Michael Hyndman
Hello! I am a Chief Information Security Officer (CISO) for a global cyber safety company and this blog is a collection of my technical, commercial and social observations while navigating infosec. Any comments or opinions expressed here are my own, not my employers.
How I hacked into Google’s internal corporate assets
It’s raining command injections! Every now and then, I take some time to work on bug bounty projects to explore threat vectors into real world targets like Google, Tesla and many others. Doing so helps me stay aware of the fast-changing technical landscape, which is crucial for my role as a technology CISO. Plus, it’s…
The qualities of high performing security staff
The speed and reliability at which a CISO can deliver a security strategy depends heavily on the culture and characteristics of the teams and individuals that make up the security organization. It is for this reason that attracting and retaining highly effective security folk is paramount in order to build and run a security organization…
What happens when unsafe AI is profitable
For more than 15 years, tech leaders from around the globe have been lobbying governments to not regulate the technology industry. Over the last 12 months, this sentiment has been virtually reversed with tech leaders pleading governments to regulate Artificial Intelligence (AI). It’s one indication that if we’re going to do AI as a human…
The Security Organization
Over the coming months I’ll be writing a series addressing key challenges that CISO’s face – challenges that security folk typically don’t get trained on – and how I personally solve these as a CISO. I hope this will be a source of inspiration for other CISO’s and at the veorry least, a useful resource…
Dealing with stress as a security leader
Over the last few months I’ve been asked by multiple people how I deal with stress. This is no surprise – it is well documented that Chief Information Security Officers and many other security professionals have uniquely stressful line of work. Security leaders have all kinds of challenges to deal with in the course of…
How to optimize your hacking by understanding your mind.
Over the course of my career, the limitations and capabilities of the human brain and how these impact the tasks we perform, the choices we make and our long term career trajectory has been a source of great fascination for me. When solving problems at work we rarely take a step back and consider to…
Walking the path least trodden – hacking iOS apps at scale
This is a story of how I set out to find some bounties and how I found gold, hacking iOS apps, at scale. One of the essentials qualities of a bug hunter is the ability to find exploitable vulnerabilities that others haven’t found. The ability to find bugs not discovered by others is a quality…
Bypassing 403
A few weeks ago I came across this cool “accidental” exploit vector which was documented about 8 years ago by IRCmaxwell and describes a way to trick servers (behind a reverse proxy or load balancer) into thinking a HTTP request which is ordinarily unauthorised, is actually authorised. I read the blog post while doing some…
Observations in Security 