About

Cybersecurity Smith is the internet's most trusted source for satirical news from inside the IT and information security industry. We are read by sysadmins, network engineers, SOC analysts, developers, DevOps practitioners, CISOs who have lost the plot, and the occasional executive who has been forwarded a link by a passive-aggressive direct report.

Every dispatch is filed from an undisclosed location, which is a garage.

OUR MISSION

To report, with appropriate gravity, on the world as it actually is for the people who keep it running.

We cover the breaches that didn't happen, the postmortems that never finished, the certifications that solved nothing, the consultants who arrived late and billed early, and the all-hands meetings in which executive leadership announced that the company would be "doubling down on compliance" without specifying what compliance was, who would be doing it, or with what budget.

We do not break news. The news breaks itself, usually around 4:47 PM on a Friday, and we report on it the following Tuesday after we have finished restarting the affected services.

A BRIEF HISTORY

Cybersecurity Smith was founded in a server room during what was supposed to be a 30-minute maintenance window. The window closed eight hours later. The publication has been going strong ever since, on roughly the same schedule.

Our founding principle is simple: someone should be writing this down.

THE MASTHEAD

Cybersecurity Smith — Senior Correspondent, Editor-in-Chief, Founder
Smith has spent 27 years in IT and information security. He has been a sysadmin, a network engineer, a SOC analyst, a CISO at a company you've never heard of, and briefly a "Chief Vibes Officer" during a particularly dark period in 2021. He holds 14 certifications, 11 of which have expired, and has read every RFC at least once out of spite. His dog's name is chmod.

Dave Karlsen — Infrastructure Correspondent
Dave has been at his current employer for 22 years. He is responsible for everything no one else understands, including the labeled-but-unidentified server in the back of Rack 4. He communicates exclusively in sighs. He has not had a vacation since 2019. He says it's fine.

Marcy Pham — Help Desk Correspondent
Marcy fields tickets ranging from "my mouse stopped working" to "my entire department has been encrypted by ransomware," sometimes in the same morning. She has identified more active intrusions than the Security Operations Center, which she does not bring up because it would not be productive.

Tyler M. — Junior SOC Correspondent
Tyler is 23, recently bootcamp-certified, and approaches his work with the energy of a man who has watched Mr. Robot twice. He files P1 tickets at 4:55 PM on Fridays. He means well. He will, with luck and a kind mentor, be saved.

Brad Thornwell-Pierce, CISSP, CISM, CRISC, CISA, CCSP, CEH, Sec+ — Strategic Advisor
Brad serves on our masthead in an advisory capacity, in the sense that he advises us, unsolicited, in long emails sent at 11 PM. We read them. We do not respond. He recently completed his fifteenth certification, which he announced via LinkedIn carousel post. We wish him well from a respectful distance.

The Auditor — Compliance Correspondent
The Auditor appears once per quarter, asks the same questions, receives the same answers, and files the same report. We have never learned The Auditor's name. We have stopped asking.

WHAT WE COVER

News — Reporting on the events in our industry, slightly altered to be true.

Tickets — A weekly review of the most interesting items in the queue.

Postmortems — Reconstructed incident reports from organizations that have asked us not to name them, and one that did not ask but should have.

Thought Leadership — Selected dispatches from the LinkedIn of Brad Thornwell-Pierce, reproduced with comment.

Patch Tuesday Roundup — A monthly summary of what was patched, what wasn't, and who is on call.

EDITORIAL STANDARDS

Every article published by Cybersecurity Smith is fiction. Any resemblance to actual companies, executives, sysadmins, breaches, or compliance frameworks is, at most, structural. Real names, real brands, and real victims of real incidents are not our subjects. The pompous, the credentialed, and the oblivious are.

We punch at executive theater, certification culture, security cosplay, and the meeting that could have been an email. We do not punch at the people in the trenches, or at end users who clicked the wrong link because the link was designed to be clicked. They have suffered enough.

A NOTE ON COMPLIANCE

Cybersecurity Smith is not SOC 2 certified, ISO 27001 certified, PCI-DSS compliant, HIPAA compliant, FedRAMP authorized, or NIST aligned. We are aware of these frameworks. We have read most of them. We have opinions.

If you are an auditor seeking attestation of our controls, please email theauditor@cybersecuritysmith.com. We will respond in approximately one quarter.

CONTACT

Corrections: If you find a factual error in our reporting, please be advised that there are no facts in our reporting. The error is structural and intentional.

Press inquiries, partnership requests, "synergy opportunities," or pitches for guest posts about your AI-powered SOAR platform: Brad will respond. Please allow 6-8 weeks.

SUBSCRIBE

Cybersecurity Smith dispatches arrive in your inbox twice a week. They are free. They will remain free until we figure out a paid tier that does not feel embarrassing.

Subscribe below. Or don't. The articles will be written either way.

Cybersecurity Smith is filed from an undisclosed location. (His garage.)