The Starting Up Security essays are written by myself (Ryan McGeehan) in my free time.

I’m a generalist with a vulnerability disclosure, honeypot research, and incident response background. I’ve held Director roles at Facebook and Coinbase and have been consulting for Bay Area tech companies since 2015. I’m a founding advisor for HackerOne, and advise a short list of other security companies too.

Most of what I write is inspired by experiences and observations drawn from incident response efforts. I strongly believe that lessons from failures should be a priority influencer in an approach to security strategy. I try to organize all security subject matter with an incident scenario in mind.

These have been fun to write and I hope they’re useful.