Lesley Carhart
@hacks4pancakes
Followers
160K
Following
342K
Media
4K
Statuses
152K
ICS DFIR @dragosinc, martial artist, marksman, humanist, Lvl14 Neutral Good rogue, USAF Ret. Tweet *very serious* things about infosec. Thoughts mine. They/them
Chicago, IL
Joined October 2010
The hacker / infosec Mastodon servers have really reached critical mass to contain useful community and information. If you haven't tried it out yet, I really recommend it. There's enough intel and news to be viable at this point.
147
359
2K
I know I am not the first one to say this, but there are a lot of very well credentialed people in tech worrying what would happen if internet giants collectively de-platformed a group who isn't right wing, while totally erasing the fact that it already happened to sex workers.
52
2K
9K
How to tell when no women were involved in brainstorming a tech idea.
73
1K
5K
When soldiers loot stuff that can be tracked on Find My, and take it to their base….
74
1K
5K
If you’re angry for no reason you’re burnt out,.If you’re sleepy for no reason you’re burnt out,.If you’re irrationally mad and your work suddenly looks bad,.Spontaneously apathetic you’re burnt out.
88
981
4K
In my life as a security professional, I have had exactly three IT friends / colleagues come up to me bragging about the secret digital surveillance they constructed to monitor their kids. Every single one of them ultimately destroyed and lost their relationship with their kid.
139
702
4K
Repeat after me:.I’m good at my job. I’m smart &help others. It’s OK I’m not an expert at every niche of infosec as long as I keep learning.
106
1K
4K
Everyone shocked about a drop in US life expectancy while looking at their phone in 2AM instead of sleeping because they have to work 90 hours a week, and planning their meals of food that's 70% processed sugar because that's what's affordable at the grocery store on average pay.
61
502
3K
One of the Anonymous accounts now has thousands of people leaving five star Russian-language reviews for random restaurants and hotels in Russia with facts about the invasion of Ukraine, to evade censors. 🤷🏻♀️🍸 It’s hard to keep up.
30
560
3K
Escort services, but just to rent a man to stand there and nod sagely in a manly way when you are trying to negotiate to buy a car or hire a contractor as a single woman. 😣.
224
158
3K
I’m very happy to announce I’ve accepted the position of Director of Incident Response for North America at @DragosInc
317
42
3K
Very hot take - your employer should never force you to use then install security monitoring on a personal device which can be legitimately used to watch porn, sext, perform financial transactions, call your sponsor, or anything else that you reasonably could be blackmailed for.
98
340
3K
MySpace taught a whole generation of girls to learn to write HTML on their own terms outside of class and without parental pressure, and I sometimes worry if anything popular today forces young people to learn to build tech stuff other than video editing on their own anymore.
91
297
3K
Tech people on Twitter be like, "just buy and install a pi hole to make your $2000 smart TV not play constant ads and narc on your viewing habits".
129
266
3K
@SwiftOnSecurity @GovParsonMO I was going to come here to give a calm technical and legal context explanation of why this is an insane thing to pursue, but… yeah, okay. This works.
16
37
3K
Stupid tech problems: I bought a new area rug, and have to get rid of it because my robot vacuum sees the abstract patterns as a cliff and can’t cross the room anymore.
94
582
3K
I am tremendously honored to be named a 2020 “power player” in cybersecurity by SC Magazine. Lesley Carhart: if the shirt fits, or even if it doesn’t, wear it
140
196
2K
Things I wish we would stop saying in tech:. “She shouldn’t complain. We all got hazed as new hires!”.“He’s a wimp. We all did 70hr weeks and never saw our families!”.“Vacation?! I didn’t take a vacation for 6 years!”. Like, why are you defending horrible labor practices so hard?.
68
320
2K
Buying a house requires me to shut off my security brain and make like 5 terrible security choices a day just to finish the process. Today I introduced a mortgage guy to password managers. He was using Excel.
161
160
2K
Every couple years, someone reverse engineers a popular free social app, discovers it collects all the metadata it possibly can about your device and behavior, it blows up, everyone is shocked and promises to delete the app, then like 100 people do and people keep using them all.
36
557
2K
I'm still trying to wrap my head around the sheer scale of the #Equifax breach. They might as well reissue SSNs to every citizen.
