Archive
Archive
Every post on cje.io — the full #thoughtops corpus in one place.
244 posts
Slopdemic, Not Vulnpocalypse (Yet)
Security
My Clanker Setup
Building
AI Didn't Break Vulnerability Disclosure. It Exposed What Was Already Broken.
Security
The Hitchhiker's Guide to Vulnerability Disclosure in 2026
Thinking
Coordinated, Until It Isn't
Policy
Thoughts on the #slopdemic
Security
Continued Monitoring of the Situation
Personal
The top five turtles in a stack of 50
Thinking
Cryptographically enforced disclosure
Thinking
Peacetime cyber versus wartime cyber
Security
"Monitoring the Situation" - The Internet of Birbs
Personal
AI isn't the problem — asymmetry is
Security
Mythos feels a lot like Snowden
Security
Security-focussed test/fix is basically “sparkling QA”
Hot Takes
Spicy Takes from my Aikido Security Podcast
Security
We don't have a slop problem.
Thinking
Build the tooling. Don't be the tooling.
Thinking
Offense Scales with Compute. Defense Scales with Committees.
Security
The Compliance Reckoning
Thinking
Bug Bounties in the Age of AI
Security
The FCC Just Banned Every Foreign-Made Router
Security
The White House AI Framework: What It Says, What It Doesn't, and Why the Gaps Matter More
Policy
Vulnerability economics
Security
No More Free-ish Bugs
Policy
Next things...
Building
Bugcrowd 2013 to 2025 — People and Places
Building
For the Love of the Game: DistrictCon's Year 1 Junkyard
Security
2026 security predictions
Thinking
2025 security predictions retrospective
Thinking
First Principles: Bad guys are humans, they're creative and driven, and they don't quit.
Thinking
Hacker Summer Camp 2025 — People, Places, and Things
Personal
Founders Helping Founders: When Known Vulnerabilities are Life or Death
Thinking
Peace-time Cyber vs War-time Cyber
Thinking
What You Give Away Might Be Worth More Than What You Keep
Building
If a tech solution falls in the forest...
Building
What the Netflix ‘Zero Day’ series got right about incident response
Security
Bug Bounties, The Wanted Poster For Ethical Hackers — Future Secured Episode 35
Security
The Original Bug Bounty: Alfred Hobbs and the Great Lock Controversy of 1851
Security
NEBULA:FOG:PRIME – AI x Security Panel Discussion
Security
A few security predictions for 2025
Security
Some thoughts about Typhoons
Security
You're Soaking In It: Systemic Cyber Struggles
Security
Little update: “Rumors of my death have been greatly exaggerated”
Personal
Builders and Breakers: Partnering for Secure Elections
Policy
Bugs on a Plane: Implementing a Bug Bounty in an Airline IT/OT Environment
Security
AI security: Tool, Target, Threat
Teach
My office setup — Part 3 (US edition)
Personal
DEF CON 31 Policy — All Your Vulns Are Belong to Terms and Conditions
Policy
The RSnake Show!
Security
My #hackersummercamp 2023 moves
Building
KEYNOTE: Release the Hounds, Part 2
Thinking
Bugcrowd: 10 Years On, and Still Just Getting Started
Building
#HSC2022 in Pics
Building
Where the bloody hell were you — The Great 2020 COVID Bug-In
Security
9 Must-See Talks at #hackersummercamp 2022
Security
Digital and Personal Self-Care at #hackersummersamp — "New Normalish" Edition
Security
Two-thirds of ethical hackers considering bug bounty hunting as a full-time career
Security
[TRANSCRIPT] Threats that may have gone unnoticed by organizations during the pandemic
Security
[TRANSCRIPT] Threat hunting in the age of work-from-home
Security
IT Visionaries Podcast with Malcolm Harkness
Security
The Bar Fight Risk Taxonomy
Security
My "office" setup — Part 2
Building
Bugcrowd at AusCERT2021
Building
The iOS FaceTime vulnerability: What it means and what you can do to protect yourself
Policy
How Governments are Running Effective Bug Bounty Programs
Policy
On disclosure, confidentiality, and norms…
Building
Election Security 2020: Don’t Let Disinformation Undermine Your Right to Vote
Policy
Titan Talks — Ep 2 — Casey John Ellis with @thecybermentor
Building
On Project Zero's 90+30 vulnerability disclosure policy changes
Security
Security Research and Disclosure: The Unauthorized Biography — Nullcon March 2021
Security
My "office" setup
Personal
NIST: Vulnerability Disclosure as a Requirement for Every Organization
Policy
Responsible Disclosure Programs with Katie Moussouris & Casey Ellis | 401 Access Denied Ep. 22
Policy
Establishing asset ownership in vulnerability reporting
Policy
Modes of Public Vulnerability Disclosure
Policy
A thought re vulnerability research clustering
Security
Help! My Social Media has been hacked!
