Today marks my 25th anniversary of full-time work in tech. June 18, 2001 – My third “New Employee Orientation” at Microsoft, starting my full-time employment after University. I worked on the Office Online PM team for three years before moving to the Internet Explorer Networking and Security teams for 8 more, eventually leading a teamContinue reading “A Quarter Century in Tech”
Author Archives: ericlaw
Participatory Extensible Security
In the past, I’ve explained how security products combine sensors and throttles with threat intelligence to protect users and devices from attack. I’ve also outlined how the evolution of software, including increased complexity and a focus on privacy, have made it harder than ever for sensors and throttles to function effectively, leading to security andContinue reading “Participatory Extensible Security”
Spring 10Ks
After two solid half-marathons early this year, I was excited for the start of the 10K season to see whether I could keep improving my times. I had mixed results. Cap10K On Sunday, April 12th, I awoke at 5:20 before my alarm, had a cup of coffee and a banana. I left the house atContinue reading “Spring 10Ks”
Cybersecurity Metaphors
Uneven Protection Attacks flow like water: if you have a hole in your defenses, attacks will flow through that hole. Unless they’re trying to win a prize or show off, attackers do not bother attacking where your security posture is strongest. Making your tallest wall taller usually isn’t useful. Encryption Security folks love encryption, forContinue reading “Cybersecurity Metaphors”
Exploiting Vulnerable Drivers
Often, attackers will attempt to prevent security software from interfering with their attack chains by abusing a vulnerable driver to kill or otherwise disable the system’s security software (antivirus/edr/etc). Because drivers run in highly-privileged OS Kernel mode, it is difficult to prevent attackers from achieving their goals if they manage to achieve code execution inContinue reading “Exploiting Vulnerable Drivers”
text/plain 