Paul Walsh
@paulwalsh.bsky.social
Most top security firms license my patents for mobile app security. Pioneered zero trust for anti-phishing. Helped to launch @AIM @MetaCert Founder. Co-invented the concept of labeling user accounts on the web at the W3C in 2004. Expert in SMS security.
Reposted by Paul Walsh
This article @forbes.com has now been updated with an interesting counterpoint from @paulwalsh.bsky.social.
#Infosec
www.forbes.com/sites/daveyw...
#Infosec
www.forbes.com/sites/daveyw...
Password Hack Warning As New Threat Jumps From Your Laptop To Phone
As if by magic, this password hack jumps from your laptop to your smartphone — but it's you who waves the wand.
www.forbes.com
July 22, 2025 at 12:47 PM
This article @forbes.com has now been updated with an interesting counterpoint from @paulwalsh.bsky.social.
#Infosec
www.forbes.com/sites/daveyw...
#Infosec
www.forbes.com/sites/daveyw...
I haven’t signed into this site for quite some time - is it worth it?
elmo from sesame street says " worth a shot "
ALT: elmo from sesame street says " worth a shot "
media.tenor.com
July 4, 2025 at 10:44 PM
I haven’t signed into this site for quite some time - is it worth it?
Most phishing links aren’t flagged as dangerous because they’ve never been seen before.
We don’t need more, or better awareness. We need better systems to protect people.
Here’s how MetaCert stops phishing without the need to train people:
🔗 www.linkedin.com/pulse/phishi...
We don’t need more, or better awareness. We need better systems to protect people.
Here’s how MetaCert stops phishing without the need to train people:
🔗 www.linkedin.com/pulse/phishi...
Phishing isn’t a human problem. It’s a failure of the systems meant to protect us.
Would you trust the SMS link above? Look closely. The honest answer is, you can’t know without opening it.
www.linkedin.com
May 22, 2025 at 11:47 AM
Most phishing links aren’t flagged as dangerous because they’ve never been seen before.
We don’t need more, or better awareness. We need better systems to protect people.
Here’s how MetaCert stops phishing without the need to train people:
🔗 www.linkedin.com/pulse/phishi...
We don’t need more, or better awareness. We need better systems to protect people.
Here’s how MetaCert stops phishing without the need to train people:
🔗 www.linkedin.com/pulse/phishi...
In addition to the good detail contained in this article, do NOT trust any person who calls you, even if it comes from a legitimate number because they’re easy to spoof.
By me @forbes.com: Don’t lose your Gmail account trying to save your Gmail account.
#infosec
peace out. goodnight hackers. I'm gone.
www.forbes.com/sites/daveyw...
#infosec
peace out. goodnight hackers. I'm gone.
www.forbes.com/sites/daveyw...
New Gmail 2FA Code Attack Alert — Don’t Lose Your Account Access
Don’t lose your Gmail account trying to save your Gmail account — what you need to know.
www.forbes.com
May 7, 2025 at 3:04 PM
In addition to the good detail contained in this article, do NOT trust any person who calls you, even if it comes from a legitimate number because they’re easy to spoof.
MetaCert has built a new solution that helps banks protect their brand, reduce liability, and stop this type of fraud before it happens — using tech that wasn’t possible until now. Hoping to see it adopted in Ireland soon. @bankofireland @AIBIreland ☘🔐
www.rsvplive.ie/news/irish-n...
www.rsvplive.ie/news/irish-n...
Bank of Ireland warns customers of spike in new scam to steal personal information
The bank have warned their customers that there's a new scam doing the rounds in which fraudsters will send texts urging people to call phone numbers, where they will attempt to steal financial inform...
www.rsvplive.ie
May 6, 2025 at 10:18 AM
MetaCert has built a new solution that helps banks protect their brand, reduce liability, and stop this type of fraud before it happens — using tech that wasn’t possible until now. Hoping to see it adopted in Ireland soon. @bankofireland @AIBIreland ☘🔐
www.rsvplive.ie/news/irish-n...
www.rsvplive.ie/news/irish-n...