Security
Outrage is cheap
Personal
2020 Lernings for Make Benefit Glorious Year of 2021
Personal
Van Buren v. United States — Oral Argument
Security
DEF CON endorsed by POTUS!
Policy
Krebs Has A Posse
Security
How the Pandemic is Reshaping the Bug Bounty Landscape
Building
The Third-Quarter
Personal
VentureBeat: How ethical hackers are trying to protect the 2020 U.S. elections
Policy
Data is the new oil: Breach edition
Thinking
Cyber Talk Episode 14 w/ Pratik Dabhi
Building
Vulnerability annihilation since 1851
Security
Iowa launches vulnerability disclosure program for election-related sites
Policy
Information Asymmetry and the 1950s Nuclear Bounty
Security
Are you making a Walkman? Or an iPod?
Security
NIST SP 800-53 R5 adds Vulnerability Disclosure Programs
Building
Quick note for mentees
Personal
4 Questions for Leaders
Personal
Techcrunch: Use ‘productive paranoia’ to build cybersecurity culture at your startup
Building
The Nth Country Experiment and Coincident Vulnerability Discovery
Security
Group Letter re IoT Cybersecurity Improvement Act (H.R. 1668)
Policy
Public Comment from Casey Ellis, Bugcrowd re DRAFT BOD 20-01
Building
Forbes: Accelerating secure software development
Security
NIST SP 800-53 R5 adds Vulnerability Disclosure Programs to Federal Security and Privacy Controls
Policy
DEF CON Black Hat 2020: Top 10 Tips
Security
Help! I've found a vulnerability. What now?
Policy
Disclose.io, VDP, Hackers, and voting
Policy
WTF is happening on tcp:0? 2020 edition — Update 1
Security
WTF is going on with TCP:0?
Security
WTF is happening on tcp:0? 2020 edition
Building
A few good cybersecurity companies
Security
On not being not-racist
Personal
First principles
Building
Priority One: Insights into Submission and Payment Trends
Security
To err is human — Kerckhoffs' Principle in Software Transparency
Security
Hacking styles
Security
A message to folks providing "free testing" at the moment
Security
COVID-19/Coronavirus — What are the bad guys up to?
Security
Changes
Security
The importance of delivering well
Security
On #stopthespread and school closures
Security
Tools for the WFH apocalypse
Security
My moves for #rsac2020 & #bsidessf week
Building
Hacking Democracy On Securing an Election (Shmoocon 2020)
Policy
Unity
Building
Treasure
Personal
Founder motivations
Building
The character of the kingdom
Personal
Crowdsourcing physics
Policy
Just decade things...
Personal
The Future is Now: 2020 Cybersecurity Predictions
Security
The future is now: 2020 cybersecurity predictions
Security
What's your 20/20?
leadership
Vulnerability value modifiers
Security
Upcoming talks
Security
My DEF CON/Vegas moves
Practical prepping for Hacker Summer Camp
Security
7 Years and counting…
Security
My moves during the RSAC/BSides SF circus
Security
Managing smart device risk: A "how-to" for the average human.
Security
Firing your clients
Building
Bricks and Pyramids
Thinking
Mastering the mundane
Thinking
Happy 6th Birthday @bugcrowd
Making noise
Security
What's in a name? Defining "hacker" in 2018
Security
On insight, responsibility, and ownership
leadership
Living intentionally
leadership
Thoughts on the vault7 CIA/Wikileaks disclosures
vulnerability-disclosure
My cybersecurity predictions for 2017
Security
How to disrupt a sleepy incumbent
Building
Solve 99% of Your Infosec Problems with this One Weird Trick!
Security
The three levels of input
leadership
People are awesome...
Thinking
What a day! (Bugcrowd Series B)
Building
Pain of staying the same > Pain of change = Change
Security
On the U.S. Government and bug bounties
vulnerability-disclosure
Repeat after me — I am not ashamed of sales and marketing!
