Archive

Archive

Every post on cje.io — the full #thoughtops corpus in one place.

244 posts
Slopdemic, Not Vulnpocalypse (Yet) Security My Clanker Setup Building AI Didn't Break Vulnerability Disclosure. It Exposed What Was Already Broken. Security The Hitchhiker's Guide to Vulnerability Disclosure in 2026 Thinking Coordinated, Until It Isn't Policy Thoughts on the #slopdemic Security Continued Monitoring of the Situation Personal The top five turtles in a stack of 50 Thinking Cryptographically enforced disclosure Thinking Peacetime cyber versus wartime cyber Security "Monitoring the Situation" - The Internet of Birbs Personal AI isn't the problem — asymmetry is Security Mythos feels a lot like Snowden Security Security-focussed test/fix is basically “sparkling QA” Hot Takes Spicy Takes from my Aikido Security Podcast Security We don't have a slop problem. Thinking Build the tooling. Don't be the tooling. Thinking Offense Scales with Compute. Defense Scales with Committees. Security The Compliance Reckoning Thinking Bug Bounties in the Age of AI Security The FCC Just Banned Every Foreign-Made Router Security The White House AI Framework: What It Says, What It Doesn't, and Why the Gaps Matter More Policy Vulnerability economics Security No More Free-ish Bugs Policy Next things... Building Bugcrowd 2013 to 2025 — People and Places Building For the Love of the Game: DistrictCon's Year 1 Junkyard Security 2026 security predictions Thinking 2025 security predictions retrospective Thinking First Principles: Bad guys are humans, they're creative and driven, and they don't quit. Thinking Hacker Summer Camp 2025 — People, Places, and Things Personal Founders Helping Founders: When Known Vulnerabilities are Life or Death Thinking Peace-time Cyber vs War-time Cyber Thinking What You Give Away Might Be Worth More Than What You Keep Building If a tech solution falls in the forest... Building What the Netflix ‘Zero Day’ series got right about incident response Security Bug Bounties, The Wanted Poster For Ethical Hackers — Future Secured Episode 35 Security The Original Bug Bounty: Alfred Hobbs and the Great Lock Controversy of 1851 Security NEBULA:FOG:PRIME – AI x Security Panel Discussion Security A few security predictions for 2025 Security Some thoughts about Typhoons Security You're Soaking In It: Systemic Cyber Struggles Security Little update: “Rumors of my death have been greatly exaggerated” Personal Builders and Breakers: Partnering for Secure Elections Policy Bugs on a Plane: Implementing a Bug Bounty in an Airline IT/OT Environment Security AI security: Tool, Target, Threat Teach My office setup — Part 3 (US edition) Personal DEF CON 31 Policy — All Your Vulns Are Belong to Terms and Conditions Policy The RSnake Show! Security My #hackersummercamp 2023 moves Building KEYNOTE: Release the Hounds, Part 2 Thinking Bugcrowd: 10 Years On, and Still Just Getting Started Building #HSC2022 in Pics Building Where the bloody hell were you — The Great 2020 COVID Bug-In Security 9 Must-See Talks at #hackersummercamp 2022 Security Digital and Personal Self-Care at #hackersummersamp — "New Normalish" Edition Security Two-thirds of ethical hackers considering bug bounty hunting as a full-time career Security [TRANSCRIPT] Threats that may have gone unnoticed by organizations during the pandemic Security [TRANSCRIPT] Threat hunting in the age of work-from-home Security IT Visionaries Podcast with Malcolm Harkness Security The Bar Fight Risk Taxonomy Security My "office" setup — Part 2 Building Bugcrowd at AusCERT2021 Building The iOS FaceTime vulnerability: What it means and what you can do to protect yourself Policy How Governments are Running Effective Bug Bounty Programs Policy On disclosure, confidentiality, and norms… Building Election Security 2020: Don’t Let Disinformation Undermine Your Right to Vote Policy Titan Talks — Ep 2 — Casey John Ellis with @thecybermentor Building On Project Zero's 90+30 vulnerability disclosure policy changes Security Security Research and