Operational-Security Official URL Update

This is just a quick announcement to say that the URL for what I have been calling “Operational-Security.com” is officially https://operational-security.com. I am attempting to consolidate my rather confusing set of URLs, and lower my own cost by reducing the number of HTTPS certificates and domains I maintain.

Unfortunately this is going to create a bit of headache for some of you. If you have linked to blog posts at “blog.yourultimatesecurity.guide…” (or added them as bookmarks or favorites) you will probably find many of these links broken. For that I apologize. All new posts and updates will appear at the new URL. Thank you for your patience!


FileVault Volume Level Encryption

A little known feature of FileVault is the ability to create encrypted volumes. Volumes are essentially encrypted file containers that can store a file or set of files. Volumes can be copied, emailed, burned to a DVD, or just set up as an additional layer of encryption for especially sensitive files. FileVault volume level encryption allows you to do this without needing a third-party application like VeraCrypt – assuming you don’t need to share these volumes with other operating systems.

Continue reading “FileVault Volume Level Encryption”

Gear Review: Anker Powerline Cable

I know gear reviews are a little out of my lane. With the combination of the impending Your Ultimate Security Guide: iOS deadline, writing a couple articles for Lucky Gunner, and working on the DeleteMe series, I haven’t had a ton of time to focus on in-depth projects. So I though I would talk about some gear that I use on a daily. It’s not necessarily security-related but it’s important to me just the same. Since I use phones to research, write, and teach live courses, charging and syncing is something I do a lot of. OEM cables – especially iPhone cables – are really prone to failure at the connections where they are bent and pulled. I have been on the hunt for a suitable replacement and have finally found one: the Anker Powerline cable series. Continue reading “Gear Review: Anker Powerline Cable”

Complete Privacy and Security

It is my pleasure to make a few announcements today.  First, The Complete Privacy and Security Desk Reference has been released and is finally available on Amazon!  This is huge – Michael and I had hoped to have this work out by January but things happened that were beyond our control.  Thousands of Wickr messages, hundreds of ProtonMail emails, scores of Signal calls, and four personal meets later (one in a foreign country), here we finally are!  From the description:

This 492-page textbook will explain how to become digitally invisible. You will make all of your communications private, data encrypted, internet connections anonymous, computers hardened, identity guarded, purchases secret, accounts secured, devices locked, and home address hidden. You will remove all personal information from public view and will reclaim your right to privacy. You will no longer give away your intimate details and you will take yourself out of ‘the system’. You will use covert aliases and misinformation to eliminate current and future threats toward your privacy & security. When taken to the extreme, you will be impossible to compromise.
Since Complete Privacy and Security is available on Amazon, I will no longer be taking direct sales here.  However, I will still be taking bulk orders of over 10 copies.  Contact me for price breaks.
Complete Privacy and Security
Second, today marks the one-year anniversary of this blog.  I am proud of this milestone, and feel it has been a productive year.  I greatly appreciate all of you who have emailed me, commented on the blog, or just lurked in the background.  Thank you!  In the coming year I plan to be much  more active; as you may have noticed since the Thirty-Day Security Challenge ended I’ve tried to post three posts a week, and I hope to continue this through 2016.
Third, now that Volume I of Complete Privacy and Security is finished, I can once again begin focusing on the Your Ultimate Security Guide series.  This series will undergo some changes.  These books will get much smaller and will be intended as companions to CP&S.  While CP&S is more principle-focused, new versions of Your Ultimate Security Guide will dig into the nitty gritty of each OS. However, it will forego a lot of the material that would be duplicted by CP&S.  This should make these volumes much slimmer and cost-effective.  The first planned releases are a Windows 10 and Android, which I hope to complete this year.  An iOS re-write will be available in October or November, after the release of the now iOS version.
Thank you all again for a great first year!

Threat Modeling: An Introduction

I have previously written about categorizing attackers based on their levels of skill and focus.  I have also written about categorizing security measures to defeat attackers with a given level of skill or focus.  Both of these posts tie in closely with (and were early attempts at) a topic that I want to explore more fully in coming months: threat modeling.  Threat modeling is the examination of two things as they relate to each other: an adversary and a security measure.  The effectiveness of the security measure is weighed against the skill and capabilities, focus, and time available to the attacker.  Threat modeling allows you to understand what you “look like” to your opposition, understand his or her capabilities, and select effective mitigations. Continue reading “Threat Modeling: An Introduction”

Moving Forward into 2016

Those of you who follow this blog have doubtlessly noticed that I haven’t posted anything here since mid-December.  My absence has been for good cause, however.  As I’m sure you’ve noticed the main site has undergone a serious reboot with the blog to follow suit shortly.  This has consumed a serious amount of my time around the holidays.  There are several other exciting projects that are also underway that are keeping me busy.  Below is a quick rundown of what to expect in the coming year:


There are three changes coming to the blog.  Most superficially, and as mentioned above, the look of the blog will be changing sometime this month to mirror the look and feel of the main site.  Next, and perhaps most importantly the blog will also be encrypted with https by the end of this month (like the main site currently is).  Finally, I intend to post longer-form articles here in the coming year and as a result may post as infrequently as once every two to three weeks.

Complete Privacy and Security Desk Reference: Volume 1 (Digital)

I spent a couple of weeks with Michael Bazzell last month working on our upcoming joint work.  We made excellent progress but due to legal review and some other unforeseen issues this work will likely not be available until late March.  Rest assured we are working hard to get this book into your hands as quickly as possible.  You may also notice the title has changed since my last post about this work to include “Volume I (Digital)”.  This is because we had such a large raft of content this work will be broken into at least three volumes.

Pageflex Persona [document: PRS0000424_00033]

Your Ultimate Security Guide: Android

Work has officially commenced on Your Ultimate Security Guide: Android.  This work will follow the same format as my previous two works and teach you how to thoroughly secure your Android handset and the communications that occur on it.  Your Ultimate Security Guide: Android will be available in March 2016.


I have create a Twitter account: @secguide.  You can follow me there to see when new blog posts are available and checksums are updated.