hacker/hustler. chairman/founder/cto @bugcrowd and cofounder @disclose_io. husband, dad, musician, believer. pioneer of crowdsourced security as-a-service.
Policy
Earlier this week, the National Institute of Science and Technology (NIST) released Revision 5 of NIST Special Publication (800–53) Guidelines Security and Privacy Controls for Information Systems and Organizations. This revision makes a tremendous step toward bringing the role of good-faith security researchers (or, as they prefer to be
Security
While it feels illegal to hang out with your friends right now, the pandemic is no match for the dedicated folks who unite for Black Hat and DEF CON every year. In 2020, both conferences are running virtually, highlighting the remarkable zeal with which security professionals and hackers continue to
Policy
"You've just found a bug on a company's website. What are the first three to five things you'll try in order to establish contact with them?"
Policy
About 18 months ago, I sat in Capitol Hill with a bunch of other badasses including Matt Blaze, Kimber Dowsett, Jack Cable, Alexander Romero, Leonard Bailey, and others, and talked to voting machine manufacturers and US states.
Security
tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk…
Building
tl;dr: 0.06% of the publicly-addressable IPv4 space is listening to and responding on TCP Port 0. Why? idk…
Security
I spend a lot of time looking at cybersecurity solutions and companies, partly on request, and partly because it always fascinates me to see people are attempting to solve big problems.
Personal
An active problem needs an active opposing response, a passive response will always allow the aggressor to succeed in the end.
Building
Simple is strong. Respect is key. Build it like you own it. Don’t be valuable, create value. Think like a hacker. 360-degree accountability.
Security
2020: Chaos is a Ladder As 2020 comes to a close, I’ve started to see summaries of the year pop up, covering lessons learned from the year nobody saw coming… As years go, 2020 was full of those! While I wish I could go back in time and tell
Security
Shannon and Kerckhoff were pioneers of disclosure thinking — They understood the concept of “build it like it’s broken”. This was especially true in WWII cryptography, but it’s becoming increasingly clear in its relevance to the 'peacetime' software that we use today.
Security
Broadly, there are two things that come into play when it comes to the style a person applies to hacking: The level of experience, and the overall wiring of the hacker.