How to actually earn $ as a web3 security researcher in 2026 We're getting @RealJohnnyTime, @sammyaudits, and @GuildAcademy_ together with the Remedy team to talk through it honestly: → Bug bounties vs contests vs going in-house - what's worth your time → How to pick targets that'll actually pay you → Competing when everyone has the same AI agents → Where independent researchers go from here We see this differently, so come ready to push back. June 4, 14:00 UTC Live discussion on @xyz_remedy

@_nd_koo recently broke down six security issues that recur across Hexens wallet audits. Not bugs. Architectural defaults that survive design review because nobody pushes back.

Mid-career people are sitting on rare leverage right now Stanford's Digital Economy Lab paper tracked early-career workers since ChatGPT launched. Workers aged 22-25 in the most AI-exposed jobs saw a 13% relative drop in employment vs. peers in less-exposed roles. The jobs disappearing fastest are the ones where juniors used to learn the ropes by doing the boring stuff, and AI now does the boring stuff. So what happens to mid-career people in 5-7 years? If companies stop hiring juniors at the same rate, the pipeline of people ready to step into senior roles dries up. IBM noticed and is tripling entry-level hires in 2026, not generosity, math. Slashing juniors saves money now and creates an expensive talent shortage later. Ofc most companies don't do that. Which means anyone currently in the 3-8 year experience range is in a structurally rare position! That window won't stay open forever, but right now it's the most leverage you'll have in your career to negotiate scope, comp, and the kind of work you actually want.

[1/8] Most user personas you've seen are useless and everyone in the room knows it. They get printed, stuck on a wall, and ignored. So here is how you create a Persona that makes sense.

Phishing emails get more clicks when other people appear to be in on the thread. Your brain reads those CC'd names as approval. A 2019 phishing simulation compared the three main social engineering tactics head to head. Social proof - emails that implied other people were already in the loop - out-clicked authority by about 22% and scarcity by 87%. When a message looks like colleagues have already engaged with it, your brain stops evaluating the request and starts trying to catch up to a decision it thinks is already in motion. Awareness training spends most of its time on the sender. The CC line is doing more of the work.

New resource added to @fhe_org resources : "Awesome FHE Attacks: A curated list of research, articles, tools, and resources focused on attacks against FHE" by Hexens github.com/Hexens/awesome-fh… Know of an FHE resource that should be shared? Let us know below! #FHE #homomorphicEncryption #security

[1/6] We just released a free tool that builds your product's user persona based on the cognitive biases most common in your target country. It replaces the $5K–15K of research work that usually goes into building a research-backed persona for a new market. Here's why this matters and how it works ↓

Your brain won't let you rest until you complete that side project. In the 1920s, psychologist Bluma Zeigarnik noticed something odd at a Vienna café: waiters remembered unpaid orders perfectly, but forgot them the moment the bill was settled. She tested this in the lab - turns out, our minds hold onto unfinished tasks far more vividly than completed ones. That nagging feeling at 11pm that you forgot something? Your brain keeps open loops active so you don't drop them. It was a useful feature in a savanna. But it's obviously less useful when you have 47 open tabs, three half-written messages, and a side project from 2022. 😁 The fix isn't finishing everything (impossible). Studies by Masicampo & Baumeister showed that simply writing down a specific plan for an unfinished task (when, where, how) frees the mind from rehearsing it. The brain treats the plan almost like completion.

me posting on twitter