What does the job of a malware analyst entail? If you're looking to get into this field, or if you're looking for ideas that can help you succeed there, read on. You might also find this page useful if you are creating a job description for hiring such a person.

This cheat sheet offers tips for assisting incident handlers in assessing the situation when responding to a qualified incident by asking the right questions. It builds upon the incident survey cheat sheet I published earlier.

This cheat sheet captures tips for examining a suspect server to decide whether to escalate for formal incident response. It covers the general approach, and outlines commands for Windows and Unix using built-in tools. One-sheet version for printing and editing is included.

Malware analysis is as much of an art as it is a science. To bring the point home, I created the following "word clouds" that represent the words used in the Reverse-Engineering Malware course, which I teach at SANS Institute.

I created a one-page cheat sheet of shortcuts and tips for reverse-engineering malware. It covers the general malware analysis process, as well as useful tips for OllyDbg, IDA Pro, and other tools. An editable version of this file is also available, if you'd like to customize the cheat sheet for your own needs. My reverse-engineering malware course explores these, and other useful techniques.

In this free one-hour webcast, I discuss tools and techniques for going beyond the basic exploits-focused penetration testing methodology. To attend it live, tune in on August 5 at 1:00 PM EDT. An archived version of the webcast will be available.

In this free one-hour webcast, I examine the characteristics of today's malware, exemplified by recently-seen bots, downloaders, keyloggers, and malicious scripts.An archived version of the webcast is available, complete with audio and presentation slides.

This article presents recommendations for addressing the risks associated with modern malware. Stopping malware requires an approach grounded in awareness and control. The article includes a link to my related webcast on protecting users from web-based threats.

I will teach the Reverse-Engineering Malware course at SANS conferences in July 2008 (Washington, DC), September 2008 (Las Vegas, NV), and December 2008 (Washington, DC). I will also teach it via an interactive video format in June 2008; this event is a unique opportunity for higher education, and local and state government employees to take the course at a 75% discount.

When searching for low-hanging fruit, attackers are paying closer attention to client-side vulnerabilities on internal workstations. So should you, when performing security assessments. This article describes how to test for client-side vulnerabilities during a security assessment.

Rare is the case when a determined penetration tester or attacker fails to trick his targets into releasing sensitive information. This article explains how to incorporate social engineering testing into information security assessments.

PaulDotCom interviewed SEC602 course co-authors during its January 24, 2008, webcast. We discussed key procedures for malware analysis, malware trends, and the expansion of the Reverse-Engineering Malware course. MP3 of the webcast is now available.

Announcing the expansion of the Reverse-Engineering Malware course. Here's the full announcement.

I lead a regional security team at SAVVIS, a premier provider of IT infrastructure and hosting services. We offer a range of consulting services, including vulnerability assessments and penetration testing.

This article reviews the emerging threats landscape of information security, including targeted attacks, client-side infections, advanced malware, bots, and browser malware. It was originally published in May 2007 issue of Information Security magazine.

In this SANS webcast I present 10 key issues you need to address for a successful penetration test.

The reporter interviewed me for this article on protecting organizations against endpoint threats.

In this SANS' Ask The Expert webcast I review several techniques and free tools for speeding-up the analysis of malicious software.

This article presents several tips for establishing a practical routine for reviewing information security logs.

This article, published in Information Security Magazine, describes an approach to ensuring a project's success by becoming attuned to the organization's dynamics.

This webcast, presented at SANS Institute, examines the nature of threats that target the Web browser, reviewing three major categories of browser-oriented attacks.

This presentation, prepared for ISSA, explores common information security risks that organization face, and suggests 10 questions worth asking when establishing a robust IT security program.

This 1-minute video of Magellan Penguins records my observations from a visit to Argentina's Patagonia region.

This book, which I produced and co-authored, is a practical guide to designing, deploying, and maintaining network defenses.

If you are interested in learning a bit more about me, this page is for you. Here I list some autobiographical facts and outline a several of my projects and accomplishments. After all, activity suggests a life filled with purpose.

I contributed a few chapters to this Ed Skoudis' book, which focuses on defending against the threat of malicious code.

Organizations periodically invite me to present to them on topics related to IT risk management and security in business. Here are some of my recent presentations.

This paper examines trends and dynamics of the endpoint security industry, and evaluates the performance of market leaders such as Symantec in the context of these factors.

This article explores the use of multiple firewalls for protecting resources according to business requirements of multitier applications.

This often-cited article discusses the history and the structure of the Web, and offers a peak at the future of information sharing.

This article examines the evolution of malicious agents by analyzing popular viruses, worms, and trojans, and detailing the possibility of a new breed of malicious software.

Save time when researching security issues by focusing on specific sites of interests.

This paper explores early radio broadcasting efforts by the United States and the Soviet Union.

This paper examines views of American Founders on education, and applies them to the Internet's role as a catalyst for improving the American education system.

This paper provides a detailed analysis of several anomalous network events, and illustrates the techniques for examining alerts and logs generated by a network intrusion detection system.

This report presents results of a detailed information security audit of UNIX systems that belong to a fictitious company. It illustrates an approach to performing such an examination.

This paper documents a comprehensive architecture for defending network resources of a fictitious company. It illustrates an approach to setting up a strong security perimeter.

This paper defines a framework for using easily-accessible tools and a dual-phased approach to examine malware such as viruses, worms, and trojans.

Slap a high five to the infamous Calvin, just because you have nothing better to do.

"Lying in bed listening to the rain outside." "Laughing for no reason at all." Take a look at what folks submitted to me over the years, and see what inspires people of the world.

When feeling particularly inspired, I write short verse. Curious about the results? Take a look.

I've assembled a few humorous lists circulating on the Internet, such as "The Canonical List of Answering Machine Messages" and "More Than Fifty Ways to Get Rid of Blind Dates."