Who we are

We are a growing community of European information security professionals and privacy activists who like to share their knowledge for free. We started this blog in January 2017. In March 2018, we decided to completely redesign/rename the blog, and switched to English only. Due to this, we reach a global audience and are in close contact with InfoSec professionals from all over the world.

We are not available for hire!

What we do

First of all, we are full-time employees working closely with many other information security experts everyday. Our employers are well-known international companies, which are active in different InfoSec domains. This ensures that our blog covers a wide range of different InfoSec topics. Our professional daily work includes conducting penetration tests, analyzing malware, designing industrial networks, inspecting network traffic, hardening different operating systems and applications, creating tools for special tasks, writing InfoSec policies and guidelines, and much more. Kindly note that our families and principal employers have priority over our blog.

We operate this non-profit (100% self-funded) blog as a team, focusing on a privacy-friendly and secure design. This means that we process the least amount of personal data possible to provide our blog, and regularly reconfigure and closely monitor our web servers to ensure secure operation.

Besides, some of us conduct workshops and give lectures. For instance, we were at:

  • Vysoké učení technické (University of Technology) in Brno, Czech Republic
  • České vysoké učení technické (Czech Technical University) in Prague, Czech Republic
  • Universität Regensburg (University of Regensburg), Germany
  • Zentrum Digitalisierung.Bayern (Center for Digitalization Bavaria), Germany
  • IT-Cluster Linz, Austria

To acquire additional skills and meet with other professionals, we regularly attend security summits and workshops. If you attend events like the Gulaschprogrammiernacht, BSides Munich, C3W PrivacyWeek, or Honeynet Project Workshops, you will probably meet one of us. 😉

Finally, we sometimes look for security vulnerabilities in websites/web applications/software, and report findings to administrators/developers. As of December 2019, we sent reports to about 120 companies, organizations, and private individuals. We also privately report incomplete privacy policies, however, this isn't the main focus of our voluntary work.

What we don't do

As mentioned above, we do not promote any services or products of our employers on our blog.

Since we like to read and write honest and neutral articles, we do not promote any services or products of companies, organizations, or private individuals in connection with sponsoring. For the same reason, we do not promote any services or products solely based on hearsay, or assumptions.

Lastly, we do not contact media, or any other third party to share, or sponsor our blog, or content.

Follow us on Mastodon:
@infosechandbook

Contributors

All contributors are either information security professionals or privacy activists who want to share their knowledge with you for free.

Jakub

Jakub holds a Master of Information Technology Security degree, in addition to a Bachelor of Science degree in Computer Science (Computer Systems and Data Processing). He currently works as a Cyber Threat Intelligence Analyst for a Czech company in Prague. He operates infosec-handbook.eu and frequently provides ideas and practical threat hunting knowledge. During leisure time, he cares for his children, wanders through Czech woods, or goes fishing.

Benjamin

Benjamin is an ICS/OT security consultant, counseling companies of the beverage and liquid food sector (including critical infrastructure). He holds a Bachelor of Science degree in Computer Science. He worked for an internal information security department with the focus on information security awareness as well as a security-sensitive European government organization for years. Benjamin's experience includes the areas of network security, network-level anomaly detection, and visualization of security-relevant information using graph databases. He likes traveling, hiking, and contributing to Wikipedia.

Thorsten

Thorsten is passionate about helping like-minded as well as non-technical people when it comes to privacy and data protection. He holds a degree in Information Technology. Thorsten is known for his privacy-related articles and easy to understand tutorials in German that he published on free and open social networks.

Verena

Verena liked the idea of our free information security blog and decided to create several icons for us. Moreover, she provides pictures for our blog. She is snap-happy and loves creative activities.

Official accounts

We operate accounts on the following publicly-accessible websites:

Besides, we operate groups in 4 different corporate networks that are closed for the public.

On websites that aren't mentioned above, we use Keybase to cryptographically sign our comments to prevent impersonation. You can verify our signature if you use Keybase. Open a terminal and enter:

echo "BEGIN KEYBASE SALTPACK SIGNED MESSAGE. […] END KEYBASE SALTPACK SIGNED MESSAGE." | keybase verify.

Warning
Unsigned comments or accounts on websites that aren't mentioned above are very likely faked. Please report any unsigned comments or accounts.