Hi, I’m Chris, a basement-dweller eboy cybersecurity fella on the internet. I do security things at the intersection of software and risk. This blog is about software, security, and careers in technology.

At one point, I had a little history of the places that I worked here, but honestly, you should just head to my LinkedIn for that. If you’re interested in some of the work that I do outside of work, you can look through my published research or GitHub. Instead, let me share some of the guiding principles behind my work online, including this blog.

Four Things I Love

Being corrected. Not necessarily being correct! I try to be correct and writing these posts takes a lot of time and effort, but even then, I won’t get things right 100% of the time. If you notice something is incorrect, let me know! I’d much rather fix it and learn from the mistake than continue being wrong. I don’t bite or take offense!

Bringing evidence & examples. I don’t want readers to take me on my word - I want to bring the evidence that supports my claims, so you can rummage around with it too. Building context with the examples given to check the author’s conclusions is really important for how I learn! And anyway, if I did make a mistake, then finding evidence to support that is trivial. It’s a win/win.

Helping out where I can. I don’t have infinite time, but I do want to help people who are building their career in cybersecurity, no matter how new to the field you are or if you’ve not broken in yet. I don’t have the capacity for individual ongoing mentorship - but I’m happy to answer questions on Reddit, chat on Discord, or whatever else to pitch in at no cost to the beneficiary, continuing the spirit of the many mentors that I’ve had in my life.

Increasing free & shared knowledge. All things on this blog are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Knowledge should be free and shared. Please feel free to remix or adapt these works, so long as it’s within the framework set forth in CC BY-NC-SA 4.0, and I’d love to see what you create if you’re willing to send a copy or link my way!

Four Things I Hate

Ads and trackers. I’m in a privileged position where I don’t need to run ads to make money from this, so I won’t - keeping the web a little more private is more important than a minor payout. There is no clientside tracking either, not even “privacy-respecting” tracking. If you want to stay even more private (or may have your internet snooped on, censored, etc.) this site is also available as a hidden service on Tor.

Online marketing tactics. I don’t publish articles from other sources under my name and will ruthlessly mock companies that email me trying to get me to sign my name on their garbage, casino-promoting article or whatever. It’s my reputation - I’m privileged enough to be able to say it’s not for sale. So, no, fuck off.

Clickbait. Clickbait in the InfoSec industry - whether that’s inflating the impact of a vulnerability, or proposing your company solves unsolvable problems - is a huge issue. I could write some fantastic clickbait articles too: “The Ultimate Engineering Resume: Get Your Resume Accepted at ALL Big Tech Companies.” Instead, I’ll be writing descriptive titles and (hopefully!) accurate technical documents.

Paywalls. As the nemesis of a free internet, who actually likes these?