Hey everyone, I’m still here. If you’ve wondered where I’ve been, or if everything is OK—I’ve been around-ish and YUP! everything is A-OK over here.

Riffing on Axxuy and Elena’s posts about how they drink coffee, here’s how I take my coffee… ☕️

My song ranking of Sleep Token’s album Even in Arcadia. Honestly though, that top 4 is super hard for me to decide as they are all mind-blowing. Also, had to roll back into this post and drop the lyrics to my favorite parts of each song. Behold!

OK, so you’ve got a blog/website, but you’re wondering “now what”? Here’s some ideas for what to do next!

Fedi has been around for ~13 years and Mastodon has been around for about 9 of those. For anyone wondering how Fedi “wins”, I think you need to ask instead, “what does it mean to win”? We’ve gotten this far w/o VC funding and continue to grow (even if it isn’t at breakneck speeds). We win by being here. Being here for everyone who finally realizes that corporate social platforms are forever-doomed. Everything else is second, and will probably come in time.Here’s to 13 more years of winning!

I saw a thread recently which asked people to share their “path” in cybersecurity. I’ve long maintained a few lists that sorta represent this path, so I decided to mush them together to create this simplified timeline of notable career events (e.g. degrees, job changes, certs and other large life or professional-adjacent events).

Answering a particularly random set of questions via the Blog Questions Challenge Bot…

@darius@t54r4n1 I’ve never thought of a “newsletter” as being defined by its transmission medium, though I understand the instinct to associate the “letter” suffix with e-“MAIL”. I’ve always emphasized the “news” part of newsletter (w/ “letter” referring to the fact that newsletters were written, i.e. not videos or podcasts). In this way, newsletters would be defined more as written pieces that focus on recent topics (i.e. news), regardless of how it is delivered.

Answering the Blog Questions Challenge Outdoor activities…

I like this from @bradenslen - Blogger How Pushy are You About Getting Paid?This is one of the reasons I loathe Medium and Substack—they’re all WAY too pushy with getting me to sign up, subscribe, pay—before I even have a chance to read a single thing from that author. Not to mention all you give up by being on those platforms instead of building your brand and establishing an identity via your own personal domain.If I like your stuff, Ill find your subscribe links. Get’m outta my face.Adding to this: I have some donate links in a few places my site. But I try to keep them to a minimum, and mostly out-of-sight/discrete. I’m not a professional writer/blogger, and though I do write pretty frequently, I don’t expect $$ from anyone, and I never will paywall my content. I don’t need $$ from anyone, but I like to have the...

We need to stop platforming Nazis—available on my Substack.

Assortment of Nicole musings…

A line I see repeated a lot amongst infosec professional circles is “infosec is not an entry-level field”. This is typically followed by recommendations from these same “professionals” to first get jobs within the help desk for a few years before trying to move into a true cybersecurity role. This is crap advice, and very gatekeepey.

I saw this post from Jacob titled Beware tech career advice from old heads and I think it’s spot on. Infosec, even back when I was first getting into the field in 2010-ish, has always had that seemingly artificial barrier-to-entry, but there was A LOT that was different then and just doesn’t apply today. The technical/experience expectation(s) for newcomers has skyrocketed, the competition for jobs has ballooned by several orders of magnitude it seems, opportunities have stagnated to a degree, and the advent of AI has started to put pressure on these sorts of technical roles.

Just gave myself a crash course in render-blocking css/js resources. Cloudflare having weird issues causing issues for unpkg which is where my (phosphor) icons are hosted. So my site would refuse to load if it couldn’t load that dependency. Toss the ‘defer’ directive on the respective script tags and now things render instantly again (even if the icons won’t load or take longer to load).

Here I answer the question “Is cybersecurity a good career?…”

A lot. Let’s talk about ‘em…

Got a li’l art commission request. I’m interested in some banner art for my “Scrolls” newsletter ( https://shellsharks.com/scrolls/). Thus far, I’ve been using the Phosphor scroll icon as a stand-in but would love to have something a little more personalized. As fan of #pixelart I would love to see something in that realm but that’s not mandatory. What I’m looking for - something that looks like a scroll with some sort of writing on it. Open to a creative interpretation based on that!

A discussion on the polarizing, hot-button issue of AI. Many laud its uses, others frame it as “useless”. The truth is never black and white. AI (and LLMs) are still very much a nascent technology, at least as I see it in the grand scheme of things to come. But, given the proliferation of this technology throughout the tech world, permeating much of our regular daily lives, you’d assume it was much more mature and robust. Below, I try to point out some of the many concerns that I have observed, in order to juxtapose those against the reality that AI/LLMs do in fact have real-world uses, and when employed correctly, can admittedly be powerful tools.

Some AI threat / threat modeling / security resources I’ve collected…