Upcoming talks
Here’s some of the talks and events I’ll be at over the next few months:
Billington 10th Annual Cybersecurity Summit
September 4-5 2019
Washington DC
Hacker Halted (Keynote)
October 10-11 2019
Georgia, Atlanta
Read more
Mythos feels a lot like Snowden
Mythos feels a lot like Snowden. When Snowden dropped, everyone in the game already knew it was happening — but it was the first time the collective zeitgeist had the thought, and it reshaped how people thought about a lot of things. Same with Mythos and how vulnerable we actually are.
Security-focussed test/fix is basically “sparkling QA”
On a Firefox blog post boasting that Mythos found 270 new bugs and concluding "the defects are finite, and we are entering a world where we can finally find them all": View on X →
Spicy Takes from my Aikido Security Podcast
Nine takes from my RSAC conversation with Mackenzie Jackson on Aikido's Secure Disclosure podcast — on bug bounty, AI slop, hack-back, vibe coding, and why the internet still working is a minor miracle.
We don't have a slop problem.
We don't have a slop problem. We have an inability-to-prioritize problem. When it comes to security — and particularly vulnerability research, but really right across the board — the issue isn't that there's too much noise. It's that we can't figure out