Secjuice | Non-Profit Cyber Goodness

Sign in Subscribe

Asset Management & Data Classification: You Can’t Protect What You Can’t See

Asset Management & Data Classification: You Can’t Protect What You Can’t See

Part 4 of a series on creating information security policies. Visibility before Protection Organizations often invest heavily in cybersecurity tools: endpoint protection, firewalls, SIEM platforms, MFA, cloud security solutions, and threat detection services. Unfortunately, many security incidents still come down to a surprisingly simple problem: organizations do not fully understand

Malware Analysis: Is It About Tools or Mindset?

Malware Analysis: Is It About Tools or Mindset?

Malware analysis is more than tools. Learn the mindset, goals, techniques, and workflows analysts need to dissect malware effectively.

For The Dogs

An introduction to the canine intelligence cell, a volunteer investigative effort focused on exposing the criminal networks exploiting dogs through trafficking, legal loopholes, fraud, violence, and organised abuse.

Identity Is the New Perimeter: Access, Authentication, and Control That Actually Hold Up

Identity Is the New Perimeter: Access, Authentication, and Control That Actually Hold Up

Part 3 of a series on creating information security policies. Attackers don’t break in…they log in. That’s a bit of a dramatic exaggeration, and it seems cliché, but it’s not really too far off. Consider the 2022 Uber breach. The attacker didn’t exploit a sophisticated

Your AI Agents Are Creating Identity Chaos (And You Don't Even Know It)

Your AI Agents Are Creating Identity Chaos (And You Don't Even Know It)

The AI agent explosion is happening whether we're ready or not. The companies that take identity seriously now will save themselves a world of pain later.

Your OSINT Is Only as Good as Your Thinking

Your OSINT Is Only as Good as Your Thinking

You pulled the threads, mapped the connections, built the timeline. The data looks clean and the narrative holds. Then someone asks a question you didn't consider and the whole picture shifts. The failure was not in your tooling.

The CTF Ecosystem Is Stagnant and Has Been for Twenty Years

The CTF Ecosystem Is Stagnant and Has Been for Twenty Years

CTFs haven't changed in decades. Better puzzles, same game. The problem isn't technical difficulty, it's that nobody has ever made you commit to anything.

People, Policies, and Purpose: Framing Acceptable Use and Human Behavior in Information Security

People, Policies, and Purpose: Framing Acceptable Use and Human Behavior in Information Security

Part 2 of a series on creating information security policies Many breaches don’t start with sophisticated hackers; they start with ordinary users doing ordinary things in unsafe ways. Let’s look at 3 ways to work toward helping people in our organizations understand better how to safeguard everyone’s

CTFs aren't Designed to Train Investigators. Hashclue is.

CTFs aren't Designed to Train Investigators. Hashclue is.

Real investigations start with noise, a fragment, a pattern, something that doesn't fit. Almost nothing in the standard training stack teaches you to work that problem. Hashclue is an attempt to build something that does.

Security Governance & Leadership

Security Governance & Leadership

Part 1 of a series on creating information security policies Contents * Security Starts at the Top (or, Governance Makes or Breaks Your Security Program) * Disclaimer * Why Governance Comes First * The Information Security Policy: Setting the Tone * Risk Management: Replace Guesswork with Discipline * Roles and Responsibilities: Eliminating the Accountability Gap * What

SCANT: A (kind-of-decent) Framework for Ethical Deepfake Creation & Distribution

SCANT: A (kind-of-decent) Framework for Ethical Deepfake Creation & Distribution

Contents 1. The Ethical Blueprint: Building Trust in Synthetic Media 1. S - Social Benefit 2. C - Consent 3. A - Accountability 4. N - Non-Deception 5. T - Transparency 2. Putting SCANT into Practice 3. TL;DR Checklist 4. It takes work! 5. AI - Embracing the Human

California Just Built a Data Deletion Tool That Actually Works (And Data Brokers Are Sweating)

California Just Built a Data Deletion Tool That Actually Works (And Data Brokers Are Sweating)

California’s DROP lets consumers delete data from 1,600+ brokers in one click—but behind the scenes it raises serious security, compliance, and transparency risks.

AI Vendor Vetting: An OK Practice Guide

AI Vendor Vetting: An OK Practice Guide

Practical guide to AI vendor vetting, covering key data, security, compliance, and risk questions to assess and manage AI third-party risks.

SecjuiceCON 2026

SecjuiceCON is an online event for infosec and OSINT industry insiders, and we'd love for you to talk to our audience about your wisdom and learnings.

CMMC Final Assessment: What I Did Right, What I’d Change, and How You Can Prepare

CMMC Final Assessment: What I Did Right, What I’d Change, and How You Can Prepare

A senior security analyst shares key lessons, wins, and improvements from completing a CMMC audit to help others prepare effectively.

Unusual Journeys into Infosec Featuring Phillip Wylie

UNUSUAL JOURNEYS INTO INFOSEC

Unusual Journeys into Infosec Featuring Phillip Wylie

Learn about Philip Wylie's journey into infosec, including bear wrestling, getting shot, and overcoming some major challenges.

Four-Step Intelligence Model for Decision Making

Four-Step Intelligence Model for Decision Making

Mars Groves explains the four steps of the OODA Loop model used in intelligence for decision-making, which is very useful for difficult and time-sensitive situations.

Five Serverless Security Tools You Need To Adopt Right Now

Five Serverless Security Tools You Need To Adopt Right Now

Heads up! You can improve the security of your serverless project using free or open source solutions that are already out there.

Securing Corporate Crypto: Why Your LLC’s Private Keys Matter More Than You Think

BUYING CRYPTO WITH YOUR LLC

Securing Corporate Crypto: Why Your LLC’s Private Keys Matter More Than You Think

The moment your LLC decides to buy cryptocurrency, you’ve crossed a threshold that most business owners never consider: you’re now responsible for securing private keys that represent real value, but traditional corporate security frameworks were never designed for crypto.

The OSINT Intelligence Cycle Part 1: Planning and Direction

The OSINT Intelligence Cycle Part 1: Planning and Direction

My advice for those wishing to improve their OSINT skills is to go back to the basics, namely the intelligence cycle.

OSINT & The Intelligence Cycle Part II: Lets Talk About Collection

OSINT & The Intelligence Cycle Part II: Lets Talk About Collection

Part two of my guide to the OSINT intelligence cycle. Once you mapped out your planning and direction phase, the next step is collection.

OSINT & The Intelligence Cycle Part III: Processing Raw Intelligence

OSINT & The Intelligence Cycle Part III: Processing Raw Intelligence

This OSINT part 3 post explains how to take the raw intelligence and refines it into forms better suited for exploitation and analysis.

OSINT & The Intelligence Cycle Part IV: Analysis and Production

OSINT & The Intelligence Cycle Part IV: Analysis and Production

After the processing phase of the OSINT intelligence cycle, it is time to analyze the data and generate an intelligence product.

OSINT & The Intelligence Cycle Part Five: Dissemination

OSINT & The Intelligence Cycle Part Five: Dissemination

Legend intelligence analyst Sinwindie returns with Part Five in his series on the OSINT Intelligence Cycle.

SecjuiceCON 2025

SecjuiceCON 2025

SecjuiceCON, our first virtual conference, will be held on March 30, 2025, starting at noon America/New_York timezone.