Contact

Couple of notes before you write so we both save time.

Things I'd actually like to hear about:

• Questions about a post, an IOC, or something you saw on the fleet
• Small-org or non-profit DFIR situations where a second opinion would help. Pro bono, case-by-case, no SLA, no guarantee of capacity, but I do triage every one
• Paid engagements: deception design, detection content, custom honeypot work
• Press, podcast, or speaking (happy to nerd out)

Things I'm not going to take:

• Incident response retainers or on-call work
• "Just a quick five-minute call" framing for what's actually a two-hour problem. Write it out; if it's interesting I'll read it
• Sales pitches for SOC products, lead-gen, or "we'd love to feature you on our podcast about [unrelated topic]"

More on what I work on on the about page.