There’s no time like the present.
My name is Max van der Horst, and I am a PhD researcher at the Delft University of Technology, where I study (anti-)abuse governance within the hosting ecosystem. Writing has always been one of my preferred tools for imposing structure on complex problems, and this site serves as a space to think in public about cybersecurity research, policy, and practice. Hopefully you’ll find something useful in here.
Prior to starting at TU Delft, I worked in a variety of roles across the cybersecurity and defence sectors, with a particular focus on Cyber Threat Intelligence and Vulnerability Management. Alongside my academic work, I remain involved in several public-interest cybersecurity initiatives. I contribute to the Dutch Institute for Vulnerability Disclosure (DIVD) as a security researcher and CVE Numbering Authority administrator, support the Virtual Routes Cybersecurity Services Centre in helping organizations with a societal mission improve their security posture, and participate in OverRIPE, a community initiative dedicated to understanding and addressing the infrastructure and service ecosystems that facilitate cybercrime, fraud, and online abuse.
This website contains structured braindumps of topics I encounter during my research and work, and which I hope others will find interesting too. Some posts are research-driven, while others are reflections on policy developments, vulnerability disclosure practices, cybercrime infrastructure, or the realities of conducting cybersecurity research. Not every post arrives at a firm conclusion. Many are simply attempts to understand a problem in public.
Most posts will fall into one or more of the following categories:
- Research Progress
- Vulnerability Disclosure
- Cybersecurity Policy & Ethics
- Internet Governance
- Observations on Cyber Threat Intelligence
The name Disclosing Observer reflects the purpose of this site: observing systems, institutions, and practices, then making those observations public. Sometimes with confidence, sometimes with uncertainty, but always with the goal of understanding how cybersecurity works in practice.
If you find any of this as interesting as I do, feel free to connect with me on LinkedIn or through BlueSky.
As mentioned, I am using this space to think in public. Sometimes this will be with clarity, other times with ambiguity. Either way, it’s all about building something meaningful (and hopefully fun) in cybersecurity research.
Consider this a sketchbook in motion.