Which skills are essential to find a job in security and how to build an initial portfolio

Question: "What should I do to earn more credibility and which skills specifically should I learn to put myself on a track of becoming a security specialist" I recommend you do pretty much anything you can, because 1% of exposure is still better than 0. If you’re into webappsec, then go for it, and absolutely … Continue reading Which skills are essential to find a job in security and how to build an initial portfolio →

TOP 9 Rules To Maximize ROI Of Bug Bounties And Penetration Tests

Originally posted at testarmy.com Having worked on both sides of the fence, I want to share my biggest lessons learnt during my career that entailed: being a penetration tester and red teamer being an accomplished bug bounty hunter working as an internal QA engineer, Security Engineer and Security Architect a'ka blue teamer running and maintaining bug bounty program for a handful of companies worked as a … Continue reading TOP 9 Rules To Maximize ROI Of Bug Bounties And Penetration Tests →

Here Is What We Should Teach All Software Developers About Security

I've received this question a couple of weeks ago and I believe it's valuable enough to spread my thoughts on the subject here as well. Having been a university lecturer myself I truly believe there is much more we could be doing. It doesn't mean we need to push a lot of new knowledge on students, it's just enough if … Continue reading Here Is What We Should Teach All Software Developers About Security →

The most important lesson for aspiring Penetration Testers and junior Security Professionals

Lots of people asking me recently about how to find a job as a pentester or a security professional. So listen up girls and boys - if you want a legendary piece of content which has the highest concentration of integrity and wisdom, then you must thoroughly read this magnificient piece created years ago by Corelan Team. Yes, it's as valid as it was … Continue reading The most important lesson for aspiring Penetration Testers and junior Security Professionals →

Corporate Meetings Should Involve Everyone To Actually Find The Best Solution To A Problem

Don't waste yours and other's people time, by inviting them on meeting where you don't pay attention to their solutions anyways. Whether it's personal or professional life, you should always start a meeting or discussion with expected outcome in mind. Start talking to someone about problems, and state early on that you want to find … Continue reading Corporate Meetings Should Involve Everyone To Actually Find The Best Solution To A Problem →

Penetration Testing and Vulnerability Assessments Are NOT Going Anywhere Anytime Soon. We Still Suck at Basics

I've seen following questions pop up very often, so decided to write some brief blogpost about it from my POV. For how long will the security testers’ work be required? What is the future of IT security industry and penetration testing? So pentesting is dead right? Only Bug Bounties and Red Teaming is good now? … Continue reading Penetration Testing and Vulnerability Assessments Are NOT Going Anywhere Anytime Soon. We Still Suck at Basics →

Effectiveness, High Productivity and Fulfillment in InfoSec — The Game That Never Ends

Make everyone involved You need everyone’s perspective. To build robust security program which actually solves problems of your organisation, you need questions and insights of other employees. Sometimes, we’re not even aware that employees use a specific tool, thus we have no way of protecting them. You need to talk to people, you need to encourage … Continue reading Effectiveness, High Productivity and Fulfillment in InfoSec — The Game That Never Ends →

Here is How Social Medias Ruin Our Security Awareness Programs

Have you seen this^ yet? In the past few weeks I've seen a flood of these among my acquaintances on Facebook. People perceive it as a funny feature and are happy to share such information with their networks. All appears to be good, but have we really thought thru consequences of it? Yeah, that's one … Continue reading Here is How Social Medias Ruin Our Security Awareness Programs →

At the end, it’s all about protecting the money making machine

Make each action purpose and data driven Both in personal and professional life, trust is hard to earn and unbelievably hard to regain. Every step you take in any new relationship should be carefully planned. When you’re joining a new company, for the first couple of months — or as long as it takes you to prove yourself — you … Continue reading At the end, it’s all about protecting the money making machine →

Jak zostać Pentesterem i Specjalistą Bezpieczeństwa

Skąd się uczyć i kilka słów o edukacji formalnej Jeśli chcesz zostać testerem bezpieczeństwa, inżynierem bezpieczeństwa czy kimkolwiek w świecie security to już na samym początku mam dla Ciebie wyśmienite wieści. Trafiłeś na branżę, która nie tylko dynamicznie się rozwija i dobrze płaci, ale także ma całkiem niski koszt wejścia. Zauważ, że nie napisałem o … Continue reading Jak zostać Pentesterem i Specjalistą Bezpieczeństwa →