- Cloud Native Infrastructure with Azure: Building and Managing Cloud Native Applications - I learned writing a book during a pandemic was not great, but I did write the chapter and developer exercises in the chapter on messaging.
- Hiring on Pragmatic Ops Weekly Podcast - https://player.fm/series/pragmatic-ops-weekly/episode-20-hiring-with-matt-franz
- Bringing DevSecOps to ICS - https://www.youtube.com/watch?v=mPx6CH3fJHI&
- Digital Bond Podcast on DoD Smart Grid Deployments (with Gerry Gallagher)
- Advanced Metering Implementations: Addressing Security in DoD Applications (with Pete Virag)
- A Maze of Tiny Fuzzers All Alike (CERT Vulnerability Disclosure Workshop) - https://resources.sei.cmu.edu/asset_files/Presentation/2010_017_001_53935.pdf
- RSA Panel Session on Smart Meter Security - https://www.wired.com/2010/03/smart-grids-done-smartly/
- Final Exam for CIS170 at Frederick Community College - students did great!
- Sisco OSI Stack Vulnerability - https://www.kb.cert.org/vuls/id/145825/
- OPC Security Whitepaper - this was the deliverable for a sponsored research project and is available on the Digital Bond subscriber website.
- ICCP Exposed - conference paper/presentation on ICCP (and OSI) protocol security at the first S4.
- Tenable SCADA Plugins - https://www.businesswire.com/news/home/20060801005188/en/Tenable-Digital-Bond-Add-SCADA-Plugins-Nessus
- LiveData ICCP Heap Overflow - https://www.kb.cert.org/vuls/id/190617/
- A Rough Start of a Toolset for Assessing J2EE Apps (Austin OWASP Meeting, June 2006)
- The Challenge of an Open Source Testing Framework for Control Systems (PCSF, SPring 2006)
- SCADA Vulnerability Discovery and Disclosure - PCSF, Spring 2006 - also see https://www.theregister.co.uk/2006/06/19/scada_flaw_debate/ and https://www.securityfocus.com/news/11396
- The Use of Attack Trees in Assessing SCADA Protocols
- Uncovering Cyber Flaws
- ModbusFW: Deep Packet Inspection for Industrial Ethernet (NISCC)
- Protocol Implementation Testing: Challenges & Opportunities (NISCC)
- ISA SP99 Panel - https://www.businesswire.com/news/home/20040326005280/en/Industry-Panel-Discusses-Manufacturing-Control-Systems-Security
- Separating Fact from FUD: BGP Vulnerability Testing (BlackHat and NANOG) - https://www.youtube.com/watch?v=p2AUMDpDKLA (poor quality recording and the Black Hat talk was much better delivery) and https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-convery-franz-v3.pdf
- Vulnerability Testing of Industrial Network Devices
- Integrating IT and Control System Security: A Vendor-Researcher Perspective
- https://www.infoworld.com/article/2668545/secure-it-with-linux.html - Trinux was mentioned here.
- How Secure is Secure: Threat-Oriented Product Testing (Cansecwest01)
- https://www.sans.org/reading-room/whitepapers/unix/paper/327 - paper on Trinux someone else wrote (the original Linux security testing distro)
- I launched http://trinux.sourceforge.net/legacy/ - the first security-oriented Linux distribution (before Knoppix, before Kali, there was Trinux!)