I've finally done it. I made a blog.

I can't say that this will necessarily be updated with any kind of regular frequency, but I just needed a place to gather some thoughts and host documentation on things that I do.

My current title is Sr Security Analyst, which sounds nice but in our small team I'm really a jack of all trades. I spend my days reviewing blinky box alarms, reversing malware, pentesting, incident response and generally working on whatever I can to sharpen existing skills or build new ones.

The title Security Sponge comes from a philosophy of being excited about nearly all things InfoSec. I have a desire and passion to learn so much, soaking it up as a sponge. See what I did there? I think I may be reaching a point in my career when a "jack of all trades" is going to be less desirable than a specialist so I may be forced to choose something sooner or later. When that time comes, I think I'll likely fall into a DFIR role because that's probably most interesting to me, but it would be nice to land someplace where I can continue developing pentesting skills because that's just plain fun.

You can find me on twitter @dougsec which is definitely more active than this.