Author: gainsec

Handling Two-Way Communication as a Technical Leader

Technical leadership requires more than directing tasks—it demands the careful management of two-way communication. A leader serves as the bridge between strategic intent from above and operational reality from below. That responsibility means presenting information in a clear and digestible way, without omitting what is beneficial, so both sides remain aligned in their respective roles. One effective approach is shielding: a strategy where the leader anticipates reactions, filters complexity, and ensures that both technical practitioners and senior leadership receive accurate, balanced communication. Shielding is not passive—it requires consistent effort, empathy, and accountability. While demanding, it is the most reliable way to build and maintain trust, ensuring that decisions are informed, practitioners are represented fairly, and leadership remains confident in execution.

Deriving the Most Value from Technical Team Meetings

Remote technical team meetings often miss the mark. Movie hours and “most interesting finding” contests sound engaging but tend to create low value, or worse, feed imposter syndrome. Through years of leading offensive security teams, I’ve found two approaches that actually build cohesion: continuous passive support through shared learning, and structured mid-depth discussions that surface perspectives without putting people on the spot.

Industry Standard Penetration Testing Reports Lack Two Key Enhancements

Penetration testing has traditionally been treated as a point in time exercise centered on identifying and exploiting vulnerabilities. While severity charts and baseline reporting are standard, they often fall short in giving executives the context required for strategic decision making. This article introduces two powerful yet straightforward enhancements, remediation effort mapping and threat model context graphs. Both of these elevate reports into holistic snapshots of an organization’s security posture. By reframing deliverables in this way, penetration testing shifts from a checklist of vulnerabilities and exploits, to a source of leadership insight, enabling more informed, timely, and impactful decisions.

Grounded Flight – Device 2: Root Shell on Flock Safety’s Falcon/Sparrow Automated License Plate Reader

All research was performed against a unit I owned and we did not and do not have any intention of disrupting any existing infrastructure. All disclosures are intended for research purposes only, on devices the researcher owns. Onto the next! In case you missed the previous two posts; where I went over what Flock Safety … Continue reading Grounded Flight – Device 2: Root Shell on Flock Safety’s Falcon/Sparrow Automated License Plate Reader

Plucked and Rooted – Device 1: Debug Shell on Flock Safety’s Raven Gunshot Detection System

All research was performed against a unit I owned and we did not and do not have any intention of disrupting any existing infrastructure. All disclosures are intended for research purposes only, on devices the researcher owns. Well with an introduction to the organization, their services and devices and some other information out of the … Continue reading Plucked and Rooted – Device 1: Debug Shell on Flock Safety’s Raven Gunshot Detection System

Bird Hunting Season – Security Research on Flock Safety’s Anti-Crime Systems

All research was performed against a unit I owned and we did not and do not have any intention of disrupting any existing infrastructure. All disclosures are intended for research purposes only, on devices the researcher owns. This is a introduction and overview post to give some background on the organization and their devices before … Continue reading Bird Hunting Season – Security Research on Flock Safety’s Anti-Crime Systems