I love to work on weird, interesting, and unique ideas. Some of my research has been influenced by stuff at work, and some is often from me wondering if it’s possible to do a new thing in an unusual way.

Each time I present new research at a conference, I’m sort of focus-group testing the idea to see if it’s something I should continue pursuing. Getting feedback after hiding in my dark cave for months really provides insight into the research, and gives me new ideas to work on.

Some of the ideas I’m considering at the moment:

• Finding correlations between malware and phishing campaigns and geo-political events, and using past patterns to try to anticipate future campaigns based on what’s happening in the world.
• Automating MITRE ATT&CK
• Analysis of how many major attacks and breaches have occurred as a result of a large organization being compromised through a smaller partner organization that doesn’t have the same resources or sense to secure their environment.
• Security Research as a creative pursuit.
• Identifying AI created disinformation in social media and news.
• Identifying and mitigating the risks that matter to you.