“If you don’t prioritize your life, someone else will.” - Greg McKeown

One tough realization I’ve had over the past few years is that there are so many things I find exciting and would love to work on, but I just fundamentally don’t have time to do them right now. Or maybe ever.

So I’m trying to be a bit more diligent about where I spend my limited time, so I can make a bigger impact in a smaller number of domains.

Specifically, my current priorities are: my job (r2c), tl;dr sec (this site), and personal (hobbies, friends, family).

If trying to do fewer things better sounds interesting to you, I highly recommend Essentialism: The Disciplined Pursuit of Less by Greg McKeown. There’s a nicely detailed summary of the book here.

To save myself time (and a lot of stress), I’ve attempted to list below the types of things I’m currently working on, and more importantly, the things I’m not.

These will certainly change over time, but this is a point in time snapshot.

Current Priorities (The Do List)


  • Help Semgrep become the most powerful, flexible, and awesome static analysis tool in existence.
  • Help Semgrep become the default static analysis tool for every security professional, like Burp Suite for web app pen testing or nmap for network scanning.
  • Help ensure there are high quality Semgrep rules for every language and framework.
  • Build and lead a team of world class security researchers.
  • Measurably, significantly improve the security posture of thousands of companies around the world.
  • Help companies eliminate certain classes of vulnerabilities, meaningfully impacting the prevalence ranking of those vulnerabilities on the OWASP Top 10.

tl;dr sec

  • Regularly read about tools, blog posts, and conference talks that can make you better as a security professional.
  • Churn out the tl;dr sec newsletter every week.
  • Write original content for https://tldrsec.com.
  • Creating guides, for topics like having a great career in infosec, how to do security research, building and maintaining high quality relationships, and a variety of technical topics.
  • Learn about how to grow the reach, impact, and profitability of tl;dr sec.
  • Collaborate with talented security professionals to write original content for https://tldrsec.com.
  • Improve my reading and note taking processes, and automating what I can.


  • Exercise regularly.
  • Keep in touch with friends and family.
  • Get better at Emacs and Emacs Lisp.
  • Promote positivity, diversity, and a welcoming attitude in the security industry.

Non Priorities (The Don’t Do List)

  • Provide feedback for conference talks or blog posts that are not for https://tldrsec.com.
  • Provide feedback to security start-ups.
  • Collaborate on blog posts that are not for https://tldrsec.com.
  • Meet with VCs.
  • Do podcasts or talks that do not provide direct value to r2c and/or tl;dr sec.
  • Regularly read about news and current events.
  • Take on mentees.
  • Provide detailed 1:1 career advice to people I dont know (instead, prioritize writing guides that many people can benefit from).