in-the-news

They call me the content machine. I write about information security topics, with an emphasis on cryptography and distributed denial-of-service (DDoS) attacks. I've written for DarkReading, SC Magazine, and Network World. But most people know me from my monthly column at SecurityWeek.

Click the selectors in the Content pane to filter the content.


Nov. 7, 2017 tags:  SSL-TLS cryptography in-the-news

What happens to Encryption in a Post Quantum World?

Debbie Walkowski interviewed me about my 'Post-Quantum' report. Consider this the cliff notes to that larger paper.


Oct. 31, 2017 tags:  in-the-news infosec

Security Now! Reads our entire REAPER article on their podcast

Never thought I'd see this day! THE Steve Gibson of the Security Now! podcast really liked the REAPER piece that Justin Shattuck and I wrote. He liked it so much he basically read it over the air on podcast episode 635 (toward the end). Still can't believe it, how cool is that?


Oct. 25, 2017 tags:  ddos in-the-news hackers

DAVID HOLMES ON THINGBOTS: The attacker infrastructure of the future

Here's an interview that Oscar Visaya and I did for Raymond Gregory of Malaya Business Insight in Manila. Raymond got everything right.


Oct. 11, 2017 tags:  ddos in-the-news

IoT Attacks: India no. 2 source country

Had a long, fun, wide-ranging interview with India Economic Times.


Oct. 9, 2017 tags:  in-the-news infosec

Shadow Cloud Apps Pose Unseen Risks

CSO Online picked up the Maria Korolov's interview did with me and republished it. That's pretty awesome!


Sept. 29, 2017 tags:  SSL-TLS in-the-news security-week

Google Expands HSTS Preload List

SecurityWeek mentions an old column of mine about HTTP Strict Transport Security (HSTS).


Sept. 10, 2017 tags:  in-the-news infosec hackers

Malware Grows, Goes After Data Centers

Maria Korolov interviewed and quoted me extensively for a Data Center Knowledge piece on WannaCry. I had no time to prepare for this interview, and was surprised when it got published. Sometimes I prepare a LOT and nothing comes of it. You never know, I guess. Just keep doing them.


July 20, 2017 tags:  in-the-news infosec hackers

Cybersecurity talent, spending, regulations to mitigate IoT risks

In Singapore I did a media event espousing F5's original IoT research. Here's a write-up from Networks Asia (or Security Asia) not such which.


July 5, 2017 tags:  ddos in-the-news infosec

Hunting for IoT devices to be used for massive botnet

Had a fantastic, wide-ranging interview with Malaya Business Insight reporter Raymond Gregory.


June 12, 2017 tags:  ddos in-the-news

Ten steps for combating DDoS in real time

Hey look, IT News Africa reprinted my ten-step guide to combating DDoS in real time. This is basically a shortened, texty version of the DDoS playbook.


April 13, 2017 tags:  in-the-news infosec

CSO Perspectives Interview with David Holmes

Here's a 7 minute interview that CSO's Anthony Caruana did with me at the CSO Perspectives roadshow; this one was in Sydney. He asks about the new National Mandatory Breach Notification law, the Internet of Things, and where did I get that awesome shirt? Belgium.


Dec. 6, 2016 tags:  in-the-news

Protecting the future at Anticipate 2016

CSO Australia recaps my visit down under last month. Video interviews to come.


Nov. 24, 2016 tags:  ddos in-the-news security-week

This Web-based Tool Checks if Your Network Is Exposed to Mirai

“Regulation will likely be the fix for IoT security,” F5 Networks evangelist David Holmes notes in a SecurityWeek column, citing Mikko Hypponen, Chief Risk Officer of F-Secure. However, he also explains that Internet security cannot be regulated like other manufacturing processes. Increasing awareness among users could also help resolve this issue, with the IoT Defense scanner being a small step in this direction.


Nov. 13, 2016 tags:  ddos in-the-news

The Internet Of Things, DNS Weaknesses, Or Trump: Which Will Sink The Internet?