Building
Bugcrowd's First Principles
Building
3 years, 20,000 Security Researchers & 200 Clients later...
Security
Becoming CEO
leadership
On Cogs and Levers (strength in diversity)
Building
8,000 Miles + 1 Wife + 2 Kids + 1 Startup = ???
Building
Humility (n)
Thinking
Sales and Marketing — the good, the bad, and the Ugly
Building
disclose.io — Driving safety, simplicity, and standardization in vulnerability disclosure.
vulnerability-disclosure
Some Thoughts from pushstart’s Mentor Connect
Building
iPhone 5 First Impressions
Hot Takes
Your Idea Sucks
Building
iPhone 5 First Impressions
Hot Takes
Bugcrowd — the Premier Crowdsourced Cybersecurity platform.
Security
Sms Scams – What Can Be done?
Security
Sms Scams — What Can Be done?
Security
mysqlcheck.com – in Ur mysql, Checking ur… mysql.
Security
Why the Smb Is Most at Risk from ms12-010
Security
Rdpcheck Checks Your Network for the New Rdp Vulnerability
Security
Using Viral Landing Pages to Go from 0 to 1500 Leads in 7 Days for $15
Building
Auction Sniping 101
Hot Takes
The Golden Rule of Avoiding Fraud
dontgetpwned
Mike Montiero – f*** you. Pay me.
Building
How to Kill a Startup — an Email I Should Have Sent 2 Years Ago
Building
Invention Is a flower, Innovation Is a Weed
Building
Definition of an Entrepreneur
Building
A Little Less Conversation – the Ascending Close
Building
The Market for Stolen Credit Card Data
Security
What Is the Tall Poppy Group
Building
Is a 3 Year Old All that's Between You and Getting pwned?
dontgetpwned
What Is a Board
Hot Takes
Outsourcing — Use a Nom De Plume
Building
Privacy and Confidentiality — Yours or mine?
Policy
Back in the Blogosphere
Unsubscribe Me
Thinking
What Have You Planned Tomorrow to Bring Your Idea to life?
Building
Myths from the Four Hour Work Week
Building
Idea Validation — a Simple Framework
Building
integrity
leadership
Fyi — You Are Probably an Entrepreneur
Building
What Is Disposable Email and Why Do I Care
Policy
Credit Card Security — Silo Your Risk
Security
On LinkedIn and Privacy
Policy
3 Questions to Ask Yourself Before You Start Up
Building
Submit Your Site to 70+ Search Engines
Teach
Goals for 2011
Building
Taking down a plagiarist
Building
Skype Outage and Lessons on Bcp
Building
Your Marketing Person Is a Noob
Hot Takes
The 4 Minute Business Plan
Building
The Twitter Pitch
Building
6 Tips for Getting Paid on Time
Building
The Return of the Blog
Building
happiness
Thinking
Another Quote
Thinking
Crazy Not Stupid
Building
Young and Stupid
Building
The Challenge — Because I Can
Building
Myths from the 4 Hour Work Week
Building
What Makes a Good product?
Building
The work/job/life Balance – an Idea on Enforcing Boundaries
Building
Outsourcing — When to Remove Yourself from Your Own Life
Building
Have Idea — Will Work for Equity
Building
Start something. today.
Building
Juggling Dual Roles
Building
Have idea. Will Work for equity.
Building
Life Is Learning
Thinking
Outsourcing My Life — Week 1
Building
Outsourcing — Thinking Outside the Box
Building
Bold When Others Are Cautious
Building
Whatever Your Hand Finds to Do
Building
Keeping the Lights On
leadership
Sticking with Plan A
Building
Picking an Idea
Building
The Coin in the Mouth of the Fish
Hot Takes
Just Clearing Something up here... Nicotine Replacement Therapy
Thinking
More on Skimming in Australia – Now an Official Epidemic
Security
Skype Controls 12% of All International Calls
Building
What Are You Really Sharing
Security
Race Relations — a Bloody Past
Hot Takes
umm, Excuse me… you’re Sitting on a goldmine.
Building
Goals for 2010
Thinking
Bridging the generation gap
leadership
The M-word (...and it's friend the S-word)
Building
Great expectations
Thinking
Thoughts on time management
Building
Taming the Hydra – Getting a handle on multiple business opportunities
Building
Loving what you do
Building
...and so Begins the adventure.
Building
The "Keep Lights On" Plan
Thinking
Spinning plates — What do i do now?
Building