Co-Founder and Technical Director @Silentgrid Security. Adversary Simulation / Penetration Testing. Interested in AI and Automation, HomeLabs. Chess noob.
maybe a biased opinion since I work in offensive security, but AI seems to favour attackers more than defenders. once again the balance is off and seems to be leaning more and more towards attackers.
Thanks for reading this far.
Found this thread useful?
• Follow me for more offsec & consulting insights
• Like/Repost the quote below so others can find it
I’ve spent 18 years in consulting. Milan, London, Sydney. Building things, breaking things, fixing things, leading teams, and learning (constantly) from people smarter than me.
I’m not claiming to have it all figured out. Far from it.
But here are the lessons that shaped how I work, and might help newcomers entering this challenging but incredibly rewarding industry.
I’ve spent 18 years in consulting. Milan, London, Sydney. Building things, breaking things, fixing things, leading teams, and learning (constantly) from people smarter than me.
I’m not claiming to have it all figured out. Far from it.
But here are the lessons that shaped how I work, and might help newcomers entering this challenging but incredibly rewarding industry.
6️⃣ Brain & Body
Last but not least, you only have one body and one brain. Take care of them.
Sleep 7–8 hours. Exhaustion kills attention to detail.
Eat well. Good fuel = better work.
Take annual leave. Rest is part of performance.
Do focused work during your mental peak. When stuck, get sunlight and reset.
Strength train. A strong body supports a sharp mind.
Fast forward to 2025, and during post-Assumed Breach exercise presentations, I still hear non-tech executives dismissively say, "If you had network access, it’s game over anyway."
Perhaps boosting "user awareness" should start at the top of the organisation.
@dinodaizovi@FFmpeg It’s reasonable to expect organisations that profit from OSS projects to either fund them or contribute to their development.
We see great programs to incentivise content production (YouTube, X, …), why not for OSS developers?
If you're interested in learning more about initial compromise through phishing attacks, I highly recommend reading his excellent blog post from my colleague Ben.
https://t.co/L6c6FtccwQ
N8N experts, I’ve noticed that whenever I attempt to create a relatively simple workflow, I revert to using bash or Python scripts and cron jobs. It simply feels much easier to me. Could you please explain what I’m doing wrong? What’s all the hype about this tool these days?