My open letter to the security industry — and MetaCert’s U.S. SMS security test report — is featured in this Forbes article.
Huge thanks to @happygeek for giving the underdog a voice. The best solution means nothing if no one hears about it.
www.forbes.com/sites/daveyw...
Huge thanks to @happygeek for giving the underdog a voice. The best solution means nothing if no one hears about it.
www.forbes.com/sites/daveyw...
Confirmed — 19 Billion Compromised Passwords Published Online
You must take action now, as security experts confirm 19 billion compromised passwords available to cybercriminals for use in account hacking attacks.
www.forbes.com
May 6, 2025 at 8:18 AM
My open letter to the security industry — and MetaCert’s U.S. SMS security test report — is featured in this Forbes article.
Huge thanks to @happygeek for giving the underdog a voice. The best solution means nothing if no one hears about it.
www.forbes.com/sites/daveyw...
Huge thanks to @happygeek for giving the underdog a voice. The best solution means nothing if no one hears about it.
www.forbes.com/sites/daveyw...
I just wrote this: "Zero Trust Is Broken at the URL — And That’s Where Most Attacks Begin (Phishing)"
www.linkedin.com/pulse/zero-t...
paul-walsh.medium.com/zero-trust-i...
Lots of people are talking about Zero Trust at #RSAC2025 but not one person has mentioned zero trust for URLs. 🙄
www.linkedin.com/pulse/zero-t...
paul-walsh.medium.com/zero-trust-i...
Lots of people are talking about Zero Trust at #RSAC2025 but not one person has mentioned zero trust for URLs. 🙄
April 29, 2025 at 12:45 PM
I just wrote this: "Zero Trust Is Broken at the URL — And That’s Where Most Attacks Begin (Phishing)"
www.linkedin.com/pulse/zero-t...
paul-walsh.medium.com/zero-trust-i...
Lots of people are talking about Zero Trust at #RSAC2025 but not one person has mentioned zero trust for URLs. 🙄
www.linkedin.com/pulse/zero-t...
paul-walsh.medium.com/zero-trust-i...
Lots of people are talking about Zero Trust at #RSAC2025 but not one person has mentioned zero trust for URLs. 🙄
🎓 Are you brave enough to give it a go? What’s the right answer?
Even the most skilled & experienced security pros fail my tests 99% of the time — so there’s no need to feel afraid or embarrassed. Feel free to share it too — the more awareness, the better
I don’t get much engagement on here so...
Even the most skilled & experienced security pros fail my tests 99% of the time — so there’s no need to feel afraid or embarrassed. Feel free to share it too — the more awareness, the better
I don’t get much engagement on here so...
April 25, 2025 at 12:20 PM
🎓 Are you brave enough to give it a go? What’s the right answer?
Even the most skilled & experienced security pros fail my tests 99% of the time — so there’s no need to feel afraid or embarrassed. Feel free to share it too — the more awareness, the better
I don’t get much engagement on here so...
Even the most skilled & experienced security pros fail my tests 99% of the time — so there’s no need to feel afraid or embarrassed. Feel free to share it too — the more awareness, the better
I don’t get much engagement on here so...
I just received this SMS scam. This one’s from a lazy attacker — strange ID, sloppy text. But don’t let it fool you into thinking they’re all this obvious. Many are highly convincing and look exactly like the real messages you’re expecting — from deliveries to security alerts.
April 23, 2025 at 4:59 PM
I just received this SMS scam. This one’s from a lazy attacker — strange ID, sloppy text. But don’t let it fool you into thinking they’re all this obvious. Many are highly convincing and look exactly like the real messages you’re expecting — from deliveries to security alerts.
I just wrote this:
www.linkedin.com/pulse/lie-we...
www.linkedin.com/pulse/lie-we...
