I can’t say I’ve done my Advent of Code challenges on the day of release every day this past week, but I have done them. There are a couple challenges where I haven’t finished part 2, but rather than get hung up on it, I just chose to move on to the next day.
Business Administrivia
As I’ve previously alluded to, 2024 was a big year for me in that I launched my own side business, primarily performing offensive security functions as a consultant. I have mostly avoided talking about it here, I don’t want this blog to turn into an advertisement for my company, but I still want to write about some of the experiences I’ve had with bootstrapping a security company.
While I’d love to move this business into other lines (such as consulting to help design secure systems, helping companies modernize their infrastructure to benefit from advancements made over the past 10, 20, even 30 years, etc), right now I’m trying to focus on providing the best offensive security services I can.
I have some background in business, this isn’t the first business I’ve launched (though it is the first that has made more money than it’s lost, paying for my time not included), and I took a ton of business classes in school. But there are all kinds of things that I’m learning require more time and attention than I would otherwise think to give them.
I spent hours yesterday learning that I was doing some of my accounting incorrectly because I hadn’t correctly marked certain transactions as “transfer” – This was inflating my revenue by a not-insignificant amount, which was confusing me until I figured out what was going on. I knew how much I made, and couldn’t figure out where the extra 25% came from. I’m thankful that my accounting classes taught me enough to detect the issue on my own before I accidentally sent the IRS more money than I had to.
I’m also spending time thinking about things like “Do I need insurance? What kind of insurance? Do I just buy it like I buy car insurance?” and “How can I better secure recurring work with customers?” - which has nothing to do with offensive security. I’m enjoying the challenges, though I do wish sometimes that I had more contacts who had started their own successful security consulting firms so I could learn from their mistakes. I need a support group for the business side of the business, the computer side of the business is easy in comparison lol.
I have an opportunity to significantly increase business going into 2025, so I’ve been thinking a lot about this stuff in anticipation/preparation of that. I don’t know that it’ll happen, but if it does, I want to be ready.
Interesting Links
- Darknet Diaries now has a hidden service - I’ve chatted with Jack about this a few times over the last few months and I am happy to hear that he was inspired by my work on this site to make a hidden service version of Darknet Diaries. Check it out!
- Strange Website - A very retro site, very entertaining.
- Thinkst Credit Card Canaries - A very cool canary token for attempted credit card usage. I can only imagine the difficulty in working with a partner who would issue cards that will never get charged.
- Text Editing Hates You Too
- The Curse of Markdown - I still love Markdown, but it does inherently make content less interactive.
Upcoming Projects
- I’m performing a couple songs at a security conference party this weekend, so I’ve been practicing the tracks I’m performing. I’m very excited, I haven’t gotten to perform live since RSA in 2020.