Fire the CEO, fire the CISO, fire the auditors, fire the internal compliance team…should I keep going ?
One of the largest providers in the US, without MFA on an external remote access solution.
Until real punitive punishment happens, this negligence will continue.
In recent written testimony, UnitedHealth CEO revealed that attackers used a compromised username/password combination to access Change Healthcare's Citrix remote access portal, which lacked MFA. It is still unknown which Citrix flaw was exploited during the attack, resulting in
I have 10+ positions open across my teams in Cyber, Identity, Governance, and DevOps. Entry level SOC, to Azure Cloud Engineer. I haven't had a single non-white male apply for any of these roles. Help me get the word out?
@IanColdwater
@InfoSecSherpa
@AlyssaM_InfoSec
Infosec newbies...networking will single handedly advance your career over the long term more than anything else.
Spend dedicated time on networking. Be your authentic self, and watch the magic happen.
Your job as a Red Teamer is to help the Blue Team get better at catching you. If you're hoarding your intrusion points because Blue will catch you too fast, you're misunderstanding the point.
Your job isn't to exploit vulns. Its to help blue defend / detect more effectively.
I've got an immediate opening for an ICS Cybersecurity Analyst to support a Federal health cyber modernization program.
$140-150k FT W-2
DM's are open. Retweet's appreciated. Will update with a link as soon as its posted.
Please understand that if you have neglected your Infosec program for years, no amount of money will fix it in the next 12 months. It takes multiple years, of the right people, building the proper processes and controls for a program to be in a good place.
Just spent an hour on the phone with a newer engineer. He’s got 2 levels of leadership between us, but still felt comfortable enough to call me and talk through things. Be an accessible leader. Lift people up. You won’t regret it.
Repeat after me...
A penetration test without security controls in place is just a vulnerability scan.
Stop wasting your money. Get a gap assessment done, and spend the money on implementing security controls and process.
Participated in an interview today for a SOC 1 analyst. Not normal for me, but I was in town and said why not. Here are some of my thoughts when interviewing newbies. (If you’re trying to get into informed or are a hiring manager this is for you) 1/n
My fiancé’s son. 19 - Currently in Navy Tech school applied for his first credit card to begin building his history. Never had a loan or card before in his life.
E-2 making making $30k and they approve him for this limit.
Tell me our financial system isn’t setup to enslave you
Be me
Wear suit to work because I wanna feel fancy
1st person I interact with "Where you interviewing?"
2nd person "Where you interviewing?"
Boss "Why are you dressed up? Are you interviewing? I will kill you."
Man I feel sorry for State agencies trying to recruit in the cybersecurity space today.
Just spoke to an Architect in the Midwest that is trying to recruit an AppSec Engineer with 5-8 years of total experience for a top end of $70-80k.
Woof.
My son was accepted to
@IowaStateU
to start next fall in Computer Science with a minor in Cybersecurity.
Going to start him in on
@RealTryHackMe
and see how far we can get him ahead of college!
Understand that self learning shows so much. Install pFsense, Nessus, BurpSuite, Nmap, and Metasploit. Take Udemy courses, watch HackTheBox walkthroughs, attend your local security groups (BSides, OWASP, ISSA) get a Twitter account and follow all the nerds 7/n
People, Process, Technology.
There is a reason why technology is at the end.
If you're throwing tools at problems without the people and process, you're literally lighting your money on fire.
@debostic
@RepClayHiggins
The level of twister that you're performing here to bring Democrats into this when a GOP guy introduced the Bill...y'all are something.
I've been working on developing an
#infosec
apprenticeship program, and would love some experienced people to bounce ideas off of and help me build out the framework. Its just an idea right now, but hoping to make it into reality.
@MalwareJake
Thing happens.
Fire CISO.
Replace him with new guy that is properly resourced and blame everything on prior CISO.
(Thank you for coming to my ‘How to be a board member’ talk.)
I'm looking for an individual to lead my Cyber Operations & Engineering teams. Located in Chicago, with a generous WFH/WFO split, its key that this individual is a do'er. Not just someont that wants to be strategic, write policy, opine from on high, but someone familiar with 1/n
Can't count how many times I've tried to do this, but doing this is
#fintech
firms is ridiculously hard.
I've been successful in eliminating macros from departments, but never from an entire company.
Just spoke with a SME impacted by
#Ransomware
. On-premise Exchange, unpatched, all servers encrypted with $1.6MM ransom.
Patch your servers, or better yet move them to O365. No one needs on-premise exchange servers anymore.
@AlphasOfAmerica
@CollinRugg
You mean Pres Trump who approved billions in COVID aid which caused Treasury to print money, causing inflation, which caused the fed to raise rates which hurt SVB because they invested in mortgage backed securities.
Tell me you don’t understand economics without telling me…
Love having a 16 year old son that knows everything there is to know.
