Today I'm very excited to announce the launch of my new security consulting company, Isosceles. I created Isosceles to help companies build secure products, and to share my insights about hacking, security research, and application security. Isosceles will focus on high-end technical services including security reviews, automation, and research for companies that are investing in a strategic, long-term security posture for their products.
My name is Ben Hawkes, and most recently I was working as the technical lead of Google's Project Zero security research team. After taking some time off with my family (two kids under two!) and tinkering on some research projects, it's a great time to dive back into professional work and I couldn't be more excited.
At Project Zero, our team explored state-of-the-art vulnerability research, discovered numerous critical risk vulnerabilities in widely used platforms (such as Android, Chrome, iOS, and Windows), and drove industry-wide changes in exploit mitigations, sandboxing, and secure development. From disclosing hardware attacks like Spectre and Meltdown, to discovering 0day exploits being used in-the-wild by state-sponsored hackers, Project Zero's work had a wide ranging impact on the security of modern technology.
I'm incredibly proud of that work, and now I'm excited to share some of the lessons I learned at Project Zero with a new audience.
My first security industry job was to reverse engineer software patch releases in order to find vulnerabilities and write heuristic-based detection signatures, and remarkably the same job description could be used today. A lot has changed in the foundational design of our technology platforms, and security has substantially improved, but the threats we face often have a familiar and repeating shape.
In order to change that shape, we constantly aim to achieve structural improvements to security -- but it isn't always easy. One thing that can help is talking to experienced technical leaders that can combine on-the-ground expertise with the ability to drive practical, simple, business-conscious, and enduring solutions that measurably improve security.
If this sounds interesting to you, head over to Isosceles (https://isosceles.com/) to read more about my service offerings and how to get in touch. I'm excited to explore and help with a wide range of technology, so please don't hesitate to reach out to discuss what you're working on.
Finally, I'm excited to use this blog to start providing some ongoing analysis, insights, and commentary on topics related to hacking and security research. I'll be announcing blog posts on Twitter, Mastodon, Threads, and LinkedIn, or you can subscribe to email updates below. I'll be starting with a historical retrospective on StageFright, and a closer look at exploit reliability.
Thanks for reading!
- Ben Hawkes