Got quoted by a Forbes article. “Nearly all clients rely on DNS to reach their intended services, making DNS the most critical—and public—of all services,” explains David Holmes... and “This single point of total failure…makes DNS a very tempting target for attackers,” Holmes continues. The pic is Jon Postel, who I consider a father of the Internet.


Aug. 12, 2016 tags:  SSL-TLS cryptography in-the-news

Microsoft Disables RC4 for Edge and IE

SecurityWeek reported that Microsoft disabled the RC4 cipher in Edge and Internet Explorer 11, and referenced David Holmes’ byline column from last year about the simplicity of RC4 being its greatest appeal.


June 2, 2016 tags:  SSL-TLS cryptography in-the-news

CSO Australia - Redefining the Application security perimeter

This year's high-profile battle of wills between Apple and the US Federal Bureau of Investigation (FBI), which sparked worldwide discussions about the propriety of security 'back doors', was eventually resolved when the FBI found another…”We're seeing more and more Internet traffic encrypted over time, particularly after Edward Snowden came out and told everyone that people are watching them,” David Holmes, worldwide security evangelist with F5 Networks, recently told CSO Australia…


May 17, 2016 tags:  SSL-TLS cryptography in-the-news infosec

Google to Soon Kill SSLv3, RC4 Support in Gmail

A SecurityWeek article quotes me about SSLv3 and RC4.


April 25, 2016 tags:  in-the-news infosec

Healthcare Was Most Attacked Industry in 2015: IBM

A SecurityWeek article quotes me about breaches.


April 13, 2016 tags:  in-the-news infosec

Open CA Let’s Encrypt Comes Out of Beta

A SecurityWeek article quotes me about the Open CA "Let's Encrypt"


April 1, 2016 tags:  travel in-the-news infosec

ARN: Application Security is Primary

A piece written from an interview I did while in Australia. I remember doing this interview from the passenger seat of David Arthur's car while we were driving to lunch in Canberra. The things you remember.


March 21, 2016 tags:  in-the-news infosec hackers

Manila Business Mirror Interview

Not every day you get on the front page of the local paper! Was in the Philippines immediately after the first SWIFT banking theft: $81M had been stolen (by the Lazarus group, probably) and laundered through local casinos. I happened to be there speaking with the media about bank fraud anyway, so that's how country manager Oscar Visaya and I ended up on the front page of the paper.


March 18, 2016 tags:  SSL-TLS cryptography in-the-news infosec

95% of HTTPS Servers Vulnerable to Trivial Connection Hijacking

SecurityWeek quotes me about strict transport security.


Jan. 27, 2016 tags:  SSL-TLS cryptography in-the-news infosec

Firefox 44 Drops RC4, Gets Push Notifications

SecurityWeek article quotes me about my favorite algorithm of all time, RC4.


Nov. 30, 2015 tags:  cryptography in-the-news infosec

Predictable SSH Host Key Flaw Affects Raspberry Pi Devices

SecurityWeek article quotes me about entropy.


Sept. 15, 2015 tags:  in-the-news infosec

IT Teams Question Security of App Containers: Survey

A mention in SecurityWeek article about container security.


June 15, 2015 tags:  SSL-TLS cryptography travel in-the-news

Polish TV: Hackers and Banks and Stuff

Banki coraz cz??ciej atakowane przez hakerów

Ataki na banki zdarzaj? si? wsz?dzie. Banki na ca?ym ?wiecie s? zaniepokojone hakerami i kradzie?? pieni?dzy.

Here's a 3 minute interview with yours truly in Warsaw, Poland. They have a polish guy talking over my audio track, which is neat if you know Polish. I don't.


June 3, 2015 tags:  in-the-news infosec

InfoSecurity Europe 2015 - David Holmes

TechWeekEurope's Michael Moore speaks to David Holmes, Senior Security Evangelist for F5 Networks, at InfoSecurity Europe 2015


Jan. 30, 2015 tags:  in-the-news infosec

DarkReading: How the Skills Shortage is Killing Defense-in-Depth

One of my favorite pieces, and one of the most high-profile as well. Lots of great discussion around this.


April 25, 2014 tags:  in-the-news

Cincinnati User Group Road Trip

Jason Rahm's version of the events that involved this mini pony on a great roadshow we did in 2014.