Disclosure: The Unauthorized Biography — Nullcon March 2021 Security My "office" setup Personal NIST: Vulnerability Disclosure as a Requirement for Every Organization Policy Responsible Disclosure Programs with Katie Moussouris & Casey Ellis | 401 Access Denied Ep. 22 Policy Establishing asset ownership in vulnerability reporting Policy Modes of Public Vulnerability Disclosure Policy A thought re vulnerability research clustering Security Help! My Social Media has been hacked! Security Outrage is cheap Personal 2020 Lernings for Make Benefit Glorious Year of 2021 Personal Van Buren v. United States — Oral Argument Security DEF CON endorsed by POTUS! Policy Krebs Has A Posse Security How the Pandemic is Reshaping the Bug Bounty Landscape Building The Third-Quarter Personal VentureBeat: How ethical hackers are trying to protect the 2020 U.S. elections Policy Data is the new oil: Breach edition Thinking Cyber Talk Episode 14 w/ Pratik Dabhi Building Vulnerability annihilation since 1851 Security Iowa launches vulnerability disclosure program for election-related sites Policy Information Asymmetry and the 1950s Nuclear Bounty Security Are you making a Walkman? Or an iPod? Security NIST SP 800-53 R5 adds Vulnerability Disclosure Programs Building Quick note for mentees Personal 4 Questions for Leaders Personal Techcrunch: Use ‘productive paranoia’ to build cybersecurity culture at your startup Building The Nth Country Experiment and Coincident Vulnerability Discovery Security Group Letter re IoT Cybersecurity Improvement Act (H.R. 1668) Policy Public Comment from Casey Ellis, Bugcrowd re DRAFT BOD 20-01 Building Forbes: Accelerating secure software development Security NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls Policy DEF CON Black Hat 2020: Top 10 Tips Security Help! I've found a vulnerability. What now? Policy Disclose.io, VDP, Hackers, and voting Policy WTF is happening on tcp:0? 2020 edition — Update 1 Security WTF is going on with TCP:0? Security WTF is happening on tcp:0? 2020 edition Building A few good cybersecurity companies Security On not being not-racist Personal First principles Building Priority One: Insights into Submission and Payment Trends Security To err is human — Kerckhoffs' Principle in Software Transparency Security Hacking styles Security A message to folks providing "free testing" at the moment Security COVID-19/Coronavirus — What are the bad guys up to? Security Changes Security The importance of delivering well Security On #stopthespread and school closures Security Tools for the WFH apocalypse Security My moves for #rsac2020 & #bsidessf week Building Hacking Democracy On Securing an Election (Shmoocon 2020) Policy Unity Building Treasure Personal Founder motivations Building The character of the kingdom Personal Crowdsourcing physics Policy Just decade things... Personal The Future is Now: 2020 Cybersecurity Predictions Security The future is now: 2020 cybersecurity predictions Security What's your 20/20? leadership Vulnerability value modifiers Security Upcoming talks Security My DEF CON/Vegas moves Practical prepping for Hacker Summer Camp Security 7 Years and counting… Security My moves during the RSAC/BSides SF circus Security Managing smart device risk: A "how-to" for the average human. Security Firing your clients Building Bricks and Pyramids Thinking Mastering the mundane Thinking Happy 6th Birthday @bugcrowd Making noise Security What's in a name? Defining "hacker" in 2018 Security On insight, responsibility, and ownership leadership Living intentionally leadership Thoughts on the vault7 CIA/Wikileaks disclosures vulnerability-disclosure My cybersecurity predictions for 2017 Security How to disrupt a sleepy incumbent Building Solve 99% of Your Infosec Problems with this One Weird Trick! Security The three levels of input leadership People are awesome... Thinking What a day! (Bugcrowd Series B) Building Pain of staying the same > Pain of change = Change Security On the U.S. Government and bug bounties