Media / Speaking

A collection of media clippings, speaking videos, and interviews.

Here are a few of the media clippings from the past years. I have had the pleasure of being interviewed multiple times to media outlets around the world and discuss findings, general security and technology topics, express my opinions on ongoing matters, and speak at conferences.
First of all - the easiest: my current blog. Older posts under the former Finjan and Aladdin are a bit harder to find as both were acquired and renamed, while losing the original blogs.
For a summarized view of most of my publications through different media outlets over the years you can view this Google Archive Search.
If you'd like to inquire about a speaking opportunity, I'm usually booked 2-3 months in advance, but feel free to email me or use my contact form. Note that at a minimum travel and acommodations should be covered, along with a negotiable speaker honorarium.

Date Description
2022 February Opening panel speaker on Leveraging AI to Monitor Employees and Mitigate External Threats at Compliance Week
2021 August Interview for NPR on the NSO spyware issues - NPR
2021 CyberWeek Conference Closing Keynote
2020 December Guest on the Tech Trek Podcast - Part 1 and Part 2
April Webinar interview with Preetham Peter of Infoedge about using loss scenarios in security practices
Interviewed by on the measures taken by the Israeli government amidst the coronavirus crisis handling. Full PDF here
February Wrote an article for Forbes on the Product vs Skill pendulum
Featured on Forbes Effective tips for creating and sustaining strong cybersecurity teams
Featured on Forbes in an article about securing smart home and IoT devices
January Webinar on combining FAIR with NIST-CSF with the FAIR Institute
Featured on the Security and Compliance Weekly and discussed Quantifiable Risk Metrics. Part 1, Part 2
2019 September Recognized by the FAIR Institute as the 2019 Business Innovator during FAIRCon.
Featured on the FAIR Institute blog in prep for FAIRCON 2019
August Featured as the first commercial success story on from NIST on combining NIST-CSF and FAIR
July "Providers Must Go Beyond Frameworks for Strong Risk Management" on Health IT Security
May Presented Unholy Concoction of Risk Management Practices - FAIR/CSF/MSSP at SIRACon 2019
March Featured on Forbes: Trust-Building For Security
February Featured on Forbes: Why You Should Go Beyond The Typical Penetration Test
January Featured on Forbes: Two Frameworks For Securiting A Decentralized Enterprise
2017 July Keynoted CyberWeek in Tel Aviv, speaking about securing the Cloud [Video]
2016 July Featured on Vice's Cyberwar in an episode focusing on China as a subject matter expert.
June Keynote for BSidesClevalend
ShowMeCon in St. Louis, Missoury - Social Media Risk Metrics
Area41 in Zurich, Switzerland - Social Media Risk Metrics
April InfoSecWorld at Orlando, FL - Actionable Threat Intelligence
Featured on CSO Online - Two perspectives on social media for security leaders
March RSA Conference - Social Media Risk Metrics.
February Zoncon - Amazon's Security Conference. Keynote speaker.
2015 December BSidesDC - Actionable Threat Intelligence
October Hacked Opinion - The legalities of hacking on CSO Online
PACE University Cybersecurity Symposium on Threat Intelligence
September DerbyCon - Social Media Risk Metrics
August Commentary on the Hacking Team breach - CSO Online
BSidesLV Actionable Threat Intelligence
June You Shot The Sheriff 9 Sau Paulo, Brazil - Actionable Threat Intelligence
CSA Nordic Summit 2015 - Olso, Norway. Actionable Threat Intelligence
CSO Online coverage on actionable threat intelligence
CircleCityCon 2015 - Indianapolis, Indiana. Actionable Threat Intelligence video.
May IT Hot Topics 2015 - Greensboro, North Carolina - Actionable Threat Intelligence
March ISTS SPARSA at Rochester Institute of Technology (RIT) - Keynoting the event, and participating in the Red Team
January A few notes on the proposed cybersecurity bill on CSO Online
Commentary on the @CENTCOM twitter and YouTube account hacking on DarkReading, SecurityWeek as well as eWeek and SC Magazine
Commentary on SC Magazine about the pro-ISIS hacking of local news stations
2014 December Chosen as one of SC Magazine's top experts through the years
Quoted on NBC's Today on the Sony hack
Commentary on the Sony breach on TechNewsWorld
November Commentary on the iWorm patch on CIO Magazine
Commentary on the Regin malware on eSecurity Planet as well as SearchSecurity
FeedbackFriday commentary on SecurityWeek Magazine
September Derbycon - conducting Red Team Training with Chris Nickerson. Additionally speaking on Painting a Company Red and Blue
May Featured on's article as part of a series "The spies among us": Attack of the Superhackers
March Panelist on Fox Business' "Money with Melissa Francis on NSA surveillance and President Obama's meeting with tech CEOs.
Panelist on Fox Business' "Money with Melissa Francis" on power grid security.
February Featured on Fox Business' "Money with Melissa Francis" on Chip-and-PIN (EMV) security.
