer enablement and culture. What does this have to do with cloud security? Everything.

Read more...

Risk decisions in an imperfect world

Security is often spoken of in absolutes. Is this secure? Is that insecure? The reality is that security is a spectrum. It is a series of implicit and explicit decisions made to meet the business needs within an acceptable risk tolerance.

Read more...

Tumblelog