Welcome to the substack from the blueteamsec subreddit.

This week saw an OpEd I wrote on Darkreading around commercial spyware accountability (don’t worry, not advocating it). We do need to hold corporate producers accountable for offensive cyber capabilities but we should expect, plan and prepare for rampant proliferation, vulnerability and exploitation as defenders. Our long tail of technical debt, complexity of systems and rapid rate of change are leading us to a world where vulnerability and opportunity for exploitation are constants - if you aren’t too picky as to where or how. So assume vulnerability, prepare for breach and practice the response.

Next, influencing cyber policy & government for hackers. Those who achieve in their careers often continue to look for the next level. For cyber technologists this can involve wanting to have a national or international policy impact on cyber security. This desire can be driven by frustration at seeing non subject matter experts take posi…