I'm a world-wide security evangelist, meaning I write and speak about hackers, cryptography, fraud, malware and all that interesting stuff.

I've spoken at over 30 conferences on all six developed continents. Some of my favorite engagements were speaking at RSA Europe in Amsterdam, InfoSec in London and Gartner Data Center in Las Vegas

I write a bi-weekly column at SecurityWeek, and have had the good fortune to write for DarkReading and SC Magazine and Network World.

They call me the "one-take wonder" in the studio, because I've done so many videos that I just do it in one take anymore.

I'm a fly-fisherman, a baseball fan and a craft beer enthusiast.

Welcome to the Vanity Site of David William Holmes

April 24, 2019:  tags:  infosec security-week

6 Ways Attackers Are Still Bypassing 2FA

My six month Hiatus from SecurityWeek is over! Here's a fun little piece that mostly wrote itself, about all the ways I've seen SMS being bypassed as a 2nd factor of authentication.

Cute insider note, when I asked the designers for an image of an older guy looking at his phone, they sent this one, with the caption "there's a sale on adult undergarments!"


Oct. 9, 2018:  tags:  SSL-TLS cryptography hackers

The Top Ten Hardcore F5 Security Features in BIG-IP 14.0

My love letter to version 14.0 of the F5 product suite. These Top Ten articles are always popular with the engineers in the field, many of whom send directly to their customers.

These are always a ton of work for me, as I have to get the giant list of requirements, understand them, rank them, and write copy (and jokes) about them.

Even as I complain, I must admit that these were also my favorite articles for F5 :)


Sept. 27, 2018:  tags:  infosec policy

Data Privacy and the 2018 Philippine Identification System Act

Here's an essay I wrote about what I think are the data privacy concerns around the Philippine National ID system (PhilSys). Having a national identification system is a good thing; this essay contains my advice to the implementors of PhilSys, so that they can most properly secure their citizen's data.


Sept. 12, 2018:  tags:  ddos in-the-news iot

App protection amid evolving app landscape, automated attacks

Networks Asia quoted me for a piece on Internet of Things and automated attacks


Aug. 21, 2018:  tags:  in-the-news infosec policy

National ID Systems and Data Privacy

After receiving some media inquiries around the Philippines national ID system, I put together an essay, with the help of my indispensible personal assistant in the islands, on data privacy and the Philippine National ID system (PhilSys).

Back End Systems quoted me from the essay in this article. See F5 Labs for the main essay.


Aug. 15, 2018:  tags:  infosec iot

F5Agility18: Application security and evolving threats

Here's a video interview done by none other than F5's Calvin Rowland himself. He and I are both 17-year veterans of F5 Networks, and we're both good (or at least energetic) on video. He's interviewing me for our Agility Live series, and I'm discussing some of our security research at F5 labs.


Aug. 1, 2018:  tags:  in-the-news hackers

David Holmes: On the trade-off between security and convenience in technology

Bucket list item achieved. I was interviewed on live TV in the Philippines on the ANC Early Edition news program about consumer internet safety and how Filipinos view it through the lens of convenience vs. security. There were likely millions of people watching and but it was just so much fun! Would do it again :)


June 24, 2018:  tags:  in-the-news infosec iot

Securing IoT Devices: The Challenges

Here's an interview I did for Info Risk Today about blockchain and the Internet of Things.


June 18, 2018:  tags:  in-the-news hackers iot

Singapore top cyber attack target during Trump Kim Summit

We released an original report showing a spike in SIP protocol attacks against Singapore during the Trump / Kim summit there. Singapore Today interviewed me about the article.


May 22, 2018:  tags:  SSL-TLS cryptography security-week

Fitting Forward Security into Today's Security Architecture

I've been talking about this problem for years (it seems), but there's been an update. Toward the end.


Site Task List

Task Priority
Hookup date selectors in fishing, writing, photos Medium
Switch from Let's Encrypt to AWS certificate Medium
Bring in fishing reports from Tumblr Low
Bring in fishing reports from flyfishsnoqualmie Medium
Add essay about medicine Low
Add Headshots gallery Medium
Put manila article on there Medium
Where is Bad Art in writing? High
Fix RSA2015 Low
Link and Image Checker Medium