Hacker, founder, advisor, and pioneer of crowdsourced security. Founder of Bugcrowd, co-founder of disclose.io, principal of Tall Poppy Group. Board member at SRLDF.
Security
On this roundtable episode of IT Visionaries, we explore the impact A.I. and technology are having on society and cybersecurity with Casey Ellis, the founder and CTO of Bugcrowd and Malcolm Harkins, a cybersecurity advisor, coach and board member.
Security
After hearing "vulnerability" and "threat" used interchangeably for a >9,000th time I decided to do something about it, and the Bar Fight Risk Taxonomy was born.
Building
This is a follow up from https://cje.io/2021/03/28/my-office-setup which is worth reading first if you haven't yet... Everything in Part 1 is still in play - Part 2 talks through some optimizations and a couple of additions.
Building
AusCERT 2021 was a hybrid conference this year, and one of the first Australian cybersecurity conferences to resume in real life after the onset of the COVID pandemic. I was there representing Bugcrowd across three (!) separate sessions.
Policy
Yesterday news broke that a bug in FaceTime that allows callers to listen to the audio of the person they are calling before that person picks up. Today we learned that it was a high school student in Tucson, Arizona that discovered the bug. Grant Thompson discovered the bug while
Policy
If you’re reading this article, statistically speaking your organization might be getting hacked. In the private sector, the Equifax hack and Intel’s processor vulnerabilities took the mainstream media by storm. And over the past year, data breaches of U.S. government networks, once novel, have become pervasive. Take
Building
A few weeks ago I was tagged by Art Manion of the CERT Coordination Center (CERT/CC) in a tweet asking about Bugcrowd’s approach to disclosure policy defaults. The short version of the thread was concern about a statement in our product documentation that infers that Bugcrowd actively recommends
Policy
A tweet of a voting machine that “looks like” it’s infected by ransomware could be as effective at deterring voter turnout and confidence as the real deal, which is a cost-effective and asymmetric means to manipulate election results.
Building
I've watched Heath's journey as a education and community powerhouse, and more recently as an entrepreneur with tcm-sec with much interest and respect. We covered a lot of ground about entrepreneurship, founder DNA, competition, priorities, and the cybers all around.
Security
Google is acknowledging the increasing prevalence of n-day exploitation in the wild, particularly over the past 18 months (e.g. the CISA/NSA memo) have taken their next step in refining how they strike balance between these forces.
Security
Title: Security Research and Disclosure: The Unauthorized Biography | Casey John Ellis | Nullcon Conference March 2021
Personal
As WFH was going from novel to normal, the thought occurred to me that "virtual semiotics" was quickly going to become a thing... The equivalent of the how to dress, where to sit, how to speak type advice executives get taught, but for a world which is virtual by default.