There and back again, an infosec journey

Hey there 👋, I'm George - an information security practioner in the mobility sector. I help secure large internet-connected batteries. This is where I share my journey as a Information Security Officer.

Before I go any further, I must confess. George Kaplan is not my real name. I first used this pseudonym in 2016 in a previous blog about threat intelligence. At that time, I was CTI analyst at a government CERT. There weren’t many blogs about this emerging field, despite the fact that 2017 turned out to be a disastrous year. If you're curious, you can still find this blog on the Wayback Machine - and thank the Internet that never forget.

After many years as red team leader in a government agency, I've recently shifted fields and I'm going back to mes premiers amours - working as an information security officer at a young but fast-paced company in an higly competitive market. In 2025, finding a company with little to no IT legacy, but with a strong roadmap and state-of-the-art technologies is like finding a needle in a very large haystack. Though I am a seasoned cybersecurity practioner, this shift still feels like a bet and a fresh start in this ever-maturing field.

You see where I'm going. I have a strong feeling that reviewing these early years trying to build a mature cybersecurity capability from zero to hero makes for a solid starting point for a new blog. As a result, these articles will (or already do) cover many practical subjects, such as risk analysis, SOC building, vulnerablity assessment and internal pentest engagements topics - all viewed through the lens of human resources, processes, tooling and techniques.

Blazing success and miserable failures are shared with no shame, but with a touch of OPSEC, since threat actors may take a keen interest for blue team members defending a targeted network.

Latest articles

A Quiet Afternoon Looping with Claude 2026-05-19

Where the moral of the story is model tier can be a security control whether you finance team likes it or not.

The forgotten IoT that Should not Be 2025-11-04

A wild encounter in an uncharted OT territory that should not surprised the seasoned practitioner aware of the human factor.

A Partial and Unpopular History of Modbus 2025-08-22

A journey into the dark side of the Modbus protocol, where we uncover untold secrets about "smart" devices and ancient spells to conjure the evil.

All Thou Needest is Flask, Quoth The Python in Eldritch Speech 2025-06-18

A side quest where we build a secure, minimal-maintenance blog using Markdown, Flask, and AWS