The Lie We’ve Been Sold: Why Security Has Never Stopped Phishing — and Won’t Start with SMS
Phishing Isn’t New — It Just Keeps Changing Channels In the 1990s, I worked at AOL during the early days of the internet, when phishing first emerged in chat rooms, email, and instant messages. I didn...
www.linkedin.com
April 22, 2025 at 6:44 PM
I just wrote this:
www.linkedin.com/pulse/lie-we...
www.linkedin.com/pulse/lie-we...
💡 Just dropped: how I turned ChatGPT into my expert collaborator — not just a generic assistant.
Includes the exact prompt I use + how to apply it across product, sales, hiring, comms, and more.
www.linkedin.com/pulse/how-tr...
Includes the exact prompt I use + how to apply it across product, sales, hiring, comms, and more.
www.linkedin.com/pulse/how-tr...
How to Train ChatGPT to Think Like You — And Use It as a Strategic Collaborator
For Anyone Using ChatGPT at Work: This Is How to Take It to the Next Level If you’re already using ChatGPT at work — for writing, planning, or creative thinking — but want more consistent, higher-qual...
www.linkedin.com
April 14, 2025 at 11:32 AM
💡 Just dropped: how I turned ChatGPT into my expert collaborator — not just a generic assistant.
Includes the exact prompt I use + how to apply it across product, sales, hiring, comms, and more.
www.linkedin.com/pulse/how-tr...
Includes the exact prompt I use + how to apply it across product, sales, hiring, comms, and more.
www.linkedin.com/pulse/how-tr...
SMS phishing isn’t clever — just easy
Criminals test fake messages on their own SIMs
If the link gets through, they send it to you
If it doesn’t, they swap it until it does
This is why traditional security fails
Only trusted link authentication stops smishing before it starts.
Criminals test fake messages on their own SIMs
If the link gets through, they send it to you
If it doesn’t, they swap it until it does
This is why traditional security fails
Only trusted link authentication stops smishing before it starts.
April 10, 2025 at 11:47 PM
SMS phishing isn’t clever — just easy
Criminals test fake messages on their own SIMs
If the link gets through, they send it to you
If it doesn’t, they swap it until it does
This is why traditional security fails
Only trusted link authentication stops smishing before it starts.
Criminals test fake messages on their own SIMs
If the link gets through, they send it to you
If it doesn’t, they swap it until it does
This is why traditional security fails
Only trusted link authentication stops smishing before it starts.
Already sparked a few great conversations from my LinkedIn post. It wasn’t a call for work — just holding myself accountable by not procrastinating. 🤓
www.linkedin.com/posts/paulwa...
www.linkedin.com/posts/paulwa...
#hashtag | Paul Walsh
Making myself available — selectively — for board seats and advisory roles for the first time in a while. I’m particularly interested in tech companies and digital agencies where I can add strategic v...
www.linkedin.com
April 9, 2025 at 11:42 PM
Already sparked a few great conversations from my LinkedIn post. It wasn’t a call for work — just holding myself accountable by not procrastinating. 🤓
www.linkedin.com/posts/paulwa...
www.linkedin.com/posts/paulwa...
OpenAI now holds detailed insight into people’s jobs and interests — all exchanged for a bit of entertainment. 🤓
April 9, 2025 at 3:22 PM
OpenAI now holds detailed insight into people’s jobs and interests — all exchanged for a bit of entertainment. 🤓
If you know anyone at banks or payment providers in Ireland, I’d appreciate an intro. I’m in touch with the Banking Federation but keen to connect with more of the right people — hoping Ireland can lead the way in stopping SMS fraud.
April 3, 2025 at 11:42 AM
If you know anyone at banks or payment providers in Ireland, I’d appreciate an intro. I’m in touch with the Banking Federation but keen to connect with more of the right people — hoping Ireland can lead the way in stopping SMS fraud.
