Fragile Security

January 2025

What Other Industries Know About Risk

Every industry thinks their problems are unique. They're not.

Jan 16 • 

Jordan Potti

December 2024

The Customer Security Journey

Unlike authorization, which is guided by extensive compliance frameworks, the end-to-end customer security experience remains somewhat uncharted.

Dec 11, 2024 • 

Jordan Potti

1

May 2022

Career Mindset Spectrum

Career progression requires a shift of mindset.

May 31, 2022 • 

Jordan Potti

December 2021

The Great Mental Models and Information Security

As a regular reader of the Farnam Street project, I’ve come to appreciate mental models and how they can help us make decisions.

Dec 6, 2021 • 

Jordan Potti

1

Parenting Lessons for the Information Security Industry

In Peter Thiel’s book Zero to One: Notes on Startups, or How to Build the Future, he talks about the best interview question.

Dec 6, 2021 • 

Jordan Potti

November 2021

Using Zero Days for Red Teams

What do you think when you hear the term zero day?

Nov 5, 2021 • 

Jordan Potti

May 2021

Determining Risk Less Badly

“Risk is a factor in decisions, as well as costs, interests, and even our ability to frame decisions around a risk.” - Ryan McGeehan

May 14, 2021 • 

Jordan Potti

March 2021

ForeScout Secure Connector Local Privilege Escalation

Application: ForeScout CounterACT Secure Connector

Mar 30, 2021 • 

Jordan Potti

February 2021

ServiceNow - HelpTheHelpDesk And The Hackers

tldr; ServiceNow had a feature that exposed credentials to hundreds (if not thousands) of their customers ServiceNow instances.

Feb 21, 2021 • 

Jordan Potti

December 2020

From Red to Blue, and Maybe Purple Too

A high level TTP to detection rule life cycle.

Dec 11, 2020 • 

Jordan Potti

November 2020

Measuring Your Red Team

How do you measure your Red Team?

Nov 23, 2020 • 

Jordan Potti