There’s no time like the present. As I am writing this, I have recently started my PhD at the Delft University of Technology on internet abuse and vulnerability disclosure practices. Structure is something I’ll need to impose on myself, and to do this, writing is my preferred tool. Welcome to this research diary, in which I will attempt to organize my own ideas. Hopefully you will find something useful in there!
Prior to starting at TU Delft, I worked in various roles in the cybersecurity and defence industry. During this time I primarily occupied myself with Cyber Threat Intelligence and Vulnerability Management, the latter of which was heavily influenced by my work at the Dutch Institute for Vulnerability Disclosure (DIVD). DIVD is a volunteer-run non-profit foundation that focuses on conducting Coordinated Vulnerability Disclosure for (emerging) cybersecurity vulnerabilities worldwide, and within this foundation I contribute to its CSIRT as a researcher and CVE Numbering Authority (CNA) administrator.
This website will contain structured braindumps of topics I find interesting during my research and hope others will too. These topics will mostly fall into the following five categories:
- Research Process
- Vulnerability Disclosure
- Cybersecurity Policy & Ethics
- Reflections on Academia
- Observations on Cyber Threat Intelligence
If you find any of this as interesting as I do, feel free to connect with me on LinkedIn, through BlueSky or via the (historically) Blue Bird. As mentioned, I am using this space to think in public. Sometimes this will be with clarity, other times with ambiguity. Either way, it’s all about building something meaningful (and hopefully fun) in cybersecurity research. Consider this a sketchbook in motion.