- Deception Technology 101 – from a Deception Engineerby passkwallwe are not only engineering technical solutions to serve as decoys, canaries, etc, we are also engineering environments and, most importantly, we are storytellers.
- Finding security bugs across a codebase for beginnersby passkwallA while back I was interviewing for a security role at a rather large company annd a big focus was finding bugs across different projects. Without going into a ton of detail, it’s safe to say that I didn’t exactly land that job at the time. Coming from a pentest/red-teaming track into a more general… Read more: Finding security bugs across a codebase for beginners
- How I transitioned into security, and what I would do differently (2022 edition)by passkwallI was visiting my parents over the winter holiday back in 2018. The cold air nipped at my bare arms and the North East Coast breeze was a stark reminder of how much colder it gets versus the warmth of the West Coast; I was running outside to catch a phone call. My fingers had… Read more: How I transitioned into security, and what I would do differently (2022 edition)
- Securing your CI: How to determine what matters mostby passkwallOver the last few weeks, I’ve been working to inject security tooling into the CI (continuous integration) pipeline. Coming from a background that’s primarily red-teaming, offensive security, and even a bit of compliance, there have been some learning curves for adapting security tooling to fit your organization’s needs. Given I’m a rather small security team,… Read more: Securing your CI: How to determine what matters most
- What the OSCP doesn’t prepare you for in the workforce, and how to get caught up!by passkwallWhen I took my OSCP exam, I had less than two years of professional experience in the security space. While I did some of my own learning in terms of webapp testing, hackthebox scenarios, and the PWK (Pentesting with Kali) material, it doesn’t replace working alongside your peers on a security team. I did, and… Read more: What the OSCP doesn’t prepare you for in the workforce, and how to get caught up!