
Michał Zalewski,  Director Information Security Engineering, leaves Google - weinzierl
https://twitter.com/lcamtuf/status/976307141177884672
======
dmix
If you don't know who this is, he wrote one of my favourite books on web
(browser) security: "The Tangled Web" [1].

Another lesser known book by him is also worth a read: "Silence on the Wire"
that takes a look at the full information security stack from the keyboard you
type on, to the wires the data transits, to the internet protocols, etc [2]
and looking at how each stage exposes/protects data.

And has quite an interesting history in infosec beyond that [3].

[1] [https://www.amazon.com/Tangled-Web-Securing-Modern-
Applicati...](https://www.amazon.com/Tangled-Web-Securing-Modern-
Applications/dp/1593273886/)

[2] [https://www.amazon.com/Silence-Wire-Passive-
Reconnaissance-I...](https://www.amazon.com/Silence-Wire-Passive-
Reconnaissance-Indirect/dp/1593270461/)

[3]
[https://en.wikipedia.org/wiki/Micha%C5%82_Zalewski](https://en.wikipedia.org/wiki/Micha%C5%82_Zalewski)

~~~
pjf
If you don't know who this is, read his CV: [http://lcamtuf.coredump.cx/cv-
web-en.pdf](http://lcamtuf.coredump.cx/cv-web-en.pdf)

~~~
raverbashing
yeah I think it's feeling the HN effect already

(a bit ironic that it doesn't have https enabled)

~~~
sigjuice
Not as ironic as the OpenBSD Foundation asking for donations via an http site

~~~
krylon
Their site is available via https, it just is not default. Which admittedly is
a little strange.

------
jfasi
@jvanegue:

> there is a CISO position to fill at @facebook I hear

@lcamtuf:

> Waiting for NYTimes to tell me why I am leaving Google first.

This little exchange speaks volumes about what's happening in the the media
regarding the tech industry: one company behaves badly and then all get tarred
and feathered. Facebook's security leadership starts jumping ship, and when
someone analogous from Google, a completely different organization with a
completely different (i.e. existent) moral compass and set of security
practices leaves his post for unstated reasons at about the same time, the
world assumes a similar scandal is on the way.

~~~
antirez
> a completely different (i.e. existent) moral compass

You mean, the company which basically turned "free services for all your data
and info" something at massive scale?

~~~
jonny_eh
It's all relative. A compass is still a compass.

------
i04n
Here is a post he wrote about leaving Poland and starting his journey to
emigrate to the US. He ended working as Director of security @ google even
without a college degree. [https://lcamtuf.blogspot.com.ar/2015/03/on-
journeys.html](https://lcamtuf.blogspot.com.ar/2015/03/on-journeys.html)

------
brohee
Among his many achievements, popularizing instrumented, legit data mutating,
fuzzing (afl-fuzz) which revolutionized vulnerability research.

And his guerilla-CNC guide is also an awesome ressource.

Very curious about what he does next.

------
dvfjsdhgfv
Whatever his plans are, this will be something big. He is a guy who could, if
he wanted, build a secure kernel for mobile devices for example. I always
think this security thing is a waste of his talent though, he's such a
creative guy and could do many other different things, instead he gets paid
for finding holes everywhere, and he's extremely good at it, so...

------
heedlessly2
maybe he's going over to Facebook. Their Chief of Security just left

------
lawnchair_larry
A tweet from a middle manager changing jobs doesn’t seem at all newsworthy.
Are people reading more into this than they should be?

~~~
kerng
A lot of folks in Hackernews have interest in security relevant topics also -
Its one of the reasons I am here, so I appreciate quickly reading this and
move on. Its a good indicator that HN is the right community for me. :)

~~~
lawnchair_larry
I too am interested in security related topics. I don’t know what that has to
do with this tweet. High profile contributors to the community changing jobs
is pretty common, so I’m not sure why a tweet about this particular case is
noteworthy.

~~~
CiPHPerCoder
Consider for a moment that Michal Zalewski might simply be held in esteem by
the HN community, and therefore his leaving Google after 11 years is
personally significant to many HN users.

Is that too far out for you to believe?

~~~
lawnchair_larry
I think highly of him as well, and am probably much more familiar with his
work than just about everybody upvoting.

I commented because it’s not obvious to me why _this_ tweet would be front
page news when folks of roughly similar influence and visibility change jobs
all the time, and we don’t seem to be submitting and upvoting their tweets.

Maybe soon we will report on what Dan Kaminsky ate for breakfast or which car
Charlie Miller was spotted driving!

