☠️ Andy Piazza ☠️
@klrgrz
Followers
6,053
Following
2,976
Media
3,033
Statuses
15,223
Christian. Killer grizz w/ a keyboard. Threat Intel & Thrunter. Hack things w/ @bsides_nova . Black Badge @DEFCON & C&E Goon. GSE #344 . (VIEWS ARE MY OWN).
Northern Virginia
Joined June 2017
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Sinwar
• 1410152 Tweets
BACK TO BACK
• 1282864 Tweets
rose
• 672683 Tweets
#يحيي_السنوار
• 487256 Tweets
bruno mars
• 380382 Tweets
Wizkid
• 212155 Tweets
Monsalve
• 131790 Tweets
Flamengo
• 85129 Tweets
#GHGala7
• 72648 Tweets
Corinthians
• 69728 Tweets
Ortiz
• 66423 Tweets
Martinez
• 51513 Tweets
Saints
• 48910 Tweets
Klaus
• 47504 Tweets
Allan
• 25495 Tweets
Broncos
• 23811 Tweets
Maracanã
• 23273 Tweets
対象作品
• 22573 Tweets
ALL RISE
• 22534 Tweets
Cleveland
• 20879 Tweets
ROSSI
• 17054 Tweets
Boone
• 16262 Tweets
Stanton
• 15941 Tweets
Alcaraz
• 15668 Tweets
Wesley
• 13286 Tweets
Ganso
• 12029 Tweets
#911onABC
• 11815 Tweets
DEPAY
• 10137 Tweets
#RepBX
• 10072 Tweets
Pinned Tweet
Pinning this thread of
#CTI
tips and lessons learned. I'll add to it at random times.
#threatintel
11
18
113
Gonna make me tap the sign again:
Formula 1 chief appalled to find team using Excel to manage 20,000 car parts
425
924
7K
19
610
6K
Can we agree that “learn Linux” is just dumb? It’s non-specific advice that isn’t helping junior folks. Learn what in Linux? Just be a Linux user? Deploy a web server? Deploy a tool? Same w/ “learn wireshark/Splunk/Snort/etc”. Tell new people actionable topics & skills to learn.
79
121
1K
Sooo, I’m starting with IBM today as the Global Head of Threat Intelligence!
109
18
1K
As promised months ago... I wrote out a CTI Study Plan for those that are interested. Hopefully, it is enough info to get you started on your journey.
26
188
659
If I could only recommend one book for
#infosec
, I’d probably say this is it. The book includes a great introduction to intrusion analysis, incident response, and security operations planning.
#BlueTeam
#CTI
#RequiredReading
18
76
510
If you struggle to show a PowerPoint on a virtual call in 2021, I may have trouble trusting your cybersecurity solutions to solve any of my problems.
21
46
490
Welp it is official, starting today as the Senior Director of Threat Intelligence for
@Unit42_Intel
. Let's go!!!
79
12
493
Some might say I’m not vacationing properly, but this is my zen. Anytime infosec is too much, construction is the answer.
31
14
433
Showed little man some of the
@RealTryHackMe
challenges yesterday. This morning he asked if we could do some more so we signed him up with his own account and he’s working through the intro lessons.
13
17
418
Say it with me: Outlook is NOT a SIEM nor a storage solution. Its okay to delete those alert emails from last year.
44
31
398
When folks want to get into infosec and don’t know a direction, I generally point them towards Sec+ material. It covers a broad range of topics and is often a gatekeeper in hiring systems. I also point them to SANS Cyber Aces material.
Any specific go-to resources I’m missing?
37
66
390
I get this a lot from sysadmins and network engineers: "I want to get into infosec". Like, you're already there! Do your job to secure the network. sysadmins and network engineers have farrrrrr greater opportunity for security in their daily tasks than a SOC or a Sec Engineer.
Uncomfortable truth, you don't need to be working in a SOC to be in infosec. Network and Sysadmins do just as much infosec as your high paid security analysts. They directly implement security, from firewall rules to system configurations.
Be nice to your sysadmins.
63
183
1K
19
46
314
Hey
#CTI
Twitter, what are the “must read” APT reports you assign to new analysts coming into the field? Mandiant’s APT1 report is an obvious choice. I’m also a big fan of Threat Connect’s “What’s in a Name Server” because it demonstrates infrastructure analysis well.
23
59
288
You didn’t automate threat hunting, you wrote a detection.
