Some help understanding stock options

Whether you are confused about stock options you have received or are trying to explain the concept to an employee, this article will help.

I have seen few topics generate more confusion than stock options. People with options in fast growing companies like to brag about them but often don’t actually understand them. Employees don’t understand what they are getting, so the option grant is less impactful. Here are the basics of what workers need to know about their stock options.

Where to follow my writing now

Where to follow my writing now

I have not been posting very much on lately because I have been working furiously on two other websites.

I am blogging about startups, entrepreneurship, and angel investing at Feel The Boot. This site allows me to help far more startups than I could possible mentor personally.

At Ntrepid I blog about managed attribution and online operations. Managed attribution is the natural extension and refinement of the anonymity work started by Anonymizer.

Read More

A fun conversation with the Securiosity Podcast.

While on a quick trip to Washington DC recently, I had a chance to sit down with Greg Otto and Jen O’Daniel of the Securiosity Podcast to talk about a wide range of topics. We discussed how I got started in privacy, why you don’t need to worry about nation state super hackers, being anonymous, OSINT, and wine. What a fun conversation!

My interview starts at about the 24 minute mark.

If you embrace the fact that many attacks are impossible to mitigate, your security will improve.


Back in the 1990’s, I was involved in a discussion about how an individual could deal with Van Eck monitoring, where an attacker captures the contents of your screen from outside the building. My take was that if your opponent has a surveillance team in a van full of special equipment parked right outside your house, your only realistic option is to run and never look back, in hopes of starting a new life elsewhere. Perhaps this scenario is a bit dramatic, but it illustrates an important point. We spend a lot of time thinking about and trying to mitigate threats that are so extreme you are basically already doomed if they are ever used against you. You can’t mitigate against Mission Impossible-style attacks, because whatever you try to prevent, they always have another way of getting at you.

Read the rest of the article at SecurityWeek

Getting ROI From a Security Advisory Board That Works: Part 2

Earlier I wrote about why a good security advisory board can be a powerful addition to any business. In this article I dive in to exactly how to make sure you get that value from your advisory board. My taking the right actions, you can ensure a strong ROI for your time and money while significantly boosting the security of your organization.

How To Defend Yourself Against APT / Nation State Attackers

When talking about information security, nation-state backed hackers are set up as the ultimate threat. The countries have brilliant hackers, unlimited resources, endless exploits, and they are all after you! Fortunately for us, there are also many more nation state hackers who are not that skilled, on a tight budget, and forced to use off-the-shelf tools. Just because your organization might be of interest to foreign services does not mean that you should just give up.

Read the entire article here

Published on cyber

Published on cyber


Getting ROI From a Security Advisory Board That Works: Part 1 - Why


In 2016, my CEO asked me to work with an outside advisor, Gary McGraw, to create a Security Advisory Board (SAB) for our company. Right away, I realized that creating a strong advisory board to effectively support the company would take a lot of work. We spent significant time thinking about how this board could add value to the business, and how to ensure that the board’s ideas and solutions were implemented. First, let me note that credit for many of the ideas in these articles should go to Gary. He was instrumental in the creation and continued success of our SAB. In the first article of this two-parter, I will explore the kinds of value a SAB can bring to a company, and why its creation is worth all the effort. In the next article, I will talk about the nuts and bolts of executing a successful SAB.

The End of an Era

I founded Anonymizer Inc. in 1995, almost 23 years ago. It was born of my passion and commitment to privacy, security, and anonymity. I deeply appreciate the support, encouragement, and loyalty from the millions of people who have used the service over the years.

I am profoundly proud of what this company has accomplished. We were the first commercial internet privacy service in the world. We created the Kosovo Privacy Project, provided censorship circumvention services to hundreds of thousands of people in China and Iran, and worked with numerous human rights groups to provide protected communications and safe access to information. We also set up a secure anonymous terrorist tip site in the first days following 9/11.

Read More

The DNC Hacker Indictment: A Lesson in Failed Misattribution

Reading legal documents is not something I usually enjoy. The Muller indictment of the Russian DNC hackers was different - the amount of detail revealed in the document stunned me, and suggests that the US had very deep visibility into the hackers’ operations. In this article I am not going to look at the details of the hacking or phishing attacks used. Rather, I am interested in how the hackers attempted to misattribute their activities and how their actions and errors undercut that effort.

Read the whole article at Security Week to see my analysis of all they ways the hackers failed in trying to remain hidden.

Preventing the Other Kind of Hack Back

There has been endless discussion among security professionals about the ethics, propriety, legality, and effectiveness of corporations “hacking back” against attackers. On the other hand, there is no hesitation on the part of attackers to hack back against threat intelligence researchers who are investigating them. Identification and retaliation are a constant risk for anyone probing the darkest back alleys of the internet.

Read the whole article at Security Week to see why and how watching the wrong people can lead to counter-attack.

Keeping it on the Down Low on the Dark Web

Sites on the Dark Web Have Several Motivations to Unmask Their Visitors

So, there you are, finally on the private sections of a dark market. You have established reputation and credibility with your targets. Suddenly, you get exposed as a “rat” and banned for life. They grab your escrowed cryptocurrency, and you are back at square one with a foe who is even more alert than before... How did this happen?

Read the full article at Security Week for my thoughts on staying anonymous while visiting the dark web.

Do you make any of the top 6 managed attribution mistakes?

Staying anonymous while engaging online is hard, particularly if you need to do so over an extended period of time. While there are thousands of things that can trip you up there are six mistakes that cause most of the problems. Read the article to learn what they are.

The Top 6 Mistakes That Will Blow Your Online Cover - SecurityWeek

Breaking the OODA Loop!

I am very excited to see that the first in a series of articles I am writing for Security Week has been published. I would love to hear what you think.

The OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
OODA is an iterative process because after each action you need to observe your results and any new opposing action. The idea is that if you can consistently get to the action faster than your opponent you can beat them. It is typically described using an airplane dogfight analogy – airplanes try to turn more quickly and sharply than their opponent in order to get off a shot. But, as you turn faster and faster the g-forces build and at this point the ever faster OODA loop is more like a centrifuge crushing us. We need to break out of the loop and find a new way to play the security game.

Read the whole article.