His current bender is why he needs wired ethernet to his room because 70ms ping is causing him to lose games when 30ms ping wired would have let him win. 40 thousandths of a second...
At one point the candidate was struggling to say “I don’t know.” And I had to step in and let her know it is ok. Everyone at all levels should be OK with saying I don’t know. In fact, I don’t want someone that thinks they know everything 3/n
Take chances on people whenever possible. Use contract to hire. Never stop learning, and always be willing to be the reason for someone’s start in security 9/9-FIN
Going to start a weekly thread of companies with unrealistic job expectations for entry level positions. Maybe they don't know - I will help their HR teams become aware! :)
Hiring managers: You’re not interviewing seasoned professionals. They will most likely be nervous, and may fumble with replies. Work to make them feel like it’s a conversation rather than a tribunal. If the candidate is at ease you will get better results. 2/n
There are some fantastic organizations out there who’s only mission is to bring more people into Infosec. In short, if you walk in my door with no security experience, and no degree, but a clear self drive for learning...We want to talk to you. 8/n
Look for curiosity, work ethic, organization skills, and self learning. I think of IT as the planet, Cyber as the US, and each of the states as different verticals of expertise. Coming in new they may not know what they want to do. 5/n
EMEA Positions -
US Positions -
If you don't see a position that you're looking for, message me anyways! Appreciate RT for reach!
#Diversity
#infosecjobs
#infosec
Its Noon on a Monday, and I've already had 2 calls with organizations that had more tools than they knew how to use / could use / had properly deployed / and were still asking for info on more.
TOOLS ARE NOT THE ANSWER!
You need to be measuring the efficacy of your stack 1st!
This is going to reverberate through the security community.
Its going to cause FAR more CISO's to be covered by E&O insurance, and I predict that there is going to be some significant turnover in the publicy traded CISO space. The CISO role now becomes the riskiest C role.
SEC is charging SolarWinds CISO for their breach due to hiding and inaccurately painting their security posture picture.
I probably know a few “people-leader CISO’s” that probably fall into this. Be warned. Know what you’re doing or let someone else lead.
Just because you don't have some crazy backstory where you started taking apart computers at 4, wrote your first script at 8, and pwn your first system at 12...
Doesn't mean that you can't be successful in
#infosec
. Lots of normal people. Don't let abnormal intimidate you.
@SenJoniErnst
Why are you spending your time on this? I’d this the most important thing for the people of Iowa? Really - this is the top priority?
You’re wildly out of touch.
Find something that they can speak confidently about in their background / education / experience and find ways to wrap questions around that anchor point. They will be able to respond more clearly and confidently than attempting to speak cyber. 4/n
Candidates: What can you do to stand out? Educate yourself about the firm you’re interviewing with. Not just a cursory 5 min browse through a website, but real research into the firm and how they make money. 6/n
If you're a manager/boss and you find yourself learning that your employees are intentionally leaving you out of the communication cycle...its not an employee problem. Its a you problem. More than likely you have exhibited some sort of behavior that causes them to avoid you.
If you're racist, misogynistic, LBGTQ+ phobic, science denier, lack self awareness, think you have to step on others to succeed, or don't live by the golden rule...I don't want to know you. I don't want to give you a chance to explain yourself.
I want to yeet you into the sun.
@divinetechygirl
This is the best breakdown that I've been able to find, but its last update was in July so could be missing a few things.
This is a project maintained by an individual.
@MalwareTechBlog
This - Could have created international incidents, or low & slow it. Twitter didn't detect the attack from what I read and the attackers were only caught because they were fast & loud with scam tweeting.
Want to know what a (good) manager values more than almost anything else?
Curiosity. Resilience. Ability to jump in and figure things out. Ability to learn new things without having to have your hand held.
I will take a newbie with those ALL DAY LONG over a veteran curmudgeon.
Everyone saying "Stop dogpiling Okta. Everyone gets hacked."
I couldn't agree more.
I don't have a problem with them being hacked. I have a problem with the grossly misleading impact statements and amateur handling of the incident/comms.
Every incident is an emerging situation and what's known changes over time. But again, recall that this incident is 2+ months old. Okta's investigation began Jan 20, NOT Mar 10 as they seem to imply.
There's simply no excuse for the early grossly misleading impact statements 10/
PSA: Security leaders going into new organizations (and honestly even your own)...go and validate that the configurations / statements / controls that you think are true...are actually true. Thank me later.
Tabletop exercises are not hitting your team with 4 different scenarios and asking them how they would react.
Take a single scenario and really dig deep into the process, documentation, tech, etc..
That’s how you get better.
@pennsylvaniaEE
@AesPolitics1
One has a court case filed by the victim with sworn witness statements, and co-defendant that was a convicted trafficker.