13
31
274
Lollll
@_JohnHammond
I just found this in an IT memes page on Facebook. Can’t get away from you 🤣
4
14
256
can't wait to see the phishing attempts via Teams external messages
16
48
251
I’m trying to say this in the most non-hipster way possible:
I only want human curated threat Intel.
Automated feeds are killing the CTI community. Automation should be how we share, not how “Intel” is produced.
16
28
220
@IanColdwater
The more I learn how the internet works, the more I’m confused that the internet works.
3
16
206
Remember that time I won a black badge at
@defcon
? That was kinda cool.
Thank you
@thedarktangent
and
@Grifter801
!!!
21
15
202
GWOT vets: unless you wore stars on your shoulders, this isn’t our failure. We did our part. Our tactical success can’t be taken away. Our losses matter too. This is a strategic failure and doesn’t reflect on our service at all. I’m proud to have served with every one of you. 💙
6
39
199
My toxic trait is my need to support friends by ordering their books as soon as they’re available - and I’m okay with it
Congrats
@megan_roddie
!
5
39
192
Heyoo I’m hiring a senior manager for our cyber crime team. Come hunt badness with
@Unit42_Intel
11
81
192
NEW BLOG: Using AI for extracting Usernames, Emails, Phone Numbers, and Personal Names from large datasets
#OSINT
Read it here :
3
34
87
9
28
167
I’ve done a lot of projects in my time, but this one I’m most proud of because my son (16) did a lot of the work with me. Not just “hand me that tool” stuff. He picked boards, measured & cut, and installed them. We both put some sweat equity into this one- thankfully no blood!
22
0
153
Cyber threat intel - learn SOC/IR processes. Your SOC is your collection, understand their visibility & how to exploit the data from their tools. The job isn’t reading threat reports. It’s about being able to apply them to your network & write them from your own collection.
what is your profession within the cybersecurity field (or IT field!) and what is your most helpful tip for those who are trying to level up to where you are at?
179
54
470
3
29
146
I think blue team needs to learn from red team and start asking for scoping documents from management. Fill out this form: “What systems do you expect us to monitor AND what is our authority to configure/manage them?”
11
22
153
The GoldiLocks CTI Program idea has rattled around in my head for like two years... it's been turned down for multiple cons, so you'd think it would stop burning a hole in my brain eventually, but noooo... so I finally wrote it down. Enjoy, I guess.
8
43
152
I don’t think my kid’s generation understands the beauty of having parents that also play video games
Kids: just let me finish this round first
Me: of course
My parents 20 years ago: turn that shit off now!
10
11
145
Apparently my talking point “threat hunting isn’t proactive” struck a nerve today. Let me explain…
You’re not “creating or controlling a situation by causing something to happen”. You are finding evidence of activity after it happened, that is reactive. It just feels proactive
43
9
145
Threat assessments are nearly useless without considering a specific target/victim. For governments & large corporations, China is probably the bigger threat. For most businesses, it ain’t APTs at all, it’s cybercrime w/ ransomware leading that pack.
8
20
140
Want to see a crazy trade?
Yesterday, someone OPENED $SPLK 127 calls, for $22,000, expiring tomorrow.
Then today Cisco Systems $CSCO announced acquiring Splunk for $28B, $SPLK up 20%.
The contracts were $0.04 yesterday, now $18.30.
They exited today for a 45,650% return...
3K
4K
25K
0
27
137
If you know a Marine, please read them all of the “Happy Birthday Marine” posts today. It’s their day, they shouldn’t have to struggle with reading the big words themselves.
12
8
133
PROTIP: Notepad++ has a bunch of cool native tools in the edit menu you should explore. I use this stuff multiple times a week.
The plugins system also has a bunch of useful tools others have built. Trust me, you're not the first person with your problem!
40
62
553
6
10
128
This actor should be behind bars, not given their own persona and super hero character. Seriously bad form that’s only going to encourage more larpers to do badness on nights and weekends.
31
18
132
I love getting these messages about the team and I send them to the rest of the leadership team every chance I get. Normalize celebrating coworkers!
Normalize sending Thank You notes to people with their Manager Cc'd.
It's like hacking but for organizational clout.
59
368
2K
4
16
124
Creating more Splunk dashboards isn’t helping anyone. Check the 500 your org already created and now ignore. Stop confusing activity with productivity.
12
17
123
Always prioritize the stuff the NSA says is a priority or something to pay attention to in security.
Related:
This is a threat to watch. My concern is elevated because this variant is a more powerful AcidRain variant, covering more hardware and operating system types.
