It’s been over a decade since I joined my first startup. During that decade I’ve certainly learnt a lot, and one of the biggest takeaways is that at different stages of startup life you need to bring different people on board.

In my experience the biggest blocker for startup’s growth is a stagnant mindset of its founders, who resist making changes in their leadership team. Often, it’s exactly an ability to make tough calls of this nature that differentiates startups who thrive and the struggling ones.

It is super tough to part ways with the people who helped you get…

Regardless whether you’re creating and selling software or you’re just using it to run your daily operation, you are an IT company. Show me a business which doesn’t require technology as an essential element of its strategy and I’ll show you what you’re missing.

If you’ve been listening closely to the things taking place in the security industry you might have heard the following statement “security perimeter doesn’t exist anymore” thrown around like it’s nothing. …

You need a separate room if you want to be effective while working remotely. There are so many reasons for it that even though I’ve been working remotely for over 7 years, every few months I discover new benefits of it.

Many people attempt remote work, hoping that their lives will get so much better if they only don’t need to commute to work anymore. …

We had this worry years ago, and guess what? Nothing is happening in the space that would reduce the number of required security professionals to keep the world spinning.

If anything, more than ever we need security professionals in all disciplines. More applications is developer, more innovation is created by visionaires, more eyeballs we need to test it all.

Unfortunately, we’re not moving in the enough fast pace in the security space, to reduce the costs for businesses of running security operations. They still need to hire highly competent and expensive security professionals.

On the macro scale, nothing has really…

Image from

I’ve recently was asked for a numerous time — “Is being a great developer vital when choosing information security as a professional career?”, so I decided to write a more in-depth answer to the question.

My answer below:

Beneficial? Yes.

Necessary? By no means. Demand for development skills in infosec is raising, but the demand for general infosec specialists is growing even higher.

I know many fantastic security professionals, who just hate programming. They’ll code a bit to help themselves, to build some simple automation for their tasks, but they’d never write any serious application.

The market for infosec professionals…

Picture from

Having worked on both sides of the fence, I want to share my biggest lessons learnt during my career that entailed:

  • being a penetration tester and red teamer
  • being an accomplished bug bounty hunter
  • working as an internal QA engineer, Security Engineer and Security Architect a’ka blue teamer
  • running and maintaining bug bounty program for a handful of companies
  • worked as a head of security reporting to the board of directors for maximum ROI of security initiatives, including penetration tests and bug bounties

Here is a list of action items I recommend you to take during and after penetration test/bug…

Credit goes to chasezephyr, at

I’ve seen following questions pop up very often, so decided to write some brief blogpost about it from my POV.

For how long will the security testers’ work be required?

What is the future of IT security industry and penetration testing?

This is my bio which adds some context to the whole article

I started my ‘adventure’ in the IT world from the very lowest positions. I’ve worked as a computer technician, network admin, web programmer, system administrator and after many years I started delving into the security related matters

Still working as a programmer, I started educating myself on an offensive security and enjoyed reporting security issues to variety of companies…

Make everyone involved

You need everyone’s perspective. To build robust security program which actually solves problems of your organisation, you need questions and insights of other employees.
Sometimes, we’re not even aware that employees use a specific tool, thus we have no way of protecting them. You need to talk to people, you need to encourage the culture of communication, so people know how important it is to keep you in the loop with new tools and processes. …

Have you seen this^ yet?

In the past few weeks I’ve seen a flood of these among my acquaintances on Facebook. People perceive it as a funny feature and are happy to share such information with their networks.

All appears to be good, but have we really thought thru consequences of it?

Yeah, that’s one of the most stupid features I’ve seen. It’s tragic given how much effort we — security professionals- put in employees education and teaching masses that they should not disclose too sensitive personal information in public/social medias.
Yet on the other side people have Facebook encouraging users…

Make each action purpose and data driven

Both in personal and professional life, trust is hard to earn and unbelievably hard to regain. Every step you take in any new relationship should be carefully planned.
When you’re joining a new company, for the first couple of months — or as long as it takes you to prove yourself — you must pay extra attention to the things you do, because you don’t want to create any negativity around your name. …

Dawid Bałut

Security Architect, Startup Angel, Optimization Freak. A man who failed many times at many things and shares the lessons so others have it better.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store