Thank you, ChatGPT. I made several edits, but the AI handled most of the heavy lifting.
MetaCert has developed a short code specifically for Ireland, where current privacy regulations prevent mobile operators from implementing network-based anti-phishing security.
MetaCert has developed a short code specifically for Ireland, where current privacy regulations prevent mobile operators from implementing network-based anti-phishing security.
April 2, 2025 at 3:41 PM
Thank you, ChatGPT. I made several edits, but the AI handled most of the heavy lifting.
MetaCert has developed a short code specifically for Ireland, where current privacy regulations prevent mobile operators from implementing network-based anti-phishing security.
MetaCert has developed a short code specifically for Ireland, where current privacy regulations prevent mobile operators from implementing network-based anti-phishing security.
LinkedIn engagement has fallen off a cliff since the start of 2025. I’m not sure what they changed, but it’s obvious something’s different. If I wasn’t writing for a handful of very specific people, I’d have stopped posting altogether. And it’s even worse on here. Not a single engagement.
April 2, 2025 at 11:55 AM
LinkedIn engagement has fallen off a cliff since the start of 2025. I’m not sure what they changed, but it’s obvious something’s different. If I wasn’t writing for a handful of very specific people, I’d have stopped posting altogether. And it’s even worse on here. Not a single engagement.
I just wrote this: The security industry widely acknowledges smishing as one of today’s most serious cybersecurity threats. So why is it that no legacy vendor offers a network-based solution for mobile operators to protect...
LinkedIn: t.co/XpVg2498Cw
Medium: paul-walsh.medium.com/from-aol-ins...
LinkedIn: t.co/XpVg2498Cw
Medium: paul-walsh.medium.com/from-aol-ins...
April 2, 2025 at 9:59 AM
I just wrote this: The security industry widely acknowledges smishing as one of today’s most serious cybersecurity threats. So why is it that no legacy vendor offers a network-based solution for mobile operators to protect...
LinkedIn: t.co/XpVg2498Cw
Medium: paul-walsh.medium.com/from-aol-ins...
LinkedIn: t.co/XpVg2498Cw
Medium: paul-walsh.medium.com/from-aol-ins...
I made this emoji using ChatGPT — with a transparent background!
It’s wild how fast this is evolving. Tools like this won’t replace great designers — but they will wipe out tedious work and make everyday tasks way faster and easier.
It’s wild how fast this is evolving. Tools like this won’t replace great designers — but they will wipe out tedious work and make everyday tasks way faster and easier.
April 1, 2025 at 1:35 PM
I made this emoji using ChatGPT — with a transparent background!
It’s wild how fast this is evolving. Tools like this won’t replace great designers — but they will wipe out tedious work and make everyday tasks way faster and easier.
It’s wild how fast this is evolving. Tools like this won’t replace great designers — but they will wipe out tedious work and make everyday tasks way faster and easier.
Troy Hunt has spent his career teaching people how phishing works and how to avoid it. He knows the tactics, he understands the risks — and he still got caught.
LinkedIn: www.linkedin.com/pulse/troy-h...
Medium: paul-walsh.medium.com/troy-hunt-fe...
LinkedIn: www.linkedin.com/pulse/troy-h...
Medium: paul-walsh.medium.com/troy-hunt-fe...
Troy Hunt Fell for a Phishing Attack — Here’s Why That Should Scare Everyone
Troy Hunt — one of the world’s most respected security professionals and founder of Have I Been Pwned — just admitted to falling for a…
paul-walsh.medium.com
March 27, 2025 at 1:31 PM
Troy Hunt has spent his career teaching people how phishing works and how to avoid it. He knows the tactics, he understands the risks — and he still got caught.
LinkedIn: www.linkedin.com/pulse/troy-h...
Medium: paul-walsh.medium.com/troy-hunt-fe...
LinkedIn: www.linkedin.com/pulse/troy-h...
