Thinkst Blog

Fred Wilson over at AVC.com wrote a piece on the Etsy offices (in 2010) titled: " The office matters " In it he explained how " They are getting the best talent in NYC to come to their company " and commented on the importance of paying " attention to the office and the culture " of a company. Around the same time I had written a piece titled " Cargo Cult Startups " in which i posited that too many companies were faking startup culture, keeping draconian productivity-killing rules in place while plastering their offices with beanbags and nerf guns. I still maintain that copying Etsy's office style is not sufficient to inject Etsy-style-startup-magic into a company. But.. I recently came across a job-ad from Etsy which strikes me as completely awesome, start-uppy and yet completely stealable by established companies. ie. I think if a company was going to copy something that could actually help their business, it should be related to the Etsy j...

A little while back, a colleague of a colleague approached me with a favour request that was hard to refuse (no, not that kind...) They had one of these external harddrives that supports on-drive encryption and, as you will have guessed, had forgotten the password. No more saved business docs, but also no more saved baby pics. "Could we have a look?", they asked. A brief search online revealed companies who claim to be able to recover passwords for these very drives, but required shipping the drive from South Africa to Europe, and the cost was not instantly dismissible. Surely there was another way? Automating password entry was easy enough; when powered on, the drive's password entry dialog popped up and it was simple to drive the GUI and enter passwords. However, the slight hiccup was that, after five password guesses, the drive needed to be powercycled to reset the guess counter. One of my many failings is a distinct lack of basic electronic experience, and even being...

In 2009 I wrote a post on recruiting and mentioned " the T-shirt Test ". It read: The T-Shirt test is simply to ask yourself: "how will i feel standing at a conference, with this guy next to me wearing my company T-Shirt". If you don't like the thought, you shouldn't make the hire. I still feel strongly about the T-Shirt test, and feel really strongly about the importance of company culture which makes it crazily cool to officially welcome Marco Slaviero as the newest member of Thinkst. I worked with Marco for several years at SensePost, and we have had some über fruitful collaboration during (and after) that period. I could wax lyrical for a while, but we believe the results will be self evident. Watch this space!

Early last year we presented at 44con with a talk titled: " Penetration Testing considered harmful today ". 44con have just released the video so we figured it was worth a quick recap (for anyone not willing to tolerate the whiny voice!) The original slides (in PDF) are available ( here ) The central thesis of the talk is that penetration testing has established itself as a necessary activity for securing a network and is now pushed forward by a multi million dollar industry despite the clear signs that it is not helping all that much. ( Read the annotated slides here ) Watch the video here :