Cybersecurity · Critical Infrastructure · Signal & Satellite
Articles focused on cybersecurity fundamentals, infrastructure resilience, and defensive practice.
Before I learned about OWASP or STRIDE, electronics taught me a harsh truth: if a system trusts bad input, it will fail — sometimes violently. ICS and AppSec live in separate worlds, but the problems they face are deeply connected.
November 25, 2023. A remote booster station serving 6,000 people in Pennsylvania was accessed by a hostile actor. The international media followed. Defacement banners appeared on the HMI. Operators we
A PLC or RTU accepts whatever value reaches its input buffers and applies deterministic logic to it with absolute confidence. And when those upstream signals are manipulated—whether sensor readings, t
If you lie to an industrial system about its inputs, it will execute that lie faithfully into the physical world. No hesitation. No intuition. Just deterministic logic doing exactly what it was
How SIGINT, ICS, and Application Security Converge in the Invisible Domain We Depend On
When it comes to securing Operational Technology (OT) and Industrial Control Systems (ICS), visibility isn’t just nice to have—it’s non-negotiable. If you don’t know what assets exist on your industri
In 2025, as organizations adopt zero-trust architectures and AI-powered tools, the core practices of cybersecurity—known as cyber hygiene—remain essential for preventing breaches like ransomware attac
A step‑by‑step guide to creating a controlled virtual machine for building and testing cyber defense tools.
A primer on critical infrastructure sectors and why cybersecurity professionals should focus on them.
Cyber hygiene refers to routine practices like MFA, patching, and strong passwords that prevent most attacks.
An introduction to SCADA using a brain-and-body analogy to explain how industrial systems monitor and control the physical world.
Salt Typhoon didn't break encryption or exploit zero-days. They exploited a systemic trust assumption present across every sector of critical infrastructure: valid input equals legitimate intent.