I was thinking the other day, the majority of the chatter between security professionals and security vendors on the Internet is overly negative. I myself, have been guilty of giving vendors a hard time over the years. In my defense most of the time it’s been in response to overly aggressive sales tactics, or outrageous claims about their products.

Never, for example, should you slide an unsolicited calendar invite my way and expect that to end well.

So, to reverse the negativity and take a moment to reflect on the positives, I decided to come up with a list of…


I’m super excited to reveal the first installment in a new series of short stories, the Blue Team Diaries. As you can probably guess, the focus is on the Blue Team — the team responsible for monitoring and environment for security problems and responding accordingly.

To create these stories, I’ve drawn on my experiences managing Blue Teams for cloud service providers. For the first time, a series I’ve written is set in the United States, rather than the United Kingdom, which is a relief, because it was starting to get very annoying flipping between American and British English.

What’s interesting…


I’ve spent the best part of the last 10 years triaging Bug Bounty reports that are submitted to the various cloud service providers that I’ve been charged with defending. I’ve also submitted a number of Bug Bounty reports over the years.

With these dual perspectives in mind, I wanted to write up a few tips for anyone who’s about to hit send on a bug report. One thing I want to make very clear from the get go — I personally approach every bug bounty report I get as though it’s the real deal and it will need to be…


T’was the night before the breach, when all through the Slack, not a creature was stirring, not even the alerts channel that was yet to be dialed back.

The employee health questionaries were hung by the chimney with care, in hopes that HIPAA would not apply there.

The security team were nestled all snug in their beds, while visions of zero trust networking solutions danced in their heads.

And CEO in her ‘kerchief, and CISO in his cap, had just settled their brains for a long winter’s nap.

When out of the EDR there arose such a clatter, I sprang…


Possibly, the only information security book written largely on a boat.

One of the really neat things about writing books is knowing the story behind how they were written. For example, in early 2019, I was commuting, as so many folk do, via a ferry to Seattle on a daily basis. It’s an interesting commute full of natural beauty, coffee, and questionable-looking breakfast sandwiches. The best thing about that commute, in a giant metal box with poor wireless connectivity, is that for about 2 hours a day, it was just me, my thoughts about security operations, and my laptop. …


Multifactor authentication (MFA), of any kind, has long been deemed essential in the era of both en-masse and cleverly targeted phishing. No surprise then, that the arc of adoption for multifactor authentication has been very much an ‘up and to the right’ affair.

On the surface, it sounds like an extremely happy tale to tell. A risk (phishing and the compromise of a password) was identified, a mitigation (MFA) was proposed and widely adopted, albeit perhaps not quite as quickly as we’d like in some cases, but still — baby steps, and all that.

Sadly, the story doesn’t quite end…


Twas the night before the breach, when all through the cloud, not a creature was stirring, not even those sourced through the crowd.

The policies and procedures were hung by the chimney with care, in hopes that the auditor soon would leave there.

The SecOps team were nestled all snug in their beds, while visions of SIEM solutions danced in their heads.

And CEO in her ‘kerchief, and CISO in her cap, had just settled their brains for a long winter’s nap.

When out on the IDS there arose such a clatter, I sprang from the bed to see what…


Recently, the Washington State Department of Licensing closed for a number of days to upgrade its systems. The reasoning behind the upgrade is noble enough, to “better protect your information”. Both the information that ties vehicle license plates to registered owners, and the personally identifiable information found on a drivers license, is obviously very sensitive, and should be protected accordingly. However, the system used to store a process the data is only one part of the puzzle, and this specific closure rekindled an idea for an experiment I’d wanted to try for a while. …


This week I was able to check a career goal off of the list thanks to the folks at BCS, The Chartered Institute for IT, who published my latest work, ‘Hands-on Incident Response and Digital Forensics’.

I love technical books. I can recall many a night spent studying from them while exploring a new topic, be it in the information security, server administration or network engineering realms.

The technical books that I love the most always include case studies, and real-life examples that back up the technical content. …


I’m beyond excited to share with you some details regarding my newest publication. Hands-on Incident Response and Digital Forensics. The book will hit shelves in mid-July, and is being published by BCS: The Chartered Institute for IT.

I’ve poured my heart and soul into this one, and I hope that shows in the finished product. This book should serve as a no-nonsense guide to the role of an incident responder and forensic investigator. It’ll also show the complex relationship between these two disciplines. …

Mike Sheward

Information security professional specializing in SecOps, IR and Digital Forensics. Author of the Digital Forensic Diaries, and now, the Pen Test Diaries.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store