It was a typical Tuesday morning many years ago. I’d arrived at the office shortly after the person who’d turned on the lights on our floor, I turned them back off again so as my eyes need not adjust so much, but was promptly overruled by the next person in.

As I sipped on my tea and flicked through a summary of all the various events and alerts that had been caught by our network monitoring tools that night, my morning routine was disturbed by a Microsoft Lync (kids, ask your parents) message, from a more senior member of our…

I was pleasantly surprised a couple of years ago to learn that the ‘Digital Forensic Diaries’ series has made its way onto a couple of college reading lists, so every year around this time (folks going back to college), I’ve decided to make them free for anyone to download on Kindle. This also applies to Pen Test Diaries, and Blue Team Diaries. You can find all Kindle versions on my Amazon page here:

Note that you do not need a Kindle to read Kindle books.

Hopefully, this is one less expense, and helps contribute in some small way to new folks learning the field!

I have a lot of ‘good’ ideas that come to me at random hours, so naturally, when those ideas come to me, I register a domain because I need a place for my billion-dollar startup to live.

These domains proceed to sit there, and rot for years. I’ve decided to open up the domain cupboard, and share my startup domains, that were simply too ahead of their time.

‘Nowground: don’t look back’ — a better, less discriminatory version of the background check that focused on the now. Only problem was I have no idea what that means.


Enjoy the opening chapter of Pen Test Diaries: Insecurity Culture. Learn more about the Pen Test Diaries series, and how to read on, here:

Shellshocked: Chapter One

I’d been arriving at the park and ride progressively earlier each day for the past month. It was currently a slither past six o’clock in the morning, and I was able to slip into one of four remaining parking spaces. This was getting ridiculous. They told us we shouldn’t be driving into Seattle, so everyone was taking the bus. But good luck finding a way to get on the bus in the…

Enjoy the opening chapter of Pen Test Diaries: Insecurity Culture. Learn more about the Pen Test Diaries series, and how to read on, here:

Pen Test Diaries Cover

Insecurity Culture: Chapter One

The reward for completing a two-hundred-mile cross country drive with origins at four in the morning, other than my KFC Zinger Tower sandwich, picked up from a service station for breakfast, was a 1980’s style office campus in the middle of absolutely nowhere. …

I was thinking the other day, the majority of the chatter between security professionals and security vendors on the Internet is overly negative. I myself, have been guilty of giving vendors a hard time over the years. In my defense most of the time it’s been in response to overly aggressive sales tactics, or outrageous claims about their products.

Never, for example, should you slide an unsolicited calendar invite my way and expect that to end well.

So, to reverse the negativity and take a moment to reflect on the positives, I decided to come up with a list of…

I’m super excited to reveal the first installment in a new series of short stories, the Blue Team Diaries. As you can probably guess, the focus is on the Blue Team — the team responsible for monitoring and environment for security problems and responding accordingly.

To create these stories, I’ve drawn on my experiences managing Blue Teams for cloud service providers. For the first time, a series I’ve written is set in the United States, rather than the United Kingdom, which is a relief, because it was starting to get very annoying flipping between American and British English.

What’s interesting…

I’ve spent the best part of the last 10 years triaging Bug Bounty reports that are submitted to the various cloud service providers that I’ve been charged with defending. I’ve also submitted a number of Bug Bounty reports over the years.

With these dual perspectives in mind, I wanted to write up a few tips for anyone who’s about to hit send on a bug report. One thing I want to make very clear from the get go — I personally approach every bug bounty report I get as though it’s the real deal and it will need to be…

T’was the night before the breach, when all through the Slack, not a creature was stirring, not even the alerts channel that was yet to be dialed back.

The employee health questionaries were hung by the chimney with care, in hopes that HIPAA would not apply there.

The security team were nestled all snug in their beds, while visions of zero trust networking solutions danced in their heads.

And CEO in her ‘kerchief, and CISO in his cap, had just settled their brains for a long winter’s nap.

When out of the EDR there arose such a clatter, I sprang…

Possibly, the only information security book written largely on a boat.

One of the really neat things about writing books is knowing the story behind how they were written. For example, in early 2019, I was commuting, as so many folk do, via a ferry to Seattle on a daily basis. It’s an interesting commute full of natural beauty, coffee, and questionable-looking breakfast sandwiches. The best thing about that commute, in a giant metal box with poor wireless connectivity, is that for about 2 hours a day, it was just me, my thoughts about security operations, and my laptop. …

Mike Sheward

Information security professional specializing in SecOps, IR and Digital Forensics. Author of the Digital Forensic Diaries, and now, the Pen Test Diaries.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store