139
927
2K
It’s 2022, and I just saw an adult cybersecurity person on LinkedIn unironically suggest installing Linux instead as a requested solution to securing a Windows server. Help me while I turn into a pumpkin, fly into the October sky, and implode into candy corn above the land.
117
114
2K
@robbystarbuck @Google This is a rare instance in which I’m very proud of Google. This feature will save lives, as these monitoring services are perpetually misused by domestic abusers. Google doesn’t know if you’re a helicopter parent or a boyfriend beating his girlfriend if she looks for a shelter.
25
53
2K
This tweet is for a specific type of person - especially young and hungry ones. I’m talking to the ones who jump in and quietly save things whenever their teammates and seniors drop the ball. Sometimes when not too much is on the line, you have to just let them fail.
67
282
2K
Family. There.Are .No .“InfoSec Rockstars”. I’m eating an entire brick of Target cheese after falling asleep at my desk again and being too tired to cook. I am a grumbly security janitor. If someone not-sarcastically claims to be an “Infosec Rockstar” they’re selling you FUD.🤷🏻♀️.
155
212
2K
I don’t know who needs to hear this, but you need to think of the pandemic as a long-term problem stretching well into 2021, read up on risk of activities and mitigations for you personally, and design a plan that allows you to keep your physical and mental health that long.
54
518
2K
Recognize the early stages of infosec:. “I just read the ‘top 100 passwords’ and they’re super weak!!”.“I turned on external logging and there’s all these brute force attempts!”.“People still use Java!!!”.“SHODAN!”. *Results may vary. Ask your doctor if infosec is right for you.
63
486
2K
So many IoT problems source from us wanting the tech from the Starship Enterprise while forgetting our planet is run by Ferengi.
50
1K
2K
Hear me out - what if we just leave Facebook dead and just like, null route them globally while they’re locked out of their offices and can’t see us?.
38
229
2K
My dudes, there are like only 300 of us in each cybersecurity niche and we *all know one another*. If you plagiarize our research, training, or blogs, we are going to find out before Judge Judy reruns end for the day.
50
142
2K
I’m in this very serious management course and they told us to put a virtual background on today when we logged in. Everyone else has a pretty landscape photo. I chose the Star Trek bridge. It was apparently not the correct choice. This is all going really well.
221
29
2K
@danielkennedy74 @GovParsonMO I’ll add in my 15 years of experience and multiple civilian and military cybersecurity credentials to endorse this statement.
27
35
2K
The Venn diagram of people who won’t get the COVID vaccine during a society crushing pandemic because imaginary microchips, and the people who install Ring doorbells, post videos to NextDoor, and share facial data with the police is a circle.
46
316
2K
Remember how in TNG there was a mental health professional sitting next to the Captain on the Bridge, who went to all senior staff meetings and gave input directly to senior leadership? . Why can’t we be more like that?.
65
347
2K
You don’t get to pretend it’s not eugenics when you force women of color to have a hysterectomy against their will, while at the same time I’m not allowed to get my tubes tied as a white woman at high risk of ovarian cancer because I’m unmarried and “MIgHt wANt KiDs lATEr”.
33
453
2K
@philipaklein Ah yes. The old, “I suffered, so everyone else should have to suffer too”. It’s worked well for the measles vaccine.
13
59
2K
Confronted the guy who was abusing the retail workers at the checkout for the first time. Absolutely gave him the third degree. Still shaking from that adrenaline. The magical thing was that once I did, everyone else in line finally stood up to him too.
48
53
2K
@eugenegu Ehhh. it’s one donut, for someone already there. I mean. I think incentives are a good idea.
11
9
2K
When you absolutely have to swordfight heroically in a ballgown (it happens) cc @mzbat
http://t.co/uKbfxwGglI.
27
1K
2K
I’m so excited for October to be over so I can stop being aware of cybersecurity.
50
174
2K
*goes to buy bus ticket*.*bus ticket site is down*.*can’t get to work destination*.Me: jokes to coworker that bus company is ransomwared.Coworker: texts that bus company is, indeed ransomed*.Me: WTFFFF.
35
191
2K
I'm just instantly blocking people who try to gaslight me this week, be it on infosec, minimum wage, natsec, or human dignity. Don't care if they're blue checks, execs, or have 8000 infosec followers. I'm all out of bubblegum.
49
56
2K
@DHSgov It directly undermines the credibility of incredibly important work being done in national security and cybersecurity to protect our infrastructure and population.
