Social Skills For Information Security Professionals: The Preface To My Book

On my motives for this book How and why - I believe - can my story make your life easier It’s been roughly 11 years since I’ve started commercially working in IT, out of which 7 were profoundly dedicated to InfoSec, a field in which I truly believe there is a lot yet to be … Continue reading Social Skills For Information Security Professionals: The Preface To My Book →

InfoSec Career Paths vs Programming Skills – The Basics

On Peerlyst, in my Q&A session, Eric Geek‍ asked: Is being a great developer vital when choosing information security as a professional career? My answer below: Beneficial? Yes. Necessary? By no means. Demand for development skills in infosec is raising, but the demand for general infosec specialists is growing even higher. I know many fantastic … Continue reading InfoSec Career Paths vs Programming Skills – The Basics →

Sharing Udemy Courses and Certifications in CV and resume

I've noticed this post today on my LinkedIn wall: I just saw my first resume where the candidate highlighted Udemy certifications. I think this is a great idea. While certainly not stand-alone, these are a great way to show deep interest in an area. ~ Mike Johnson, CISO at Lyft And I'd like to add … Continue reading Sharing Udemy Courses and Certifications in CV and resume →

Which skills are essential to find a job in security and how to build an initial portfolio

Question: "What should I do to earn more credibility and which skills specifically should I learn to put myself on a track of becoming a security specialist" I recommend you do pretty much anything you can, because 1% of exposure is still better than 0. If you’re into webappsec, then go for it, and absolutely … Continue reading Which skills are essential to find a job in security and how to build an initial portfolio →

TOP 9 Rules To Maximize ROI Of Bug Bounties And Penetration Tests

Originally posted at testarmy.com Having worked on both sides of the fence, I want to share my biggest lessons learnt during my career that entailed: being a penetration tester and red teamer being an accomplished bug bounty hunter working as an internal QA engineer, Security Engineer and Security Architect a'ka blue teamer running and maintaining bug bounty program for a handful of companies worked as a … Continue reading TOP 9 Rules To Maximize ROI Of Bug Bounties And Penetration Tests →

Here Is What We Should Teach All Software Developers About Security

I've received this question a couple of weeks ago and I believe it's valuable enough to spread my thoughts on the subject here as well. Having been a university lecturer myself I truly believe there is much more we could be doing. It doesn't mean we need to push a lot of new knowledge on students, it's just enough if … Continue reading Here Is What We Should Teach All Software Developers About Security →

The most important lesson for aspiring Penetration Testers and junior Security Professionals

Lots of people asking me recently about how to find a job as a pentester or a security professional. So listen up girls and boys - if you want a legendary piece of content which has the highest concentration of integrity and wisdom, then you must thoroughly read this magnificient piece created years ago by Corelan Team. Yes, it's as valid as it was … Continue reading The most important lesson for aspiring Penetration Testers and junior Security Professionals →

Corporate Meetings Should Involve Everyone To Actually Find The Best Solution To A Problem

Don't waste yours and other's people time, by inviting them on meeting where you don't pay attention to their solutions anyways. Whether it's personal or professional life, you should always start a meeting or discussion with expected outcome in mind. Start talking to someone about problems, and state early on that you want to find … Continue reading Corporate Meetings Should Involve Everyone To Actually Find The Best Solution To A Problem →

Penetration Testing and Vulnerability Assessments Are NOT Going Anywhere Anytime Soon. We Still Suck at Basics

I've seen following questions pop up very often, so decided to write some brief blogpost about it from my POV. For how long will the security testers’ work be required? What is the future of IT security industry and penetration testing? So pentesting is dead right? Only Bug Bounties and Red Teaming is good now? … Continue reading Penetration Testing and Vulnerability Assessments Are NOT Going Anywhere Anytime Soon. We Still Suck at Basics →

Effectiveness, High Productivity and Fulfillment in InfoSec — The Game That Never Ends

Make everyone involved You need everyone’s perspective. To build robust security program which actually solves problems of your organisation, you need questions and insights of other employees. Sometimes, we’re not even aware that employees use a specific tool, thus we have no way of protecting them. You need to talk to people, you need to encourage … Continue reading Effectiveness, High Productivity and Fulfillment in InfoSec — The Game That Never Ends →