The First Year of Public Exposure

The siege of Château Gaillard between September 1203 and March 1204 is a good example of determined attackers exploiting a weakness in the defenders’ threat model. As the story has it, a French soldier clambered up the latrine chute and let in his compatriots to take over the castle.

On 2023–03–08, I embarked on a journey to offer cyber security experts a platform to voice their informed opinion through an independent blog dubbed Public Exposure. The name of the blog is a synthesis of of cyber exposure and one of my favorite rap groups from the 1990s, the Public Enemy.

Before creating this blog, I had already been sharpening my pencil through a doggy blog after a long hiatus on voluntary writing. Having studied linguistics, translation theory and literature in the 1990s had left me with little joy in actually putting words together in sentences just for the fun of it.

The Practical Challenges and Tribulations

An independent information security blog on the other hand presented two kinds of challenges.

1. First off, would I have enough to say to sustain a steady cadence and to keep my audience engaged?
2. Secondly, creating something out of nothing requires patience for the long game in order to bring my ideas to the attention of a larger audience.

Moreover, I felt that too much attention was paid to offensive cyber security which necessarily does not help organizations be more secure across the board. Don’t get me wrong, red teaming is an important part of the equation once you have your basic security posture in order. Before that, however, it is likely that the red teamers with their sharp blades will just wreak havoc and expose issues your organization is not ready to deal with just yet.

A House DJ and Guest Stars

That is why I decided to create an independent forum where I am the “house DJ” warming up the crowd and the stars of the show are the guest bloggers who offer their insight on their areas of expertise. I did not know whether I would be able to get people to write for the blog, since it is a time consuming effort and you as a blogger will not get compensated for it.

I was, however, positively surprised that a number of my peers actually were willing to step up on stage and offer their expert opinion. So far, most of the writers have been Finns, but slowly and surely I am starting to get submissions from a wider set of cyber security experts from across the globe.

Write for Us as an Invitation to SPAM Me

Even if the signal to noise ratio of inbound submissions has been quite poor, the ones that have made the cut have been nothing but excellent. What I mean by this is that SEO is both a curse and a blessing.

Having had some high octane content published on the blog means that many credible sources start linking to it and raising the status of the blog from the credibility perspective.

This is what I call the shit that attracts the (SEO) flies on a hot summer day.

In practice, the number of “paid links/posts” offers arriving in my INBOX has been quite substantial, but even among those I have hope that one day I will actually get a quality submission, such as the one written by Ben Weintraub. He actually reached out to me through the public channel and I was happy work with him to get his academic research results published.

The Editor Hat

Having published 14 write-ups in a year has also meant that I have had to get acquainted with my role as an editor. This has been quite an involved process, since most of the bloggers are not native English speakers or writers. Don’t get me wrong, editing eight longer pieces of writing has taught me a lot about the art and has motivated me to dig deeper into topics, which I might have otherwise just glanced over and moved on.

Publishing Cadence

This work has also meant that Public Exposure has settled in on a steady cadence of one post per month, each published on a given Patch Tuesday. Originally, I naively thought that I could publish one post every fortnight, but luckily I have decided to focus on quality over quantity. I can only marvel at professional writers such as Cory Doctorow, who spew out interesting, informed content almost on a daily basis.

Writing and editing content on a regular basis has also meant that I have read more (and longer pieces) than I used to. This I see as a positive, since being a news junkie I tend to cover more breadth than depth in my daily routine.

The Twitter dumpster fire set off by Elon has also meant that I spend less time on the only social media that ever has had any significance for me. This I think is both a curse and a blessing.

My Ugly Babies

Publishing six pieces of my own writing in a year, may not seem much at a glance. I have, however, been focusing on publishing my research into known vulnerabilities and exposures, an endeavor which in itself consumes quite a bit of time to begin with.

One piece of writing I have been putting off publishing for more than a year due to “environmental variables” is a quixotic challenge related to renewable energy. I plan to get there, despite having at times lost sight of both my Rocinante and Sancho Panza in the process.

Happy Birthday PE!

In any case, let’s pop the cork on a bottle of bubbly for our one year old and hope she will learn to walk and run, since her creepy crawly phase seems to have come to an end.

If you would like to get a heads up whenever I publish a new write-up, please subscribe to my monthly newsletter. I will not spam you with frivolous marketing messages, nor share your contact details with nefarious marketing people — unless you count me as one. Finally, if you have something to say about cyber security and do not have a platform to say it on, reach out to me about a potential guest post.