Avoiding the Middle Management Trap 💀 When I once again left the individual contributor (IC) track to lead Trail of Bits’ Application Security Assurance practice, I made a commitment to myself tha...

After winning the U.S. Department of Defense Chief Digital and Artificial Intelligence Office AI Bias Bounty program (gosh - that’s a mouthful 😅), I used some of the winnings to treat myself to a b...

Hey folks! I know it’s been a while since I’ve published anything (sorry about that), but I’ve been heads-down working on some things for the past few months that I’m excited to finally be able to ...

Earlier this week when I sat down to write my “Reflecting on 2023” blog post, I realized just how unspecific I was with my predictions for 2023 - so I decided to change things up this year 😊 Instea...

The end of the year is a great time for reflecting on how things went over the previous twelve months - and for contemplating how to improve one’s conditions in the year ahead. And so, as we round-...

This past year was an absolute rollercoaster. From the low of losing our 5 year old cat to cancer, to the high of obtaining my Offensive Security Certified Professional (OSCP) certification, I foun...

After earning my Offensive Security Certified Professional (OSCP) certification I felt like I was riding a wave of accomplishment; I truly believed I was ready to hack anything! So to keep riding t...

How’s that for a clickbait headline? 😜 But in all seriousness, there is one thing that I regularly see the best Application Security teams do - and which so many AppSec professionals seem to avoid ...

Well, it happened - In late June I sat for my first attempt at the Offensive Security Certified Professional (OSCP) exam and failed. Failing the first attempt with the OSCP is pretty common - and I...

Having recently completed the required exercises for locking-in bonus points on the exam, I thought I’d share some of the lessons I’ve learned through reacquainting myself with the repeatable proce...