shellsharks
Mike Sass — Security researcher in the VA/DC metro area
Personal blog of Mike Sass, a security researcher and indie web advocate. Covers cybersecurity, penetration testing, IndieWeb philosophy, and personal reflections on burnout, gardening, and life outside the screen.
shellsharks.com/blogsThey exist to harm workers. You don't democratize creativity by automating the act of creation.
A security researcher's digital homestead, built with real care for the indie web. Mike writes about cybersecurity with practitioner depth — penetration testing, AI security frameworks, threat modeling — but the blog is just as much about the life around the work. Posts on burnout, gardening plans, and the ethics of AI sit alongside technical deep dives, giving the whole site a grounded, human quality that most infosec blogs lack.
Written by Mike Sass since 2019.
Occasional
Publishes a few times per month
1
Independent Blog
English
How this blog's content is accessed through Blogs Are Back.
Full Content
RSS feed includes complete post content for reading in-app
Direct Access
Feed can be fetched directly from your browser
Direct Post Links
Post pages can be loaded directly in the reader
Embeddable
Posts can be displayed inline in the reader view
Recent posts from shellsharks's RSS feed.
Beep, Boop, Sad 🤖 😞
“AI” is making me, and a lot of other people sad. This collection of links will give you an idea why… ⚠️ WARNING!: Click on these links at your own peril. They’re likely to make you even more sad. Sam Altman Says Intelligence Will Be a Utility, and He’s Just the Man to Collect the Bills: Altman said, “We see a future where intelligence is a utility, like electricity or water, and people buy it from us on a meter.” Silicon Valley is buzzing about this new idea: AI compute as compensation...
Conflagration
I don’t think I really know when it happened—the “burnout”. It’s not something that happens all at once. Maybe you see it coming, you start to spot the signs. Or, if you’re like me, you don’t know it’s happened until months or years after being mired in the after-effects. I would slip… in… and out, of the conscious realization that I was indeed burned out. There were times I found myself very lucid, entirely aware of how burned out I had become. Through other spans of time I managed to disassoci...
Using MAESTRO to Secure Agentic AI
I recently came across MAESTRO—billed as a “novel threat modeling framework designed specifically for the unique challenges of Agentic AI.” I fancy myself a bit of a collector of threat modeling frameworks, so of course I decided to dig into the writeup to see what innovative ideas it brings that are uniquely applicable to the world of agentic AI systems. TL;DR—I don’t think its approach, the actual “framework” for modeling, is particularly novel. Rather, what this whitepaper usefully introduces...
Garden Plan 2026
Howdy y’all 🧑🌾! Spring is just around the corner and as such, I’ve started thinking about what I’m goin’ to do gardenin’-wise in 2026. Last year was the first time I’ve ever tried to grow anything, so I wasn’t particularly ambitious. I grew some cherokee purple heirloom tomatoes which turned out amazing, and I harvested some blueberries from a bush that was already in the yard from before I bought the house. That’s it though. This year I’m planning on expanding the garden to additional zones...
The Human Web
The year is 2026. AI has hollowed out what little humanity remained within the enshittified husks of the big tech slums us mortals digitally reside. Our privacy has been laid waste, our identities subjugated, our voices silenced, and our (digital) world sterilized. But this need not be our fate. A web revolution has begun my friends. What was once the nascent spark of a long lost web, is now a flourishing of digital gardens—personal sanctuaries on the net. It is there that once again people are...
Follow shellsharks
If you want cybersecurity writing from someone who actually does the work and cares about the web it lives on, this is the blog to follow.