Ryan Basden

I would simply write memory-safe code

Claude API issues are the new us-east-1 outages.

@_xpn_ He's trying to implement unsafe data structures, get him!

I hate rust so very, very much!

Link to the hospital's site for those interested: turtlehospital.org

Went to a turtle hospital in Key West today. They drown if they eat plastics that ruin their buoyancy. They develop tumors as we contaminate the water. They get hit by boats/jet skis and become permanently paralyzed. Sometimes it's hard to keep caring about security.

@roguekode @trashp4ndasec Once I can get on the track a few times, I don't think I'll be able to resist the pull of a 636 much longer

@roguekode @trashp4ndasec This man is dehumanizing my Ninja 400 for not having enough CC

jk, this is my preworkout tub, you really thought I went to RSAC?

Marketing designs at RSAC were wild this year

Sometimes I wonder if I could ever go back to just being a good people manager. I miss leading and developing teams, but I will never miss the mountain of billable work that usually comes with consulting.

@curi0usJack There was never any question

It's over.

@roguekode This is a FOMO nuke if I’ve ever seen one, holy shit.

@GrahamHelton3 omg twins

The van build adventure starts tomorrow, I'll be leaving home and traveling 16 hours to the build site with a cat and an ungodly amount of compute.

The industry will keep moving. Being self-directed is the only way to stay ahead of it. If you want a longer version of this with some "old man yells at cloud", check out my personal blog: ryanbasden.com/blog/infosec-t…

The practical answer, I think, is to treat your own development as your own responsibility. Build a home lab. Develop a methodology you actually own. Use open-source tooling to sharpen your own workflow rather than renting access to someone else's.

The people who buy tools and the people who use them have different interests. That gap is what's being exploited here.

The AI pivot is the latest version of the same pattern. "Autonomous pentesting" tools being sold not to practitioners but to the companies that hire them, or used to.

So the subscription tiers appeared. The premium learning paths. The certification ecosystems and leaderboards. All of it designed to keep people engaged and paying, with employment dangled as the reason it's worth it. None of that is unique to infosec. It's just how this goes.

Then came the venture capital, which is when things got predictable. Running infrastructure for hundreds of thousands of users isn't cheap, and the platforms that took outside funding took on the same mandate every VC-backed company takes on: grow revenue, find an exit.

The problem is that making something accessible doesn't automatically make it meaningful. The skill set that used to come with years of context and technical background got packaged into modules. Certifications multiplied. Resume parsers got fed. The signal got fuzzy.

HackTheBox and TryHackMe came along and did something genuinely useful: they made the educational content more accessible and far cheaper by separating it from the credential. A polished platform, lots of free material, and a lower barrier to entry for people who wanted to learn.

But the moment a credential becomes a line item on a job description, the market starts trying to produce it more cheaply.