The other is based off of a stolen journal that would never standup as any piece of evidence because chain of custody was nonexistent. The same journal where
@jones06022825
High school
Straight to basic training
Straight to tech school
Never had a credit card
Never had a loan
Makes $28,530/yr
27k CC is bonkers
One of my favorite stories ever from a previous firm...caught VP watching porn on company device, HR involved, legal asked for evidence but not electronic, printed out 50+ 8.5x11 color screenshots of what was viewed. HR VP hated me (we both had a good laugh)
Throughout the day today for
#FollowFriday
, I will be sharing information about people looking for
#InfoSec
jobs.
Please see if you can help them out, even with just a RT. Let's get people hired!
⬇️
1/x
Have an immediate opening for a SOC Analyst
Schedule: Tue-Sat 1PM-10PM EST
Experience: Entry Level - Prefer Sec+
Salary: $55k + Bonus
SOC is in Pompano Beach, FL and would support someone starting remote, but would need to relocate within 90 days. Relo assistance provided.
People that send an email, 5 seconds later send a Teams message, and 5 seconds later send me a Signal message for something that isn't even CLOSE to urgent...
Why are you the way that you are?
Ok Twitter fam...need some help. I’m looking for a Network Security Engineer. This isn’t an entry level role, and must be in Chicago (or willing to relo with assistance) Its been challenging because getting a lot of network engineers with Security title slapped on. RT PLEASE 1/2
Threat actor=someone who wants to punch you in the face
Threat=punch being thrown
Vulnerability=your inability to defend against the punch
Risk=the likelihood of getting punched in the face
Accepting risk = your willingness to be punched in the face
(Stolen from unknown)
@hacks4pancakes
@williampietri
Also saying that you don’t want that to happen, while simultaneously doing things that force that to happen...either really dumb, or intentionally manipulative.
@Zellium_11
Is it predatory to give a 19 y/o with no financial experience that much rope to hang themselves with?
Kinda like handing a 1000cc GSXR to someone who has on ridden a moped.
The state of financial literacy in our public school system, combined with society of instant
Major Midwest grocery store chain (talking Billions in revenue per year) a few years ago was making the cloud transition and had selected AWS as primary and begun building.
During this time Amazon buys Whole Foods.
CEO of said grocery chain now decides that Amazon is now a
You mean that serving your country could make you lose your life? Geee is that why they call it a 'Public Servant'?
Shocker that they're willing to send troops across the world to 'serve' their country and lose their lives, but when they have to make the choice = cowards
Crow is right. Numerous House Rs have received death threats in the past week, and I know for a fact several members *want* to impeach but fear casting that vote could get them or their families murdered.
Not spinning or covering for anyone. Just stating the chilling reality.
Me needing to hire good people toasting all those RTO companies forcing your staff back to the office. Making it easy on the
@HunterStrategy
recruiting team.
#FullRemote
#rtooffice
Truly. Thank you 🙏😘
You feel like shit because:
1. You eat like shit
2. You don't workout
3. You don't sleep properly
4. You don't drink enough water
Self care is also taking care of the 1 body that you have for the rest of your life.
Was just talking to someone that lost 25% of their Blue Team when they forced the team to come back into office.
Don't tell me that employee's don't have power.
On a call with a Network Engineer at an MSP who just freely admitted that with over 300 customers they have a single flat network.
Don't trust your MSP's. Audit them and expect them to apply same level of security controls as you do.
Key lesson for leaders. You’re never right 100% of the time. When you fuck up, just say “I was wrong. I’m sorry.” and move on. You will gain SO much loyalty with this approach.
@johnjhacking
Every single Blue Teamer I’ve ever met, when presented with a threat they don’t know - don’t blindly trust the controls they have in place. They research to understand, and validate gaps. “We have EDR” is a statement I’ve only heard from business execs.
At that stage in our marriage where we have both overcome our hurts and mistakes from the past and are actively engaged in making the rest of our lives as happy as we possibly can…only took us 21 years but I’m over the moon.
Normalize not needing to know everything about everything in cyber. Normalize learning from others that have expertise in areas that you don't, and telling them you appreciate them sharing their knowledge.
If you’re a technology company - take a note from
@Arm
and don’t let your lawyers piss of the security community and crap on a researcher that did a bunch of free work for you in the process.
Azeria Labs is back up 🙏🏼
I’m still upset about handing over my other domains, and discarding my plans for them. After all I’ve done for Arm, I expected them to go about this more respectfully and with some decency.
One of my last bosses would tell people (including me) that she hired young because she can pay them less and keep them longer for less money. “They work harder because you’re giving them a shot.” She would then gaslight people into thinking they were wrong and out of touch.
This is one of the biggest problems in our industry and it is killing us. Think hiring junior talent and “entry level jobs” are a problem? It’s this that is the root of it.
If you're investigating a security incident - do everyone a favor a ensure you do/don't do these two things.
DO read all the log events in their entirety
DONT make logic jumps assumptions to tie pieces of evidence together when there is no evidence.
You will save so much time.