Who we are
We are a growing community of European information security professionals and privacy activists who like to share their knowledge for free. We started this blog in January 2017. In March 2018, we decided to redesign/rename the blog entirely and switched to English only. We reach a global audience and are in close contact with InfoSec professionals from all over the world.
We are not available for hire!
What we do
First of all, we are full-time employees working closely with many other information security experts every day. Our employers are well-known international companies, which are active in various InfoSec domains. Being active in different InfoSec domains ensures that our blog covers a wide range of different InfoSec topics. Our professional daily work includes conducting penetration tests, analyzing malware, designing industrial networks, inspecting network traffic, hardening different operating systems and applications, creating tools for particular tasks, writing InfoSec policies and guidelines, and much more. Kindly note that our families and principal employers have priority over our blog.
We operate this non-profit (100% self-funded) blog as a team, focusing on a privacy-friendly and secure design. We process the least amount of personal data possible to provide our blog, and regularly reconfigure and closely monitor our web servers to ensure secure operation.
Besides, some of us conduct workshops and give lectures. For instance, we were at:
- Vysoké učení technické (University of Technology) in Brno, Czech Republic
- České vysoké učení technické (Czech Technical University) in Prague, Czech Republic
- Universität Regensburg (University of Regensburg), Germany
- Zentrum Digitalisierung.Bayern (Center for Digitalization Bavaria), Germany
- IT-Cluster Linz, Austria
To acquire additional skills and meet with other professionals, we regularly attend security summits and workshops. You can meet us in person if you attend events like the Gulaschprogrammiernacht, BSides Munich, C3W PrivacyWeek, or Honeynet Project Workshops. 😉
Finally, we sometimes look for security vulnerabilities in websites/web applications/software and report findings to administrators/developers. As of December 2019, we sent reports to about 120 companies, organizations, and private individuals. We also privately report incomplete privacy policies; however, this isn’t the main focus of our voluntary work.
What we don’t do
As mentioned above, we do not promote any services or products of our employers on our blog.
Since we like to read and write honest and neutral articles, we do not promote any services or products of companies, organizations, or private individuals in connection with sponsoring. For the same reason, we do not promote any services or products solely based on hearsay or assumptions.
Lastly, we do not contact the media or any other third party to share or sponsor our blog or content.
Follow us on Mastodon:
All contributors are either information security professionals or privacy activists who want to share their knowledge with you for free.
Jakub holds a Master of Information Technology Security degree, in addition to a Bachelor of Science degree in Computer Science (Computer Systems and Data Processing). He currently works as a Cyber Threat Intelligence Analyst for a Czech company in Prague. Jakub operates infosec-handbook.eu and frequently provides ideas and practical threat hunting knowledge. During leisure time, he cares for his children, wanders through Czech woods, or goes fishing.
Benjamin is an ICS/OT security consultant, counseling companies of the beverage and liquid food sector (including critical infrastructure). He holds a Bachelor of Science degree in Computer Science. He worked for an internal information security department with a focus on information security awareness as well as a security-sensitive European government organization for years. Benjamin’s experience includes the areas of network security, network-level anomaly detection, and visualization of security-relevant information using graph databases. He likes traveling, hiking, and contributing to Wikipedia. He is also an active member of Codeberg e.V. (Germany).
Thorsten is passionate about helping like-minded as well as non-technical people when it comes to privacy and data protection. He holds a degree in Information Technology. Thorsten is known for his privacy-related articles and easy to understand tutorials in German that he published on free and open social networks.
Verena liked the idea of our free information security blog and decided to create several icons for us. Moreover, she provides pictures for our blog. She is snap-happy and loves creative activities.
We operate accounts on the following publicly-accessible websites:
- Keybase.ioexternal link
- Chaos.social (Mastodon)external link
- Github.comexternal link
- Gitlab.comexternal link
- Reddit.comexternal link
- forum.privacytools.ioexternal link
- codeberg.orgexternal link
- Threema (ID: ZPCM5K45)
Besides, we operate groups in 4 different corporate networks that are closed for the public.
On websites that aren’t mentioned above, we use Keybase to cryptographically sign our comments to prevent impersonation. You can verify our signature if you use Keybase. Open a terminal and enter:
echo "BEGIN KEYBASE SALTPACK SIGNED MESSAGE. […] END KEYBASE SALTPACK SIGNED MESSAGE." | keybase verify.