2013 November Featured on CNN Money's "How Corporate America fights hackers".
September Seeing red in your future? and Red Team Training at Derbycon.
"Cyber" security - all good, no need to worry? at SecurityZone. Interview with ComputerWorld.
July Red Team Testing Training at BlackHat USA 2013
March ZonCon at Amazon's HQ in Seattle: SexyDefense in the forest
January NCSC Symposium SexyDefense, and Red Team Training
Alt-S at The Hague, Netherlands
2012 December SecurityZone 2012 in Cali, Colombia: SexyDefense
October Hashdays: SexyDefense
September DerbyCon Training, and speaking on SexyDefense (video)
Brucon Red-Team Testing class with Chris Nickerson
July BlackHat USA Briefings 2012 presented SexyDefense - Maximizing the home-field advantage
BSidesLV presenting SexyDefense Black Hat: Businesses at risk from over-reliance on automated tools, researchers warn (pfd).
SC Magazine: Black Hat: Security pros must evolve their defensive strategy.
MIT Technology Review: Hey, Hackers: Defense Is Sexy, Too (PDF).
NakedSecuity (Sophos' blog): Black Hat - SexyDefense, maximizing the home-field advantage.
May YSTS (You Shot The Sheriff) conference, Sao Paolo, Brasil. Sexy Defense
April Source Boston - presented a talk: "Sexy Defense"
Also at Source Boston - Red Team Testing training.
DarkReading article on the SexyDefense talk. (PDF)
InfoWorld article covering Sexy Defense. (PDF)
Midsize Insider SexyDefense coverage.
Fierce CIO SexyDefense coverage.
IRANIAN CYBER THREAT TO THE U.S. HOMELAND Quoted as a source for a congressional hearing.
March HackCon, Oslo, Norway. Advanced Data exfiltration
January Calcalist article on the recent hacking events in Israel [Print version]
Channel 1 news article on the recent hacking events in Israel
2011 November Govcert.NL Symposium - Adavnced data exfiltration - the way Q would have done it
Source Barcelona - presenting a talk on advanced data exfiltration
October HashDays - "Pushing in, and pulling out slowly without anyone paying attention", and management sessions speaker.
September Brucon presented a talk on advanced data exfiltration, APT and red-team testing (Video)
August BSides Las-Vegas presented 2 talks on VoIP botnets and Advanced Data Exfiltration
DefCon 19 Participated in the DCG & Hackerspaces panel and talked about VoIP botnets and data exfiltration
Dark Reading coverage of the Advanced Data Exfiltration talk (local cache)
Galatz Radio interview on Cyber Security threats, and international diplomacy
June Security BSides Vienna / NinjaCon 11
23rd Annual FIRST Conference
National greek news article on Athcon (Greek)
Athcon 2011 security conference
May People's Daily Online article. (English version of Chinese news) cached
PenTest Magazine article on how to avoid meaningless pentests
April SOURCE Boston security conference
Featured article on the Pentest Magazine
March DC9723 Introduction to the Penetration Testing Execution Standard
February ISDPodcast interview covering Security-Art's annual report, FAIR and the pentest standard (cached mp3)
TheMarker coverage of our annual report (print edition)
Featured on CyberwarfareZone
January Sophos' Naked Security blog guest post
2010 December BerlinSides hacker conference
CSA-IL Conference - Intro to the technology showcase.
November DeepSec conference in Viena.
International Conference on Cyber Terrorism hosted by the ICT at IDC Israel.
October CSFI Stuxnet report published with my contribution (also on the CSFI page)
NATO's CCD-COE (Cooperative Cyber Defence Center Of Excellence) strategy setting workshop. Subject matter expert for creating NATO's cyber strategy for 2011.
BlueHat v.10.
September Brucon 2010 and the video (please use a mirror!)
SOURCE Barcelona and a brief interview
August EuroTrashSecurity podcast (Microtrash 10) mp3
FIRST 2010 Interview (mp3)
July DefCon 18 (updated with Video and the slide deck)
InfoSec Daily podcast
June 22nd FIRST Conference
May CSO Forum Magazine
ISDPodcast interview (cached mp3)
AthCon (Athens, Greece)
April El Pais (Spanish) local pdf copy
Global Security Mag (French)
BlackHat EU 2010 Presentation slides and whitepaper
March Exotic Liability podcast
2009 November ExcaliburCon (WuXi, China)
September HackerHalted conference (EC Council @Miami)
July DefCon 17 (updated with video)
April The IET (Video interview)
Calcalist (Hebrew)
March MiddleGround (e-Crime congress UK publication)
February ChannelWeb
What to buy for Business
ITRManager (French)
BitCity (Italian) (Dutch)
PubliNews (French)
01 Informatique (French)
January What to buy for business
The Web2.0 Attack Vector - white paper
2008 December BCS
Calcalist (Hebrew)
October BlueHat Security Conference at Microsoft HQ in Redmond, WA
The Register
Calcalist (Hebrew)
De Beveiligingsupdate (Dutch - podcast in english at 23:10 minutes)
IT World
WebWorld (Dutch)
TheMarker (Hebrew)
TechWorld (Dutch)
ComputerWeekly (Dutch)
April BlackHat talk
May San Francisco Chronicle (Different spokesperson named for the company)
February SC Magazine
2007 December SC Magazine
October InformationWeek
September Fox News
August PodTech
Mag Securs (French)
DefCon 15 talk
2004 February Storage Magazine
April NetworkWorld