vulnerability-disclosure Repeat after me — I am not ashamed of sales and marketing! Building Bugcrowd's First Principles Building 3 years, 20,000 Security Researchers & 200 Clients later... Security Becoming CEO leadership On Cogs and Levers (strength in diversity) Building 8,000 Miles + 1 Wife + 2 Kids + 1 Startup = ??? Building Humility (n) Thinking Sales and Marketing — the good, the bad, and the Ugly Building disclose.io — Driving safety, simplicity, and standardization in vulnerability disclosure. vulnerability-disclosure Some Thoughts from pushstart’s Mentor Connect Building iPhone 5 First Impressions Hot Takes Your Idea Sucks Building iPhone 5 First Impressions Hot Takes Bugcrowd — the Premier Crowdsourced Cybersecurity platform. Security Sms Scams – What Can Be done? Security Sms Scams — What Can Be done? Security mysqlcheck.com – in Ur mysql, Checking ur… mysql. Security Why the Smb Is Most at Risk from ms12-010 Security Rdpcheck Checks Your Network for the New Rdp Vulnerability Security Using Viral Landing Pages to Go from 0 to 1500 Leads in 7 Days for $15 Building Auction Sniping 101 Hot Takes The Golden Rule of Avoiding Fraud dontgetpwned Mike Montiero – f*** you. Pay me. Building How to Kill a Startup — an Email I Should Have Sent 2 Years Ago Building Invention Is a flower, Innovation Is a Weed Building Definition of an Entrepreneur Building A Little Less Conversation – the Ascending Close Building The Market for Stolen Credit Card Data Security What Is the Tall Poppy Group Building Is a 3 Year Old All that's Between You and Getting pwned? dontgetpwned What Is a Board Hot Takes Outsourcing — Use a Nom De Plume Building Privacy and Confidentiality — Yours or mine? Policy Back in the Blogosphere Unsubscribe Me Thinking What Have You Planned Tomorrow to Bring Your Idea to life? Building Myths from the Four Hour Work Week Building Idea Validation — a Simple Framework Building integrity leadership Fyi — You Are Probably an Entrepreneur Building What Is Disposable Email and Why Do I Care Policy Credit Card Security — Silo Your Risk Security On LinkedIn and Privacy Policy 3 Questions to Ask Yourself Before You Start Up Building Submit Your Site to 70+ Search Engines Teach Goals for 2011 Building Taking down a plagiarist Building Skype Outage and Lessons on Bcp Building Your Marketing Person Is a Noob Hot Takes The 4 Minute Business Plan Building The Twitter Pitch Building 6 Tips for Getting Paid on Time Building The Return of the Blog Building happiness Thinking Another Quote Thinking Crazy Not Stupid Building Young and Stupid Building The Challenge — Because I Can Building Myths from the 4 Hour Work Week Building What Makes a Good product? Building The work/job/life Balance – an Idea on Enforcing Boundaries Building Outsourcing — When to Remove Yourself from Your Own Life Building Have Idea — Will Work for Equity Building Start something. today. Building Juggling Dual Roles Building Have idea. Will Work for equity. Building Life Is Learning Thinking Outsourcing My Life — Week 1 Building Outsourcing — Thinking Outside the Box Building Bold When Others Are Cautious Building Whatever Your Hand Finds to Do Building Keeping the Lights On leadership Sticking with Plan A Building Picking an Idea Building The Coin in the Mouth of the Fish Hot Takes Just Clearing Something up here... Nicotine Replacement Therapy Thinking More on Skimming in Australia – Now an Official Epidemic Security Skype Controls 12% of All International Calls Building What Are You Really Sharing Security Race Relations — a Bloody Past Hot Takes umm, Excuse me… you’re Sitting on a goldmine. Building Goals for 2010 Thinking Bridging the generation gap leadership The M-word (...and it's friend the S-word) Building Great expectations Thinking Thoughts on time management Building Taming the Hydra – Getting a handle on multiple business opportunities Building Loving what you do Building ...and so Begins the adventure. Building The "Keep Lights On" Plan Thinking Spinning plates — What do i do now? Building