Panel Discussion, "Finding Your Footing in Apple Security"—Notes and Timestamps

October 16, 2025

from OFTW v3.0, London

Link to the panel on YouTube, audio only.

Future revisions of this post will include additional notes related to blog posts / talks given by the panelists, namely on TCC and also USB. I might also add more timestamps, but for this initial version, the timestamps only mark each speaker's introduction, followed by the questions themselves.

Panelist Introductions

• 0:40 Mikey Jack
  • Cybersecurity Threat Researcher at Redacted
  • macOS Incident Response
• 1:06 Luke Roberts
  • Senior Red Team Engineer at GitHub
  • Also defensive macOS research and tools
• 1:43 Kinga Kieczkowska
  • Security Consultant at Rada Cyber Security
  • macOS / iOS forensics after hours
• 2:19 Patrick Wardle
  • Founder, OBTS / OFTW
  • macOS security tools @ Objective-See and Double-You

Part 1 of 2—Questions asked by Patrick Wardle

Answered by all panelists, including Wardle himself

4:40—Introduction to the panel format, where the goal is to help students interested in pursuing Apple security

5:17—1. What was the single most helpful thing you did early on that got your foot in the door, and/or piqued your interest?

13:25—2. What do you wish entry level applicants knew coming in, so they'd be better prepared for what the industry is looking for, or so once they're in they can thrive?

21:37—Part of Wardle's answer to #2 addresses a public speaking class he took in college, and the importance of soft skills and being well-rounded in addition to one's technical skills. In particular, he and the other panelists address documentation, blog posts, and conference speaking as additional factors companies are looking for when they're hiring.

26:23—3. When companies are looking to hire, what is a project that a student could build in a few months, to illustrate their curiosity?

33:57—4. What would you say are some of the biggest misconceptions students might have about Apple security jobs?

39:40—5. What's one Mac or iOS security topic you wish students explored more early on?

Part 2 of 2—Questions from the Audience

46:58—6. This is the first time a lot of people in the audience are getting a good education on Mac security. Is there a gap in higher education focusing too much on Windows, and if so, how can we solve that?

51:36—7. Is low level technology a good career direction, since people need to chain together more vulnerabilities to actually pull off a 0-day now, compared to a while back?

58:12—8. In your opinion, what makes a blog truly good, and what content is the best?