Welcome to the blog of 0meta Security, a (very) small penetration testing and general infosec firm in Oklahoma, USA.

I am your host, Jon Hickman, Chief Hat-Wearer.

This is a corporate blog, true, but I don't intend to be very stiff in tone here. Rather, I want to use this space to talk about cool stuff, opinions held by me, infosec news, tools and training, etc.

I'm using a snazzy static site generator to create the blog and its posts, and while this theme supports comments I honestly think that's what email is for. Maybe someday I'll turn it on, but in the meantime the address to submit any feedback will normally be blog@0metasecurity.com.

I suppose I'll talk about myself a little bit. I have worked in PC repair for 13 years, for the same company in Norman, Oklahoma. About 10 years in, I decided that I wanted to branch out and learn more about information security. More importantly, I didn't want to go deeper into traditional system administrator roles because my workday stops when I leave the office and starts again when I show up. Putting out random fires for months or years at a time, potentially at all hours, is a repulsive thought.

I was listening to the Security Now podcast at the time, and started getting a feel for what working in infosec might be like. It sounded fun, and more importantly, it seemed I would be able to break things for a living.

(Come to find out, that's not the whole story, and in penetration testing you often don't want to break things...moving on)

I started on this path slowly by getting comfortable with Linux and some web technologies and software. It was around a year in that I heard about Offensive Security and the OSCP. The road I took during the Penetration Testing with Kali Linux course and subsequent passing of the exam is material I will go into in-depth in other posts, but for now it will suffice that I spent the previous 2 years to the present slowly gathering the skills I perceived I would need.

I also had to learn how to start a proper business. Which, quite honestly, should really read "I learned how to delegate all this crap that I don't know and don't care to learn." While I am the sole C-class exec, I have the normal business minions you need to not run afoul of the law, get your taxes right, etc.

Going forward it will be a busy year for 0meta, where we formally-and-in-full-title begin doin' werk instead of the low-key activity up until now. Hence this site, and the home page, etc. I've got conferences to attend, lawyers to meet, people to train.

Blog posts to write too.

Anyway, this should about cover it, and barring any relevant happenings should be one of only a few posts of this not-really-about-infosec sort.

If you're here from a link, a potential customer checking us out, or just came here from an IRC channel, I welcome you. Stay awhile and listen read.

P.S. The site is completely static, there's no robots.txt to point giant neon signs at directories I don't want you to find, no databases to point sqlmap at, etc. Password auth is turned off, SELinux is on (yes, even on linode) and there aren't any magic proxies. Not that you'll believe me anyway. But please, if you do find a hole in the site, I'd prefer you shot me an email rather than blow my website up, or replace the homepage with dubstep cat.