Welcome
My name is Mattias Högström, and I live and work in the south of Sweden. I have worked as a developer and software architect for more than 20 years.
As a kid growing up in the eighties I taught myself programming on a Commodore C64, at twelve with a reference manual in english. This followed by C programming for the Amiga and a 386 PC computer. The cpus at the time were slow, so your code had to be efficient. I found my calling, and took a Master's degree in Software Engineering in 1999. The years that followed really expanded IT into every industry.
The expansion never stopped, and more and more things are digitalized, and automated. For good and worse. Connecting your lawnmower, home appliances, car, and coffee machine has brought new technical possibilities. The downside is that every new appliance that is connected is a new attack surface for cyber-criminals.
Debug pins or ports needs to be secured or removed. Operating systems need to be patched regularly. Applications needs to be developed with security in mind. Threat models need to be made, code reviewed, code and 3rd party components scanned for vulnerabilities. It also important how the process is around using the applications. We need to consider password complexity, 2 factor authentication, access control with expiring and rotating tokens and certificates.
On top of this there are more regulations to be followed. GDPR to protect our personal data. NIS-2 which are cybersecurity directives for companies being part of sensitive and critical infrastructure, like food processing and energy.
Since 2017 I have worked with Application Security, and Security Assessments. 2022 I started with Penetration testing, analyzing network infrastructure, web and application security. In my daily work I work close with developers, teaching OWASP secure programming, doing threat models, implementing DevSecOps in the organisation, documenting and driving best practises. Protecting OT (machines in factories/operational technology), with remote access, life cycle management, and always trying to be a step ahead of the cybercriminals.
My edge in the industry is that I have a long developer and software architect background, and I have acquired knowledge in cybersecurity. When doing pentesting, I know how developers think, how the applications are built and work. Knowing cybersecurity helps me talk to developers and designers in a way they understand, and talk to them around possible solutions, that actually makes sense from a cost benefit perspective. Being a a developer at heart, means that I can go from idea of a tool to actually implementing the tool myself.
One such adventure was to build my own Password cracker running on a computer rig with 6 GPUs. This feat required learning GPU programming, and thinking about ways to optimize the code to make it run faster. Todays machines are capable of executing more than 4 billion cycles per second, on each and every core. CPUS is also hyper-scalar, meaning it can execute more than one instruction per cycle. However it is a challenge to keep the CPU busy. Only certain jobs can be parallelized to run on multiple cores, and it can be a challenge to keep the cores busy, being CPU or GPU cores. There are many lessons learned from knowing where the bottlenecks are.
Contact
I am always interested in meeting new people for discussing technology, exchanging ideas, or just sharing tips and tricks.
Articles and Prentations
As a coder I used to publish my hobby projects on https://www.codeproject.com. In the heydays Stackoverflow and CodeProject was the goto sites, to learn, ask the community, and get sample code. CodeProject differed in the sense that it had a section with redacted articles. Main interests at the time was debugging, reversing, and tool creation.
Here you can find my debugging articles on CodeProject.com