J.M. Porup

to hold a quill is to be at war.


J.M. Porup is a cybersecurity && national security reporter.

He has covered wrongdoing at the NSA, GCHQ, CSE, and elsewhere. His work has appeared in Ars Technica, The Christian Science Monitor, Slate, Motherboard, The Daily Dot, The Kernel, The Economist, CyberScoop, the CBC, and CSO Online.

A programmer and sysadmin turned journalist, Porup holds a Master of Information and Cybersecurity (MICS) from the UC Berkeley iSchool. He lives in New York.

He prototyped new security tools as part of the Berkman Klein Assembly 2017 security incubator at the Berkman Klein Center for Internet & Society at Harvard University. While at Berkeley he also worked as a public interest technologist defending an international NGO with nation-state adversaries as part of the CLTC's Citizen Clinic.

In a former life, he worked for many years as a F/LOSS programmer in Melbourne, Australia. As a reporter with a solid background in computer science, he brings a depth of technical understanding to his reporting that few journalists possess.

He reported from Latin America for a long time. From his base in Cali, Colombia, he co-authored Lonely Planet guidebooks to Venezuela, the Dominican Republic & Haiti, South America on a Shoestring, and the Caribbean Islands. He was the Co-ordinating Author of Lonely Planet Colombia, 5th ed. He speaks Spanish fluently with a hilarious gringo-Colombian accent.

Porup is also a comedian who has trained and performed at Second City, UCB, Magnet, The PIT, and with clown teachers on both sides of the Atlantic, including Philippe Gaulier.

Some recent work:

Investigation: Bug bounty platforms buy researcher silence to cover up security vulnerabilities CSO Online, April 2, 2020

"ISIS" hacks Saudi embassy, demands $50 million — or else CSO Online, April 8, 2019

Fear and Loathing in the Cyber Force: going gonzo to defend critical infrastructure CSO Online, December 17, 2018

Want to hack a voting machine? Hack the voting machine vendor first CSO Online, March 28, 2018

The NSA’s SKYNET program may be killing thousands of innocent people Ars Technica UK, February 16, 2016

Hunting for Mexico’s mass graves with machine learning: As many as 300,000 victims of Mexico's drug war could be hidden in fosas clandestinas. Ars Technica UK, April 17, 2017

A battle rages for the future of the Web: Should the WWW be locked down with DRM? Tim Berners-Lee needs to decide Ars Technica UK, February 13, 2017

New tool can help prevent government-mandated backdoors in software, Swiss researchers say CyberScoop, July 25, 2017

Turning security flaws into cyberweapons endangers Canadians, experts warn CBC, September 2, 2016

UK secret police are indiscriminately spying on millions of innocent people Ars Technica UK, April 20, 2016

Without anonymity, democracy crumbles: Building a new Tor that can resist next-generation state surveillance Ars Technica UK, August 31, 2016

Hacking Team hacker steals €10K in Bitcoin, sends it to Kurdish anticapitalists in Rojava Ars Technica UK, May 18, 2016

The Linux kernel's Ralph Nader moment Ars Technica UK, September 27, 2016

CISSP certification: Are multiple choice tests the best way to hire infosec pros? Ars Technica UK, July 4, 2016

“Internet of Things” security is hilariously broken and getting worse Ars Technica, January 23, 2016

Cothority to Apple: Let’s make secret backdoors impossible Ars Technica, March 10, 2016

Underwriters Labs refuses to share new IoT cybersecurity standard Ars Technica, April 13, 2016

British police, in witch hunt, demand suspect turn over encryption keys—for the second time Ars Technica, March 31, 2016

European spy tech sold to ultra-secret branch of Egyptian gov’t, claims new report Ars Technica UK, February 25, 2016

Malware in the hospital Slate, January 25, 2016

FDA presses medical device makers to OK good faith hacking The Christian Science Monitor, February 10, 2016

Ransomware is coming to medical devices Motherboard, November, 2015

Why aren’t there better cybersecurity regulations for medical devices? Motherboard, October, 2015

‘Dissent,’ a new type of security tool, could markedly improve online anonymity Motherboard, September, 2015

This new ‘secure’ app for journalists may not be secure at all Motherboard, October, 2015

Reverse engineering proves journalist security app is anything but secure Motherboard, October, 2015

Debian Reproducible Builds Motherboard, September, 2015

Qubes: A Digital Fortress? The Economist, March, 2014

Bitcoin Paradise? The Economist, December 26, 2013