Heeyooo! You have reached the personal blog of Andy Piazza. TURN BACK NOW! I am the Chief Evangelist of phia, LLC and a Cyber Threat Analyst supporting clients throughout the National Capital Region and beyond. I wear a few other hats for the company, but that’s not why you’re here. (See disclaimer footnote about views being my own)
I decided to take on the challenge of writing about professional matters a few years ago on LinkedIn. Since then, I have seen a decline in written article sharing on LinkedIn in favor of video content. That fact, coupled with feedback that navigating to LI articles can be a pain, I decided to launch my articles over here on Medium. So here we are.
Current articles are grouped in what I would call series (not the way Medium uses “Series” unfortunately).
1| A Look at Threat Analysis Best Practices
An Analyst’s Need for a Threat Intelligence Platform
A lot of organizations are rushing out to get Threat Intelligence Platforms (TIPs) for their analysts- and rightfully…
Considerations for Leveraging Cyber Threat Feeds Effectively
My lessons learned and recommendations from multiple threat feed and Threat Intelligence Platform (TIP) assessments.
ATT&CKing Threat Management
It would be really awesome to map out the most common techniques used by threat actors and prioritize those for…
2 | Building Awesome Teams
Developing Team Documentation that Matters
My lessons learned and recommendations from developing process documentation, work instructions, and training material…
Implementing Team Training that Works
So you just read my last article (Developing Team Documentation that Matters), and you’re thinking “cool story bro, but…
3 | Career Stuff n Things
Be Positive Change. Imagine a workforce full of passionate men and women that care about the outcome of each and every…
Career Hacking: Tips and Tricks to Making the Most of your Career
One of the best ways that ensure that you have an amazing career that is filled with challenges, enjoyment, and growth…
I really just plan to write down some of the great things I have seen in my career so that I can remember stuff down the road and hopefully share with others in case it benefits their teams. Some of the things I write about are literally spurred from my soapbox moments (okay, I get a bit ranty!) and others are initiated by someone asking me an opinion on something via email or social media. In those cases, I usually knock out a quick response laying out my thoughts, then those ideas burn a hole in my brain until I explore them a bit more by writing them out in Evernote. Eventually, I clean up those ramblings and call them an article. Anyway, if you ever have thoughts or feedback on my musings, feel free to ping me on LinkedIn or Twitter. Happy to discuss.
I have a Master’s in Intelligence Studies from American Military University, and I am currently enrolled in the SANS Master of Science in Information Security Engineering (MSISE). I highly recommend the program to anyone that wants to get a Master’s and technical experience at the same time. Here’s an article I wrote about SANS courses and prepping for GIAC tests:
My Take on SANS Courses and GIAC Prep
I've been slacking on my writing here, but I guess that's what happens when you take on a Master's program. Speaking…
I also wrote two papers that are published by SANS.
SANS Institute: Reading Room — Threat Intelligence
Featuring 15 Papers as of May 20, 2020 Quantifying Threat Actor Assessments STI Graduate Student Research by Andy…
SANS Institute: Reading Room — Threat Intelligence
Featuring 15 Papers as of May 20, 2020 ATT&CKing Threat Management: A Structured Methodology for Cyber Threat Analysis…
Previous Articles from LinkedIn
(Note I may update and adapt these articles on Medium, so stay tuned!)
Thoughts on Metrics
Alright let's talk about metrics. I am a data nerd and this is a topic near and dear to my heart.
Embrace the Suck
"Embrace the suck" is a saying that is ingrained in the modern military. Its roots likely go back to the first time a…
Fallacies in Cyber Capabilities
Author Note: I originally posted a thread talking about how I think we have a "capabilities bias" in cyber. In reality…
I had the amazing opportunity to discuss my SANS research paper on the SANS ISC podcast.
SANS ISC Stormcast: Daily Network Security News Summary; Cyber Security Podcast
SANS Daily Network Security Podcast (Stormcast) for Wednesday, June 10th 2020
I once Tweeted out that I received a breach memo from DISA. I tried to make a joke about having to “catch them all”, but that sorta backfired… apparently my Tweet was one of the first public glimpses of the breach and it was picked up by way too many news sites. And to be clear, this is the first memo I can remember getting from DISA. The “catch them all” reference was a joke about getting the OPM, Equifax, and other major breach notification letters.
Pentagon communications hub reports likely data breach
The agency of the U.S. military that oversees information technology and communications has suffered a potential breach…
Data Breach Occurs at Agency in Charge of Secure White House Communications
A leak at the Defense Information Systems Agency exposed personal information of government employees, including social…
I am quoted in THE WALL STREET JOURNAL (okay it has nothing to do with my professional life, but its still pretty awesome and funny).
How to Get Die-Hard Meat Eaters to Try Impossible Burgers: Trick Them
How do you get die-hard meat eaters to try a plant-based burger? You trick them. The rise of meatless meat is inspiring…
I am the Director of Operations for BSidesNoVA, so if you see me around the event, please stop my frantic running around and say “hi”. I always move fast during the event, its okay to stop me, most of the time.
Northern VA Security Conference — Northern VA Security Conference
BSides NoVA is an Information Security un-conference. It’s a 100% volunteer organized event, put on by and for the…
I also volunteer at an amazing program for teens called The Landing. If you have teenagers in Northern Virginia, I recommend you check us out at
Andy Piazza — Chief Evangelist — phia, LLC | LinkedIn
View Andy Piazza’s profile on LinkedIn, the world’s largest professional community. Andy has 10 jobs listed on their…
Andy Piazza (@klrgrz) | Twitter
The latest Tweets from Andy Piazza (@klrgrz). Just a killer grizzly bear with a keyboard. I do some cool stuff n things…
My affiliation with phia LLC is provided for identification purposes only and is not intended to convey or imply my company leadership’s concurrence with, or support for any opinions or viewpoints expressed by any of my articles. The thoughts and ramblings of these articles are purely my own.