Medium: paul-walsh.medium.com/troy-hunt-fe...
Google is flagging MetaCert’s anti-phishing emails as ‘dangerous’ — the same emails that highlight Google’s failure to detect phishing apps on Google Play. Ironic, but not even slightly funny.
😤
@gmail
😤
@gmail
March 26, 2025 at 3:08 PM
Google is flagging MetaCert’s anti-phishing emails as ‘dangerous’ — the same emails that highlight Google’s failure to detect phishing apps on Google Play. Ironic, but not even slightly funny.
😤
@gmail
😤
@gmail
“A World Without ADHD and Dyslexia"
I just wrote this for Neurodiversity Celebration Week.
#NeurodiversityCelebrationWeek #NeurodiversityWeek #NCW #ThisIsND #ADHD #Dyslexia
cc @NCWeek
LinkedIn: www.linkedin.com/pulse/world-...
Medium: paul-walsh.medium.com/a-world-with...
I just wrote this for Neurodiversity Celebration Week.
#NeurodiversityCelebrationWeek #NeurodiversityWeek #NCW #ThisIsND #ADHD #Dyslexia
cc @NCWeek
LinkedIn: www.linkedin.com/pulse/world-...
Medium: paul-walsh.medium.com/a-world-with...
March 20, 2025 at 2:41 PM
“A World Without ADHD and Dyslexia"
I just wrote this for Neurodiversity Celebration Week.
#NeurodiversityCelebrationWeek #NeurodiversityWeek #NCW #ThisIsND #ADHD #Dyslexia
cc @NCWeek
LinkedIn: www.linkedin.com/pulse/world-...
Medium: paul-walsh.medium.com/a-world-with...
I just wrote this for Neurodiversity Celebration Week.
#NeurodiversityCelebrationWeek #NeurodiversityWeek #NCW #ThisIsND #ADHD #Dyslexia
cc @NCWeek
LinkedIn: www.linkedin.com/pulse/world-...
Medium: paul-walsh.medium.com/a-world-with...
It’s 2025, and the security industry still hasn’t solved phishing. It’s time for a new approach - it’s time for Zero Trust for URLs.
Assume every site, login page, app, API, user account, and AI chatbot is dangerous unless explicitly verified as legitimate.
www.securityweek.com/300-maliciou...
Assume every site, login page, app, API, user account, and AI chatbot is dangerous unless explicitly verified as legitimate.
www.securityweek.com/300-maliciou...
300 Malicious 'Vapor' Apps Hosted on Google Play Had 60 Million Downloads
300 malicious applications displaying intrusive full-screen interstitial video ads amassed more than 60 million downloads on Google Play.
www.securityweek.com
March 20, 2025 at 12:30 PM
It’s 2025, and the security industry still hasn’t solved phishing. It’s time for a new approach - it’s time for Zero Trust for URLs.
Assume every site, login page, app, API, user account, and AI chatbot is dangerous unless explicitly verified as legitimate.
www.securityweek.com/300-maliciou...
Assume every site, login page, app, API, user account, and AI chatbot is dangerous unless explicitly verified as legitimate.
www.securityweek.com/300-maliciou...
35% of entrepreneurs have dyslexia, 40% of self-made millionaires have ADHD. 30% - 40% have both. Yet, most investors & corporate execs don’t fully understand how they think or communicate.
I’m writing a book to explain why neurodivergent founders thrive and where they struggle.
I’m writing a book to explain why neurodivergent founders thrive and where they struggle.
March 19, 2025 at 11:26 PM
35% of entrepreneurs have dyslexia, 40% of self-made millionaires have ADHD. 30% - 40% have both. Yet, most investors & corporate execs don’t fully understand how they think or communicate.
I’m writing a book to explain why neurodivergent founders thrive and where they struggle.
I’m writing a book to explain why neurodivergent founders thrive and where they struggle.