5
86
1K
Hey kids. I know the bad right now can get really overwhelming. Remember that everything you do, no matter how small, counts. Just try.
40
373
2K
Security does not mean privacy . Security does not mean privacy . Security does not mean privacy . Security does not mean privacy.
82
290
2K
Yea so tonight a junior infosec person called me. He was struggling with a bad employer who was gaslighting him and not giving him any path to success. I think my next talk needs to be about how to succeed in business as a junior infosec person. LMK where I should submit it.
91
94
2K
This is 💯 super duper salty, but I wish the people who shredded me in March when I suggested DEF CON go virtual would unblock me. Because the pandemic is still a thing, Vegas did open irresponsibly, and the DC crew have done an absolutely amazing job organizing a virtual event.
46
92
2K
My favorite hot take of the day is the Russian bots defensively claiming Russian industry can “just switch over to Huawei from Cisco” since the country has been cut off.I mean, I’ve seen companies postpone Cisco network *segmentation* alone for 20 years. 😅🍸🤷🏻♀️💀.
75
144
2K
Merry Christmas to everyone except GoDaddy infosec leadership specifically.
With the holidays around the corner, GoDaddy employees received an email last week offering some welcome financial relief: a $650 holiday bonus. Two days later, they received another email from GoDaddy: . “You failed our recent phishing test.”
43
310
2K
365 days and -1/3 of my body weight later. I feel so much better.
154
6
2K
Hello, I would like to introduce you to the new plethora of free cliche hacker stock art, now *finally* available in a multitude of genders and skin tones. But still entertainingly cliche and extremely context-free.
53
393
2K
My assumptions, whenever the following people say, "can we have a chat":.Boss: I'm getting fired.Direct report: They're quitting.Family: Someone is dying.Friend: I've done something embarrassing.Doctor: I in specific am dying.CEO: We're all dying.
59
287
2K
Friend calls me, 9PM. “Hey, can you like, pretend over the phone to hack into a military database to prove to my 8 year old who can’t sleep that Jason Voorhees isn’t real?”. 😑🤔👩🏻💻 Yes, I even grabbed a noisy keyboard.
65
115
2K
Alex, give me ‘the worst ML idea I’ve ever heard’ for 500, please.
Two US military experts have proposed giving artificial intelligence control over the nuclear launch button. @mchorowitz weighs in on the risks: ". training an algorithm for early warning means that you’re relying entirely on simulated data.”
127
407
2K
Guys the roofers are replacing my roof and there is a secret 3x10 room walled off in my house.
191
38
2K
Spent my weekend busting my butt to get new folks into our industry, and come back to more gatekeeping. Know this: . You can succeed in and enjoy cybersecurity. Regardless of gender, race, background. Society and life may throw hurdles, but lots of us want to help you succeed.
36
193
2K
Next time you decide to not take a vacation for a year and work with the flu and don’t see your kids, please remember that people were beaten in the streets so that you could have weekends, corporations would take them away in a second - and replace you with a robot in a second.
31
336
2K
Is it only because I’m an infosec person, or does anyone else see an interesting ad for a product you actually want or need, jump through screens of hoops and then totally give up in disinterest when they require an email to get pricing or product details?.
146
59
2K
Do you ever just . want to lock a fully grown adult you genuinely care about in a classroom for 8 hours and just . start from scratch with basic critical thinking, life skills, science, objective reality, etc?.
139
141
2K
I found the house. It’s perfect! Wish me luck in offer / inspection, please!.
175
7
2K
Why am I sharing stuff about the dire financial state of the USPS as a cybersecurity professional? . Because I care about secure remote elections, and after years of debate and study we know of one way to do them well. That is the USPS. (fin).
28
404
1K
A little holiday advice from Commander Pancakes. Shared it with a friend but I'll share it with you, too.
73
510
2K
Oh no. The whole “Alexa is a spy tool” thing is making the rounds again. 🤦🏻♀️. Once again, reducing attack surface is awesome, but keep your panic relative to the fact you have a smartphone with a *hardwired area mic* that you use to view dubious ad services, in your pocket.
49
497
2K
I don’t think it’s extreme to want my aircraft flight crew to be vaccinated against highly communicable diseases.
32
108
1K
It’s a terrible, dark, deadly new era for women in the United States. More so for underprivileged and abused women.
