NIST Cybersecurity Framework v1.1 – Shortened

Introduction Everyone I’ve ever talked to who was given a responsibility of managing security of their company was always extremely busy, leaving very little time for self-education - I’ve been in the same boat for years. Which is very unfortunate, because nothing can expedite your journey like learning from the experience of your peers. NIST … Continue reading NIST Cybersecurity Framework v1.1 – Shortened →

Czego oczekuję od juniorów w IT

4 porady dla ambitnych juniorów https://www.youtube.com/watch?v=7xDmorVvCGU

Wdrażamy DevSecOps – chmura, SDLC i podstawy skuteczności i rozsądku

Pytacie o DevSecOps i słusznie, bo to gorący temat - więc nagrałem dłuższy materiał wyjaśniający o co chodzi w tym buzzwordzie i jak zacząć się z tym bawić. https://www.youtube.com/watch?v=XwjLUnY4MOc&feature=youtu.be

Practical guide into GCP Security – entry/mid-level

A brilliant resource for everyone trying to grasp the practical concepts of GCP Security. It was released a couple of months ago, I've just run into it and it's so tremendous that I have to share it with all of you. https://services.google.com/fh/files/misc/google-cloud-security-foundations-guide.pdf

Jak zatrudniam juniorów IT Security – wskazówki dla młodych bezpieczników

https://www.youtube.com/watch?v=UZ8wMUcfHMc

The fallacy of building vs buying

It didn't happen once or twice, that I fooled myself into thinking that I can build the very thing that I aka my organization needs. Even when I in fact was able to, it doesn't mean I should've done so. See, when you're growing an organization and you happen to have your own software engineering … Continue reading The fallacy of building vs buying →

Security perimeter, budgeting and technical debt

Regardless whether you're creating and selling software or you're just using it to run your daily operation, you are an IT company. Show me a business which doesn't require technology as an essential element of its strategy and I'll show you what you're missing. If you've been listening closely to the things taking place in … Continue reading Security perimeter, budgeting and technical debt →

Freelancing and career development in Cybersecurity

Jakiś czas temu na grupie pojawiło się pytanie odnośnie tego jak zacząć karierę w security, jak zostać pentesterem, bug bounty hunterem i jak rozwijać się dalej, pozyskiwać kontrakty i nowych klientów. Nagrałem niedawno dwa podcasty z Peerlystem, w który odpowiedziałem na kilkanaście świetnych pytań. Łącznie ponad 75 minut treści, które polecam każdemu kto chce nauczyć … Continue reading Freelancing and career development in Cybersecurity →

Security Principles of Google Cloud Platform

While studying new material in private time I like to take notes to memorize things better and have neat reference material for the future. I often end up polishing some of my notes on a specific subject and releasing it to the infosec community, and I've found such a piece of work from last year … Continue reading Security Principles of Google Cloud Platform →

CEH vs OSCP vs inne certyfikaty bezpieczeństwa IT – co i jak wybrać na danym etapie kariery

Coraz częściej dociera do mnie pytanie o to, jaki certyfikat i szkolenie wybrać by wystartować ze swoją karierą w branży bezpieczeństwa IT. W tym nagraniu pomogę Ci wskazać moje podejście do wybierania pomiędzy certyfikatami i szkoleniami w które inwestuję swój czas i energię. https://www.youtube.com/watch?v=DsfauwZQKC8