Back in 2014 when I was just getting started with hacking, if you would have told me that one day I’d be a DEF CON speaker I wouldn’t have believed you. But guess what, dreams do come true 🙂 Still can’t believe I got to share my research at the first DEF CON Singapore ever! Big thank you to everyone that came and thanks for the support. This is a huge motivator for me to do even more research.

Founder confession: my biggest bottleneck this year wasn't code, money, or time. It was that I can do everything, so I try to do everything. Build the product. Run the marketing. Apply to conferences. Reply to demo requests. Then write a fix at 1am and forget to actually deploy it 🤦‍♂️ Every one of those is a "yes" that quietly steals from the others. The founder skill isn't doing more. It's choosing what to let slide on purpose, so the thing that matters gets your best. What did you let slide this week so something else could be great?

Is this relevant? This is the question I always ask myself. With AI taking over slop everywhere and threat intelligence already being a noisy industry before AI, the noise frequency has exploded. This is the simple question I ask myself every time to qualify and event. Is this event really security relevant for companies or is it just noise?

My enthusiasm for public speaking and my enthusiasm for writing CFP applications are inversely proportional. And I love public speaking.

UK friends, I'm coming to London the week of the 22nd! Let me know if you're in town and would like to grab a (proper) pint. Or if you know anyone you think I should meet, always happy to meet new people. ✌️

I'd also add - what type of data has been compromised?

I just got not one, not two, but three talks accepted for an upcoming conference. I'm shocked, I never expected so many of my proposals to get accepted. Now the question is: how many talks are too many to deliver in just a couple of days? 😅

What questions would you ask a digital nomad? I'm working on some long-form content to give a bit more background on my day-to-day life. Specifically around: 1. Life on the road 2. Cyber security conferences 3. Being a founder 4. @rivanorthSec and what I do work wise Got anything you'd like to ask me? Let me know in the comments below.

Most cybersecurity analyst jobs will go extinct due to AI. I'm sorry if you find this upsetting. But look at this. Let's say an analyst costs $130k per year. I've developed a software (@rivanorthSec Oko) that protects company data across the clear web, dark web, and the third-party ecosystem. Previously, this would have required at least three analysts to provide year-round, 24/7 coverage. That would have cost $390k in salaries plus the monitoring software. Now, all that work has been taken care of by agents, which cost a fraction of what those salaries would have cost. That's why I think most cyber analyst jobs will go extinct. Why else should cyber leaders keep on hiring for those positions?

Please rebuild CRMs the current offering is so 00's

AI will take over the world...

Biggest misconception about long-term digital nomad life. First three months. Oh, this is amazing. I'm getting paid to be on holidays. Every month after that. Oh crap, I'm working 10 hours every day, and on top of that, I need to move places twice a week.

I cracked the formula for la dolce vita. It's 90% Italy, 10% cyber security. My friend Luigi had one question for me, and the answer is in the video. Here's the not so secret recipe: 1. Fly to Italy. 2. Get @rivanorthSec Oko to watch the dark web and your third parties for you. 3. Sip espresso. Worry about nothing. Repost to send a little dolce vita to someone who needs it.

I struggle to stay still. Anyone else? Where am I off to next?

Hey @BreachClaw , a lot more work coming your way

This one tip has helped me to never go over time while speaking, but also to not leave time on the table. I've recorded this video while I was in the hotel finishing up my DEF CON Singapore presentation slides. Hope it helps you too!

I hate to admit this, but Elon Musk made @rivanorthSec possible. Australia is notorious for having really bad reception, even in metropolitan areas. Thanks to Starlink, I've been able to work from literally anywhere. From the Victorian High Country, the rugged west coast of Tasmania, various deserts and the Pilbara. This piece of kit has truly changed everything for digital nomads in Australia.

One of the most notorious dark web forums has gone back to the 90s. Yes that's right, they started using Jabber (XMPP) an open-source instant messaging protocol created in 1999. I believe it's because of the increased crackdowns on Telegram groups after the arrest of its founder, Pavel Durov. Telegram has since started cracking down on illicit activity on the platform, which makes maintaining communities much harder. I think this is an experiment to see if XMPP will be a more reliable option for them. If you found this interesting, share it with someone who follows the dark web space.

I don't know why this is so hard. Traditional CTI apps are just riddled with false positives. I think the only question a CTI platform should ask before creating an alert is, "Is this an immediate cybersecurity risk for the company?" I think it's pretty simple. If the answer is a clear yes, then that should be an alert. If the answer is a long five-minute explanation as to why this might be an issue, I think it's irrelevant, especially these days with so many AI and supply chain news coming out every few seconds. I don't know why no one else is implementing it?

This is what $7.30 buys you at Perth airport. A regular, spilled, flat white.

Everyone is riding the AI hype, even cybercriminals. $200 apparently buys you a Google Gemini database. This is obviously fake, Gemini didn't get hacked. I guess now we have AI influencers on the dark web too. What to you think about Mythos? 😂