I’m so excited to be speaking in my HOME TOWN, Victoria, BC, for the 28th Annual Victoria International Privacy & Security Summit! Come see us from March 3-5, and make sure you stay for lunch on Thursday as I will be the keynote, speaking at ‘Insecure Vibes’.

Tickets here: https://twp.ai/E6GiXf

I keep seeing stories about LLMs finding vulnerabilities. Finding vulnerabilities was never the hard part, the hard part is coordinating the disclosure

It looks like LLMs can find vulnerabilities at an alarming pace. Humans aren't great at this sort of thing, it's hard to wade through huge codebases, but there are people who have a talent for vulnerability hunting.

This sort of reminds me of the early days of fuzzing. I remember fuzzing libraries and just giving up because they found too many things to actually handle. Eventually things got better and fuzzing became a lot harder. This will probably happen here too, but it will take years.

What about this coordinating thing?

When you find a security vulnerability, you don't open a bug and move on. You're expected to handle it differently. Even before you report it, you need at a minimum a good reproducer and explanation of the problem. It's also polite to write a patch. These steps are difficult, maybe LLMs can help, we shall see.

Then you contact a project, every project will have a slightly different way they like to have security vulnerabilities reported. You present your evidence and see what happens. It's very common for some discussion to ensue and patch ideas to evolve. This can take days or even weeks. Per vulnerability.

So when you hear about some service finding hundreds of vulnerabilities with their super new AI security tool, that's impressive, but the actually impressive part is if they are coordinating the findings. Because the tool probably took an hour or two but the coordination is going to take 10 to 100 times that much time.

I am a Product Manager looking to do 30-minute user interviews with people currently writing and using Python at work to find out more about how they use Python.

These are 30-minute user interviews and not sales calls. These are about you, not my company, I want to learn what you are doing.

I am in the Mountain timezone and you can schedule with me here: https://scheduler.zoom.us/nicole-schwartz-xuzsro/30-min-with-nicole

If Mountain does not work for you, all the other Product Managers on my team would also love to hear from you and are doing the same thing. This link will let you choose a time and pair you with any available Product Manager. https://scheduler.zoom.us/d/n552da62/product-user-interview

We also would love it if you shared this link with someone you can think of who uses Python and loves to talk about it!

Thank you

Hear from Jason Ish ( @ish ), on the new Lua capabilities and #Suricata library features from Suricata 8. He lets us know why he’s happy to see these improvements and more in the video below!

Tune in: https://youtu.be/QzfrIflsEJw

By popular request, yes there's a Black Friday sale on The Homelab Almanac! Use code HOMELABIN2026 to get 50% off the "best guide to setting up a homelab" from now until the end of November!

UPDATE: Sale now extended through 12/5!

The book comes as a PDF, EPUB, and offline searchable website for your convenience.

https://taggartinstitute.org/p/the-homelab-almanac

Kicking off the afternoon talks, we had Patrick Kelley speak on Mental Health in Cybersecurity. Following, we had John Graat & Niels van Dijkhuizen talked on 100 Gbps in Practice and their experiences doing so.

Amazing talks!

#Suricata #SuriCon2025 #SuriCon

DOJ accuses US ransomware negotiators of launching their own ransomware attacks

The Department of Justice indicted Kevin Tyler Martin and another unnamed employee,
who both worked as ransomware negotiators at DigitalMint,
with three counts of computer hacking and extortion related to a series of attempted ransomware attacks against at least five U.S.-based companies.

Prosecutors also charged a third individual, Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Sygnia, as part of the scheme.

The three are accused of hacking into companies,
stealing their sensitive data,
and deploying ransomware developed by the ALPHV/BlackCat group
https://techcrunch.com/2025/11/03/doj-accuses-us-ransomware-negotiators-of-launching-their-own-ransomware-attacks/