29
234
1K
Everyone is tired. The adults are tired. The kids are tired. The teachers are tired. The students are tired. Everyone is just tired, and companies and leaders just don’t seem to notice.
48
201
1K
If this is it for Twitter, it has been an honor and a privilege to serve, shitpost, cry, and laugh with *all* of you pals for the last 12 years. Thanks for being an amazing community and for believing I was worth your time.
58
67
1K
My new hobby is using spaces in passwords for supposedly secure cybersecurity applications and sites to see which ones break and how badly.
77
158
2K
How utterly sad is your life and hacking career if you get super mad when people use a different text editor than you, like they don’t both write characters into files and then display them.
112
82
1K
I guess I can tell now that's it is just about over. I'm retiring from the USAF. It's been a wild ride, but also my entire adult life. A long time. My retirement ceremony has my D&D Dungeonmaster giving the invocation, and insane amounts of D20 party favors and Portillo's.
127
18
1K
I would pay very serious and close attention to Mr. Nance. He is an eminently credible expert and I trust his judgement. Review your physical security plans at offices and data centers.
WARNING Followup: Specific targets being discussed by RWEs are HQ offices of @amazon, @Facebook, @Microsoft, @cnn, @MSNBC, @washingtonpost @nytimes, @Google facilities & staff. Assess plans as aspirational but quickly radicalizing armed supporters. #IncreaseYourSecurity.
23
503
1K
Every few days, imposter syndrome hits me about some cybersecurity thing or another. Then I remember Rudy Giuliani exists and I feel much better about myself.
60
123
1K
A friend in finance just asked me to put internet explorer back on her PC because the official usgov site she needs only runs in it, her help desk is outsourced and won’t help, and the only option she could do herself was doing her work on a personal Windows 7 laptop. Ah, yup.
80
121
1K
All the other infosec 'influencers', it feels:.- impressive pro home gym.- posting workouts at 5am.- luxury car photos.- perfect candid head shots. Me, Pancakes:.- pro thriftin' at the Goodwill.- eating peanut butter by the jar.- accidentally ate a hair.- in my Honda.- lets Tweet.
122
31
1K
(TW abuse) I need to lay out a scenario for y’all because it’s it’s just not getting through some thick skulls. You’re a young woman. For some reason you have an unplanned pregnancy. It’s not really our business, but maybe a date goes sideways and the dude takes the condom off.
8
455
1K
I wish I could be friends with every single person in infosec. I wish I could help all of you and make your lives better. I'm just one, flawed human. I really do my best, but I won't be driven out of this field or off social media because I disagree with you or your friends.
91
31
1K
PSA: Shitty frat boy behavior at tech cons *always* bothered and pushed away a ton of people, but for decades the only way to network and do the work you loved was to shut up and deal with it with alcohol or a therapist, because shitty frat boys owned such a huge market share.
41
208
1K
You know how we’ve been asking @signalapp to remove those “joined Signal!” messages for like one million eons do to cybersecurity and privacy concerns?. Today is the day my mom’s former number joined :(.
66
77
1K
20 years ago today, I was a young SQL developer just starting to go to some hacker stuff, and my friends and I were so-super-psyched to see the Matrix after it’s mysterious trailers. That was a long time ago.
56
92
1K
Unwritten guidelines for infosec Twitter:.- it’s a great source of intel and education.- most people are not being paid to provide you infosec content, so don’t yell when they don’t.- you can find a job here if you’re sincere.- there is shitposting.- most people like shitposting.
32
149
1K
By age 35 you should have busted your own computer by overwriting the registry at least once, then tried to play it cool.
114
176
1K
@jaronmyers On the way less dark side of this, my grandma asks the family every week if we have seen such and such charming movie “playing on YouTube lately” because the algorithm just shows her Cary Grant and Hepburn films and none of us want to explain the magic.
4
24
1K
Been trying to tell y'all about Snowden for a long time.
63
62
1K
To the person who refused to wear a mask around me indoors a week ago who has tested positive, caused me to drive 50 miles across Chicagoland to find a test center with any tests, miss work, and be quarantined waiting for test results for 4-7 days - thank you. This is a pleasure.
98
131
1K
TW, personal: . My younger life would have been so much different and better if I had had the words to express I was non-binary. I didn’t. What I did know is that being an adolescent was especially discordant and horrifying for me. It’s not a fad. I’m not doing it to be trendy.
33
98
1K