Janis Joan König (she/her)

Security Research & Pentesting, Reverse-Engineering, Code Review & Cryptography.

About Me

I'm Janis Joan König (named after and pronounced like Janis Joplin and Joan Baez), professional hacker (and hobbyist handball player).

Grayscale photography of Janis Joan König. Janis is standing, with her left arm positioned on her waist, slightly tilted towards the viewer. She wears a dark blazer above a flowery fitted top and dark pencil skirt. Her hair is long and curly, falling to the right in front of her shoulder around her glasses, leaving her sidecut on the left exposed.

My interests lie in the intersection of often academic, formal/theoretical computer sciences, technical software & hardware engineering questions and the practical realities of systems in implementation: Where assumptions fail, security issues are born.

I have a heart for old software and "code archaeology", having read Lion's Commentary on UNIX V6 as well as contributed to an internal Open Solaris fork at Fraunhofer FOKUS in my internship. This also spiked my interest in enc�dings, neatly aligning with my longer interest in natural languages as well as formal languages.

Education

My first programming language was Haskell (WinHugs) in ... idk, 7th grade(?), with some exposure to Blitz Basic afterward. I also learnt some Free/Objective Pascal (Delphi/Lazarus) as well as an educational x86-inspired Assembly dialect, but my first "self-taught" programming language was C++, a language I despise deeply to this day. My first "serious" own projects were written in Shell because I found it more approachable than Python (which tells a lot about me, I guess), followed by C in my first year at university. Within the second year I've read the standard twice, it becoming somewhat of an evening read/activity, together with golfing x86 assembly.

Professional Career

After teaching C and Assembly in various roles at Freie Universität Berlin, I quickly got cured of academic beauty/admiration of this tool stack when working at a small company developing embedded IoT devices in C for the ESP32 platform. I switched from the dark side to the snarky side, and stopped producing unsafe code and instead writing malicious code, or at least PoCs as part of my first security job at Secfault Security. While I still love writing C (I'm usually quicker jotting something down in C than in Python...), I have the good excuse of malware/PoCs not needing to be memory safe 0:-)

After becoming frustrated of everyone doing the same security mistakes twice, thrice, and again (then, at it.sec GmbH), I had the vain hope of consulting companies to not only fix identified symptoms from audit reports, but actually try and tackle the causes. I quickly realized that those people who hire consultants usually aren't interested in that kind of advice. Instead of getting frustrated at the state of consulting in general (that's a lie, I am frustrated), I focus on a far bigger frustration: Security often being designed at odds with usability. This is especially visible when it comes to accessibility, including exclusion through digital-only or high-bar offerings, e.g., in medical systems. Despite everything, I pretend that we can still actually fix security at my dayjob at intcube GmbH.

Media Presence

I've contributed monthly opinion pieces to iX in 2024/25 as well as occasional other articles. I also gave interviews to the Berlin-based L-Mag and Siegessäule, as part of the Berlin Haecksen or dotMeow VZW, and was guest on the Podcast of the MISSY Magazine.

Other Projects

I'm loosely affiliated with the Haecksen, and some other Berlin hacker groups and spaces. I occasionally hang out at tech from below, Berlin (Mini) GUADEC and Boiling The Ocean but with no active role. I often travel to hacker events with Milliways. Right now I'm most active at dotMeow, a non-profit aimed at establishing a new gTLD, .meow, with profits going to queer projects. I also gather some friends to do some free penetration tests/audits for NGOs through the InSecurity Research Group.

Elsewhere

This is my broadly professional website, you can find me on other places on the interwebs too: