To new beginnings

Written By Johnathan Kuskos

Hello friends! It’s been an absolutely wild and exciting last few months. For those seeing this for the first time, I’m Johnathan Kuskos, and I stepped away from 12 years of leading and building world class information security teams in top F100 and fintech companies to start Chaotic Good Information Security. The goal is admittedly selfish but simple, hacking has always been my favorite part of the job and as my career escalated the days became less and less about hacking. I’m absolutely bursting with fun focus areas here and am excited to grow this consultancy in an extremely grassroots way. Here’s a little transparency and honesty in where we’re at and where I see us going:

  • We have a website! That means we’re real, right? Thank you to Sarah Lawrence for advising on logos and various branding thoughts. Although branding and marketing isn’t my sole focus, some effort was required to be spent here.

  • Around September of this year we’ll be officially open for business, so Q4 will be the first real business push. We’re in more of a soft launch / friends and family mode at the moment while I iron out the repeatable processes and get automations in place for intake, response, secure data storage, blog focuses, content creation, newsletters, etc. In the mean time I’m happy to start building relationships with prospective clients, send me a message if you’d like to get in while we’re early(and very cost effective).

  • Back in the day around 2012-2013 before bugcrowd/hackerone/intigriti and all of the other responsible disclosure platforms popped up, I paid off six figures of student loan debt through moonlighting bug bounties(big thanks to google and mozilla mostly for that). During the downtime between client assesssments, I intend to spend most of my time getting back into the space here. Since these spaces have had the better part of a decade to mature I have a bit of catching up to do.

  • This company will be 100% hacker driven and operated. No if’s, and’s, or but’s. As we grow, and whether that’s slow or fast, everyone on this team will understand how to perform a basic penetration test. This includes sales, marketing, accounting, any and all of the above if we ever get to that point. At the end of the day I want us to be known for our deep connection the problems faced on the front lines of application and product security. No one is allowed to say “just shift left” without having actually attempted to transition an enterprise from spontaneous compliance driven pentests to automated remediations through ci/cd integrations. As much as the enterprise sales folks love to pitch that, I promise you it’s 100x harder to execute on than it sounds.

  • Looking forward to getting back into public speaking, as it was admittedly momentum derailed when I began joining fintech companies, and the first training is already booked. If you’re in the Austin area in September, myself and a few other leaders in the field are putting on a free workshop intended towards developers with a security focus, you can find more details here: https://tromzo.com/developers-and-security-are-friends-day

Next up on the roadmap is a chance to take a second, breathe, reflect on what’s been done and what still needs to be accomplisehed, enjoy an upcoming 2 week vacation to Europe with the family, and then come home to BlackHat/Defcon/BSidesLV in Vegas. Thank you to everyone following this journey, your support means the world to me, and I’m excited to see where this goes!

Happy Hacking ~ Kuskos

Johnathan Kuskos
Previous

Unmasking the Art of Hacking