Welcome to Cornell Security
This is a placeholder post to help you start the blog section. You can remove it later or replace it with your first real article.
Blog
Articles focused on cybersecurity fundamentals, infrastructure resilience, and defensive practice.
ICS Taught Me More About Input Validation Than OWASP Ever Did
Before I learned about OWASP or STRIDE, electronics taught me a harsh truth: if a system trusts bad input, it will fail — sometimes violently. ICS and AppSec live in separate worlds, but the problems they face are deeply connected.
The Water Sector's Default Password Problem
November 25, 2023. A remote booster station serving 6,000 people in Pennsylvania was accessed by a hostile actor. The international media followed. Defacement banners appeared on the HMI. Operators we
Logic Follows Lies: How PLCs and RTUs Fail Under Adversarial Conditions
A PLC or RTU accepts whatever value reaches its input buffers and applies deterministic logic to it with absolute confidence. And when those upstream signals are manipulated—whether sensor readings, t
Inputs Lie: Your System Trusts Signals It Shouldn't
If you lie to an industrial system about its inputs, it will execute that lie faithfully into the physical world. No hesitation. No intuition. Just deterministic logic doing exactly what it was
Satellite Cybersecurity: When Cyber Meets the Spectrum
How SIGINT, ICS, and Application Security Converge in the Invisible Domain We Depend On
Asset Visibility in OT Environments: Why You Can't Defend What You Don't See
When it comes to securing Operational Technology (OT) and Industrial Control Systems (ICS), visibility isn’t just nice to have—it’s non-negotiable. If you don’t know what assets exist on your industri
Cyber Hygiene in 2025: Why Cybersecurity Basics Remain Essential
In 2025, as organizations adopt zero-trust architectures and AI-powered tools, the core practices of cybersecurity—known as cyber hygiene—remain essential for preventing breaches like ransomware attac
Asset Visibility in OT Environments
You can’t secure what you don’t know about. In operational technology (OT) environments, maintaining an accurate inventory of assets and their communications paths is the starting point for any defensible architecture.
Cyber Hygiene in 2025
Emerging trends like AI-driven attacks, remote work, and supply‑chain compromises mean good security hygiene in 2025 looks very different from basic patching and passwords.
Building a Cyber Defense Development Environment in a Virtual Machine
A step‑by‑step guide to creating a controlled virtual machine for building and testing cyber defense tools.
Critical Infrastructure: What It Is & Why You Should Care
A primer on critical infrastructure sectors and why cybersecurity professionals should focus on them.
Building a Cyber Defense Development Environment in a Virtual Machine
In today's rapidly evolving cyber threat landscape, having a robust and flexible cybersecurity development environment is crucial for professionals aiming to enhance their defensive capabilities. This
Cyber Hygiene 101
Cyber hygiene refers to routine practices like MFA, patching, and strong passwords that prevent most attacks.
SCADA: The Brain Behind Industrial Systems
An introduction to SCADA using a brain-and-body analogy to explain how industrial systems monitor and control the physical world.
SCADA: The Brain Behind Industrial Systems
Imagine the human body performing a simple task—picking up a glass of water. Your eyes see the glass, your brain decides to grab it, your nerves send signals to your muscles, and your hand moves witho
Cyber Hygiene 101
Cyber Hygiene 101: Explore key NIST guidelines to safeguard your digital footprint and prevent costly breaches like MGM's $100 million ransomware attack. Understand why MFA, strong passwords, regular
Critical Infrastructure: What It Is & Why You Should Care
Imagine waking up without electricity, running water, or a way to call for help. That’s the chaos we’d face without critical infrastructure—the essential systems, assets, and networks that keep our so
When Valid Credentials Don't Mean "Authorized": What the Salt Typhoon Breach Teaches Critical Infrastructure Defenders
Salt Typhoon didn't break encryption or exploit zero-days. They exploited a systemic trust assumption present across every sector of critical infrastructure: valid input equals legitimate intent.