I speak and write about information security topics, with an emphasis on cryptography and distributed denial-of-service (DDoS) attacks. I've written for DarkReading, SC Magazine, and Network World. But most people know me from my monthly column at SecurityWeek.
Click the selectors in the Content pane to filter the content.
Networks Asia quoted me for a piece on Internet of Things and automated attacks
After receiving some media inquiries around the Philippines national ID system, I put together an essay, with the help of my indispensible personal assistant in the islands, on data privacy and the Philippine National ID system (PhilSys). Back End Systems quoted me from the essay in this article. See F5 Labs for the main essay.
Bucket list item achieved. I was interviewed on live TV in the Philippines on the ANC Early Edition news program about consumer internet safety and how Filipinos view it through the lens of convenience vs. security. There were likely millions of people watching and but it was just so much fun! Would do it again :)
Here's an interview I did for Info Risk Today about blockchain and the Internet of Things.
We released an original report showing a spike in SIP protocol attacks against Singapore during the Trump / Kim summit there. Singapore Today interviewed me about the article.
ISMG's Suparna Goswami interviewed me about my thoughts on IoT Security. 12 minutes of David Holmes braindumping IoT security at you.
IT Pro wrote an article based on our media briefing in HK. I don't actually know what it says, but I think it's something like "44% of Telnet scans (or attacks) coming from China". Google Translate doesn't work for cantonese?
The Malay Business Insight newspaper has a circulation of over 80,000 in the Philippines. After an Interview I did on our recent volume 4 of the Hunt for IoT thingbots, Sir Raymond Gregory Tribdino published these two articles, one on IoT and one on how I look like Tony Stark. The resemblance usually escapes me, but I hear it all the time. Like about 10 times a year.
What's the difference between DarkWeb and DarkNet? That's just one of the questions that my colleague, Ray Pompon, and I answered in this wide ranging interview. Really liked how this one came out.
Debbie Walkowski interviewed me about my 'Post-Quantum' report. Consider this the cliff notes to that larger paper.
Never thought I'd see this day! THE Steve Gibson of the Security Now! podcast really liked the REAPER piece that Justin Shattuck and I wrote. He liked it so much he basically read it over the air on podcast episode 635 (toward the end). Still can't believe it, how cool is that?
Here's an interview that Oscar Visaya and I did for Raymond Gregory of Malaya Business Insight in Manila. Raymond got everything right.
Had a long, fun, wide-ranging interview with India Economic Times.
CSO Online picked up the Maria Korolov's interview did with me and republished it. That's pretty awesome!
SecurityWeek mentions an old column of mine about HTTP Strict Transport Security (HSTS).
Maria Korolov interviewed and quoted me extensively for a Data Center Knowledge piece on WannaCry. I had no time to prepare for this interview, and was surprised when it got published. Sometimes I prepare a LOT and nothing comes of it. You never know, I guess. Just keep doing them.
In Singapore I did a media event espousing F5's original IoT research. Here's a write-up from Networks Asia (or Security Asia) not such which.
Had a fantastic, wide-ranging interview with Malaya Business Insight reporter Raymond Gregory.
Hey look, IT News Africa reprinted my ten-step guide to combating DDoS in real time. This is basically a shortened, texty version of the DDoS playbook.
Here's a 7 minute interview that CSO's Anthony Caruana did with me at the CSO Perspectives roadshow; this one was in Sydney. He asks about the new National Mandatory Breach Notification law, the Internet of Things, and where did I get that awesome shirt? Belgium.
CSO Australia recaps my visit down under last month. Video interviews to come.
“Regulation will likely be the fix for IoT security,” F5 Networks evangelist David Holmes notes in a SecurityWeek column, citing Mikko Hypponen, Chief Risk Officer of F-Secure. However, he also explains that Internet security cannot be regulated like other manufacturing processes. Increasing awareness among users could also help resolve this issue, with the IoT Defense scanner being a small step in this direction.
Got quoted by a Forbes article. “Nearly all clients rely on DNS to reach their intended services, making DNS the most critical—and public—of all services,” explains David Holmes... and “This single point of total failure…makes DNS a very tempting target for attackers,” Holmes continues. The pic is Jon Postel, who I consider a father of the Internet.
SecurityWeek reported that Microsoft disabled the RC4 cipher in Edge and Internet Explorer 11, and referenced David Holmes’ byline column from last year about the simplicity of RC4 being its greatest appeal.
This year's high-profile battle of wills between Apple and the US Federal Bureau of Investigation (FBI), which sparked worldwide discussions about the propriety of security 'back doors', was eventually resolved when the FBI found another…”We're seeing more and more Internet traffic encrypted over time, particularly after Edward Snowden came out and told everyone that people are watching them,” David Holmes, worldwide security evangelist with F5 Networks, recently told CSO Australia…
A SecurityWeek article quotes me about SSLv3 and RC4.
A SecurityWeek article quotes me about breaches.
A SecurityWeek article quotes me about the Open CA "Let's Encrypt"
A piece written from an interview I did while in Australia. I remember doing this interview from the passenger seat of David Arthur's car while we were driving to lunch in Canberra. The things you remember.
THE Richard Chirgwin of the Register once interviewed me while I was deliriously excited after talking with some customers in Australia. I gave a wide-ranging interview on all kinds of topics, stuff was just coming out of my mouth. Richard loved it. Later he told my bosses "this was the perfect interview - exactly what I want to hear when I talk with people in the industry!"
Not every day you get on the front page of the local paper! Was in the Philippines immediately after the first SWIFT banking theft: $81M had been stolen (by the Lazarus group, probably) and laundered through local casinos. I happened to be there speaking with the media about bank fraud anyway, so that's how country manager Oscar Visaya and I ended up on the front page of the paper.
SecurityWeek quotes me about strict transport security.
SecurityWeek article quotes me about my favorite algorithm of all time, RC4.
SecurityWeek article quotes me about entropy.
A mention in SecurityWeek article about container security.
Banki coraz cz??ciej atakowane przez hakerów
Ataki na banki zdarzaj? si? wsz?dzie. Banki na ca?ym ?wiecie s? zaniepokojone hakerami i kradzie?? pieni?dzy.
Here's a 3 minute interview with yours truly in Warsaw, Poland. They have a polish guy talking over my audio track, which is neat if you know Polish. I don't.
TechWeekEurope's Michael Moore speaks to David Holmes, Senior Security Evangelist for F5 Networks, at InfoSecurity Europe 2015
One of my favorite pieces, and one of the most high-profile as well. Lots of great discussion around this.
Jason Rahm's version of the events that involved this mini pony on a great roadshow we did in 2014.