About this blog

I love the sharing-is-caring principle and to live up to it I created this blog to share my IT security knowledge and information. I will be super happy if this will help anybody in any small way as many other blogs helped, and are still helping me. Side motive is to help me to start finishing things and not just have bunch of open parallel projects going on... :-)

This site is completely serverless hosted on AWS (Lambda, S3 and DynamoDB). You can read more about how I created the site in my first post, as it is appropriate topic for first blog post on any blog site.

Also disclaimer: This is a personal blog site. All content on this web site represents my own opinions and does not reflect the views of my current nor any previous employer. Not sure if it actually reflects anybody's opinion.

And who is Krkan? Not sure but definitively not people who live in Krk.

About me

A long time ago in a galaxy far, far away I was going through five years of IT university doing things like ARM programming, writing C code on white paper and green chalkboards, typing OO patterns in Java and looking slides with waterfalls (yes, I am that old). In last two years of university I specialized in a more scientific route and even solved several problems with a neural network or two.

Then, because they payed my scholarship, but also because of general sexiness of the sound of it, I started to work in nuclear power plant. I got to work with great people that were ahead of their time, saw couple of cool projects, however, because of being the youngest I got assigned jobs no one liked... :-) I didn't need to clean the reactor but instead I ended up almost learning by heart beautiful NRC documentation (my favourite was RG 5.71 (pdf)) and writing a top level document like Cyber Security Program and some of related implementation procedures. I understood the importance of these high level process oriented activities but for a young person it is not the most interesting thing to do, especially as I was studying to become a programmer. After six years there (yes, stable paycheck is important), I finally decided to give up my almost-retirement-approved job, move to another country and make my hobby be my job.

I am now working for couple of years on the offensive side. I have started as a web application penetration tester but diverged also into secure source code analysis and occasionally did simple mobile application and infrastructure pentests. In parallel with regular pentests I have spent year and a half doing Purple Teaming, however web application pentests were my secret mistress all along. Since beginning of 2020 I am leading an internal team of penetration testers. I was lucky to get support from my employer to go for couple of trainings, earned several certificates and now I am looking for next thing to make, break or both. :-) Hopefully, a post with proper security research content will appear here with time. If you want a better information about me check out links at the bottom of the page.

Other OSINT sources about me: