A year in books - 2025
A list of all of the books I read in 2025, with a few notes attached to each of them.
More issues
Demand Without Development
The cybersecurity talent shortage is not just a problem of numbers, but of structure. By systematically avoiding the hiring and training of true junior staff, the industry is reinforcing a feedback loop that shrinks its own future workforce.
Your reporting should act as a yardstick.
Threat Intelligence reports often don't manage to adhere to basic principles of analytical work. But they should.
ssh-agent 🤝 systemd user-service
Marrying ssh-agent to a systemd user-service finally gave me peace of mind and saved me some keystrokes.
The Byzantine Heritage in Russian Security Culture
I would argue that Byzantium remains a key driver of Russian (strategic) security and intelligence culture. In this post I want to explore how I came to this conclusion and talk about how Byzantine "intelligence traditions" influenced Russian statecraft across the ages.
MITRE CVE Program - the past, the present .. and the (European) future.
The Common Vulnerabilities and Exposures (CVE) program is a globally adopted system for identifying and naming cybersecurity vulnerabilities with unique IDs. Established in 1999 by researchers at the MITRE Corporation (a U.S. non-profit R&D organization), CVE was created to ensure that different ..
A short(-ish) guide on information security writing
Whether you’re compiling incident notes at 3 AM, drafting a post-mortem report for the board or helping the marketing department to craft a blog post that will generate near endless riches for your employer - we may like it or not, the ability to produce qualitative ..
Understanding the Russian Way of Deterrence
Since the dawn of the nuclear age, deterrence has stood as one of the central pillars in international security policy. Initially conceptualized in the West to prevent total war through mutual threat of retaliation, ..
Strings Attached: Talking about Russia's agenda for laws in cyberspace
Russia's longstanding proposals for "information security" agreements may sound cooperative, but they conceal a Trojan horse - a push to legitimize censorship, silence dissent, and bind others to rules it won’t follow.
Do not fucking expose management interfaces to the Internet.
While infrastructure as code and other approaches to automated configuration management have become increasingly popular, in most organization's IT environments management interfaces - especially when it comes to edge devices such as firewalls, VPNs and other remote access solutions, and security appliances - are still very much present