After completing the MBA programme, I had opportunity to spend additional semester focusing on advanced management disciplines and preparing my master’s thesis. This stage was primarily dedicated to research, with many ideas grounded in academic papers.
The central question of my thesis was: what if process of creating product innovation is viewed as a state machine — structured set of states and transition rules between them? From this, I formulated hypothesis: for an innovation to be successfully integrated into product, each stage of its lifecycle requires sequence of well-informed decisions, supported by right data.
In the research, I examined methods that help generate actionable insights at different stages of business process: Human-Centric Design to map ideas, Kano model to prioritise them, Axiomatic Design to establish precise business requirements, and TRIZ to resolve contradictions. If we imagine each of these methods as API that describes how to retrieve and act upon data, the resulting state machine can be represented as MCP for product management. But that’s topic for another study.
During lecture in Knowledge Management module, one phrase resonated with me: “Energy matters more than intelligence.” A thought-provoking hypothesis indeed. Happy Knowledge Day to everyone exploring this hypothesis.
Denis Makrushin

Denis Makrushin
Denis is chief technology officer of cybersecurity product line at telecommunications company. He is responsible for product development, defining technology strategy and driving future technical innovation.
Back in 2015, I had my first international talk at Nullcon in India. Warm community, great people. I left with Indian friends and strong impression.
Five years later, BSides Cairo became my first experience on the other side of the table — joining the Advisory Board.
Now the paths cross again: I’m joining BSides Vizag as an Advisory Board member to help bring best-in-class research to the stage.
CFP is open. Submit your research and let’s make it big.
As long as the CVE remains the main index of known vulnerabilities, teams of security analysts and engineers will develop processes to track updates. They will not only track changes, but also enrich database with additional data to help them prioritise fixes accurately.
At the heart of our AppSec platform is an open-source project called Trivy. It’s a software composition analysis tool that helps developers to detect issues in dependencies used in their code.
This time, we are not only integrating, but also contributing: in Trivy 0.65.0 release, our developer, Stepan Dolgintsev, added the CVSS vector support. This means that CVSS itself will soon appear on our Supply Chain page, enabling developers and AppSec engineers to triage vulnerabilities more accurately.
The Trivy team has acknowledged this contribution. Congratulations to Stepan on taking his first steps in the world of large open-source projects! Thanks also to Andrey Kuleshov for idea to propose the update to project maintainers.
Back in 2020, when X was still called Twitter, I created a simple Telegram bot that analysed Twitter feeds and identified interesting ideas related to vulnerability detection. Every day, it analysed all the posts with the #bugbountytips hashtag from the previous 24 hours, selected the posts with the highest reach based on the number of likes and retweets, and published them to the feed.
Since then, Twitter has shut down its API and rebranded as X and implemented anti-scraping measures to block content harvesting. However, the number of valuable ideas and the size of security community on the platform have not decreased.
With a bit of vibe-coding, the bot can be brought back to life:
- The bot uses Playwright to collect and analyse content on X with the hashtags #bugbountytips, #bugbountytip, #bugbounty, #pentest and #redteam that have received a certain number of likes within 24 hours.
- The bot transmits these posts for analysis to the DeepSeek-V3 model, which parses each post and prepares an expert commentary.
- It publishes the result in the @bhhub Telegram channel at 13:37 (UTC+0).
Link in comments. If you have any ideas for hashtags or sources to add for monitoring, please share them in the comments or via DM.