Social Skills For Information Security Professionals: On Agile, Secure SDLC and Unhealthy Habits

Agile implementation of security into a corporate culture Start small I recommend you to take baby steps with all of the security initiatives you want to start at your company. By balancing the workload and adaptability you can demonstrate coworkers and executives that security doesn’t need to be tangled and complicated. If you show people … Continue reading Social Skills For Information Security Professionals: On Agile, Secure SDLC and Unhealthy Habits →

Social Skills For Information Security Professionals: The Preface To My Book

On my motives for this book How and why - I believe - can my story make your life easier It’s been roughly 11 years since I’ve started commercially working in IT, out of which 7 were profoundly dedicated to InfoSec, a field in which I truly believe there is a lot yet to be … Continue reading Social Skills For Information Security Professionals: The Preface To My Book →

InfoSec Career Paths vs Programming Skills – The Basics

On Peerlyst, in my Q&A session, Eric Geek‍ asked: Is being a great developer vital when choosing information security as a professional career? My answer below: Beneficial? Yes. Necessary? By no means. Demand for development skills in infosec is raising, but the demand for general infosec specialists is growing even higher. I know many fantastic … Continue reading InfoSec Career Paths vs Programming Skills – The Basics →

TOP 9 Rules To Maximize ROI Of Bug Bounties And Penetration Tests

Originally posted at testarmy.com Having worked on both sides of the fence, I want to share my biggest lessons learnt during my career that entailed: being a penetration tester and red teamer being an accomplished bug bounty hunter working as an internal QA engineer, Security Engineer and Security Architect a'ka blue teamer running and maintaining bug bounty program for a handful of companies worked as a … Continue reading TOP 9 Rules To Maximize ROI Of Bug Bounties And Penetration Tests →

Here Is What We Should Teach All Software Developers About Security

I've received this question a couple of weeks ago and I believe it's valuable enough to spread my thoughts on the subject here as well. Having been a university lecturer myself I truly believe there is much more we could be doing. It doesn't mean we need to push a lot of new knowledge on students, it's just enough if … Continue reading Here Is What We Should Teach All Software Developers About Security →

The most important lesson for aspiring Penetration Testers and junior Security Professionals

Lots of people asking me recently about how to find a job as a pentester or a security professional. So listen up girls and boys - if you want a legendary piece of content which has the highest concentration of integrity and wisdom, then you must thoroughly read this magnificient piece created years ago by Corelan Team. Yes, it's as valid as it was … Continue reading The most important lesson for aspiring Penetration Testers and junior Security Professionals →

Penetration Testing and Vulnerability Assessments Are NOT Going Anywhere Anytime Soon. We Still Suck at Basics

I've seen following questions pop up very often, so decided to write some brief blogpost about it from my POV. For how long will the security testers’ work be required? What is the future of IT security industry and penetration testing? So pentesting is dead right? Only Bug Bounties and Red Teaming is good now? … Continue reading Penetration Testing and Vulnerability Assessments Are NOT Going Anywhere Anytime Soon. We Still Suck at Basics →

Effectiveness, High Productivity and Fulfillment in InfoSec — The Game That Never Ends

Make everyone involved You need everyone’s perspective. To build robust security program which actually solves problems of your organisation, you need questions and insights of other employees. Sometimes, we’re not even aware that employees use a specific tool, thus we have no way of protecting them. You need to talk to people, you need to encourage … Continue reading Effectiveness, High Productivity and Fulfillment in InfoSec — The Game That Never Ends →

Here is How Social Medias Ruin Our Security Awareness Programs

Have you seen this^ yet? In the past few weeks I've seen a flood of these among my acquaintances on Facebook. People perceive it as a funny feature and are happy to share such information with their networks. All appears to be good, but have we really thought thru consequences of it? Yeah, that's one … Continue reading Here is How Social Medias Ruin Our Security Awareness Programs →

At the end, it’s all about protecting the money making machine

Make each action purpose and data driven Both in personal and professional life, trust is hard to earn and unbelievably hard to regain. Every step you take in any new relationship should be carefully planned. When you’re joining a new company, for the first couple of months — or as long as it takes you to prove yourself — you … Continue reading At the end, it’s all about protecting the money making machine →