As a knowledge worker in the field of Information Security, there are few things more frightening than losing my mental faculties as a result of catching an airborne virus. As such, I’ve mostly avo...

When was the last time you thought critically about Large Language Models (LLMs)? Amidst all of the money, marketing, and hype surrounding LLMs, it’s our responsibility as security professionals t...

Earlier this year, Dave Aitel—famous for his work on fuzzing and security research from the early 2000’s (and someone that I profoundly respect and admire)—wrote an interesting post called “(the ro...

When a charlatan gives you their predictions, they try to keep things purposefully vague in order to claim they were correct at some point in the future. In order to avoid feeling like a charlatan,...

It has been said that the only constant in life is change - and 2024 is no exception. I’ve read many ups-and-downs this year, but on the whole this year has provided a number of positives in my lif...

Leading deeply technical teams can be an intimidating experience 😅 especially if you’re not making time outside of normal working hours to stay technical yourself. That said, it can also be an incr...

Avoiding the Middle Management Trap 💀 When I once again left the individual contributor (IC) track to lead Trail of Bits’ Application Security Assurance practice, I made a commitment to myself tha...

After winning the U.S. Department of Defense Chief Digital and Artificial Intelligence Office AI Bias Bounty program (gosh - that’s a mouthful 😅), I used some of the winnings to treat myself to a b...

Hey folks! I know it’s been a while since I’ve published anything (sorry about that), but I’ve been heads-down working on some things for the past few months that I’m excited to finally be able to ...

Earlier this week when I sat down to write my “Reflecting on 2023” blog post, I realized just how unspecific I was with my predictions for 2023 - so I decided to change things up this year 😊 Instea...