Skip to content
← home

tag

#learn

94 posts

Processing experience into insight - retrospectives, lessons

Security

What the Netflix ‘Zero Day’ series got right about incident response

That said, the widespread nature of the effects shown in the six-part series are definitely plausible. Industrial control systems and the infrastructure that supports them are riddled with zero-day vulnerabilities, alongside the more common "known, yet unpatched" n-day vulnerabilities.…

18 May 2025 · 4 min read
Security

The Original Bug Bounty: Alfred Hobbs and the Great Lock Controversy of 1851

Alfred Hobbs: The OG bug bounty hunter who cracked England’s ‘unpick-able’ locks. His breaker mindset exposed flaws, sparked innovation, and proved no system is perfect.…

07 Mar 2025 · 5 min read
Security

A few security predictions for 2025

Security predictions for 2025: peacetime vs wartime cyber, hardware and IOT back in focus, AI as tool, target, and threat — and the slop firehose's arrival.…

17 Dec 2024 · 2 min read
Security

Some thoughts about Typhoons

What's the deal with Volt Typhoon, Salt Typhoon, and Flax Typhoon - and what do we need to do?…

12 Dec 2024 · 3 min read
Security

You're Soaking In It: Systemic Cyber Struggles

Chris Hughes, Wendy Nather, and Casey Ellis on systemic cyber struggles, the cybersecurity poverty line, and what regulation can actually shift the needle on.…

14 Nov 2024 · 1 min read
Personal

Little update: “Rumors of my death have been greatly exaggerated”

It’s been just over three weeks since I randomly “let the Internet know” that I was heading in for unexpected heart surgery...…

21 Jul 2024 · 5 min read
Policy

Builders and Breakers: Partnering for Secure Elections

In September 2023, the IT-ISAC Elections Industry SIG launched a first-of-its kind pilot program in which election technology providers gave security researchers access to modern voting technology under the principles of Coordinated Vulnerability Disclosure.…

13 Jun 2024 · 6 min read
Security

Bugs on a Plane: Implementing a Bug Bounty in an Airline IT/OT Environment

Bug bounty programs are a valuable tool for security efforts but only if they are correctly applied. This is particularly true for airlines who have to secure both the IT business systems and OT aircraft systems that enable the business to operate safely.…

13 Jun 2024 · 6 min read
Personal

My office setup — Part 3 (US edition)

Optimizing my home office space for a work-from-home/hybrid setup became a bit of a hobby during the pandemic, and since returning to the USA from Australia in 2021 I've essentially replicated the successful aspects of the Sydney setup, with a few modifications.…

18 Sep 2023 · 3 min read
Policy

DEF CON 31 Policy — All Your Vulns Are Belong to Terms and Conditions

DEF CON 31 Policy - All Your Vulns Are Belong to Terms and Conditions - DEF CON panel featuring David Rogers, Katie Trimble-Noble, Harley Geiger, and myself. Recorded on September 15, 2023 at DEF CON 31 in Las Vegas, Nevada.…

17 Sep 2023 · 34 min read
Building

My #hackersummercamp 2023 moves

Here are my moves for #hackersummercamp 2023...…

08 Aug 2023 · 1 min read
Building

Bugcrowd: 10 Years On, and Still Just Getting Started

On the 1st of September 2012 during a flight from Melbourne to Sydney, a series of ideas I’d been working on for a year or more coalesced with a bunch of conversations I’d just had, the lightbulb went off, and Bugcrowd was born.…

01 Sep 2022 · 4 min read