6
73
175
4
21
120
Also “set up a lab and play around!” Wut. We can give better guidance and point to better resources then “here are random words newbie, good luck on your own!”
8
5
113
Today is my last day with
@XForce
, after 2 amazing years. I am blessed by the friendships I’ve made & the cool projects we’ve worked on - like multiple reports exposing Russia’s capabilities & targeting of global allies (f!ck Putin!). I’m humbled to have led X-Force Threat Intel.
15
2
111
I picked up a bunch of new followers this week from a few different posts about infosec career stuff. Welcome. Just so we’re all clear, I’m also a complete dork and will do stupid stuff like this to make my wife cringe.
18
2
106
@bettersafetynet
Haha, like showing someone Wireshark for the first time. YOU CAN SEE THAT?! 😂
2
2
105
Aiden (14) is rehabbing an old Dell tower. He’s installed new RAM, a new SSD, and is currently making a bootable USB with Ubuntu. He runs his first successful Terminal command and says “I did it! I hack the things!” 😂
3
0
97
Hahaha I’m now ready for
#HackerSummerCamp
I plan to hand a stack of these
#CyberEdSheeran
stickers to
@_JohnHammond
, so make sure you hunt him down too.
LFG!!!
10
7
91
Hunting is probably the single most effective teacher for CTI analysts. You are forced to learn a lot and to eat your own dog food - you’re finally a consumer of your own intel product and you really get to test your understanding of threat actor capabilities.
3
10
90
As a combat veteran that spent two years in Baghdad, and as a Northern Virginia resident, it breaks my heart to see our nation’s capital set up like the damn Green Zone because of domestic threats. We have to be better than this.
4
5
83
In the Before Times, I had a tense conversation with a client about WFH.
Them: “if you’re not in the office, how do we know if you’re working.”
Me: “if your only measure of success is my butt in a seat, you have serious process issues.”
I think about that convo a lot still.
6
10
83
Kinda excited to have a wall dedicated to my team’s amazing work. Super proud of the cool stuff we do.
#blackhat2022
#BHUSA
4
3
82
Yep I’m
#hiring
- Mid/Senior SOC Analyst (2nd shift)
- ISSO
- All Source (Cyber) Analyst
All three require a TS clearance and are on-site in DC (no remote).
DMs open.
#infosecjobs
7
34
75
This guy never ceases to amaze me. Check out
@thecybermentor
's new course bundles. These deals are amazing and his courses are awesome. I recommend them for anyone in infosec.
1
4
74
@Wookiee__
SANS certs are definitely out of range for entry level, but SANS Cyber Aces is a few hours of free training videos designed for beginners.
2
9
75
Working out today in the garage...
Bella: wanna race?
Me: let me catch my breath
Bella: well daddy, I run and breathe at the same time. Its helpful.
#DFIRfit
#6yearOldPersonalTrainer
5
5
74
I’m trying to not freak out, but my son just told me that he’s signing up for a weightlifting class for PE and a cybersecurity program for his junior year of high school (next year!)
I am so damn excited for both decisions but don’t want to overreact 😂
3
1
73
I don’t know who needs to hear this, but the Downloads folder is not an acceptable method for knowledge management.
... Okay I needed to hear this as I deleted like six months worth of downloaded files.
6
5
72
yo,
@jfslowik
killed his
@defcon
talk on the
#VulkanLeaks
. it is full of great info & hot takes. Such an awesome delivery style too.
1
19
66
When the internet is a dumpster fire, infosec Twitter makes s’more with gifs and memes. I’m here for it.
1
7
66
@chadloder
Much like troops deploying, its important to separate support for the heroes from the politics that deploy them. (Not saying that you're doing this, but its an easy next step in logic).
4
2
59
This bad boy is hefty! Well done
@beauwoods
@ithilgore
@Einstais
@calderpwn
@edeirme
with an awesome foreword from
@HackingDave
4
16
66
I’m hiring a Detection Analyst to write & manage the signature, rules, & alert logic for a client in Northern Virginia or Raleigh NC. Currently remote w/ future on-site required (location matters). Requires Public Trust (we sponsor). PD up soon, DMs open.
#infosecjobs
#infosec
4
37
67
I HAVE AN APPOINTMENT SCHEDULED FOR THE 5G VACCINE NEXT WEEK! Can’t wait to fight covid and hack carrier pigeons!
7
3
62
What’s longer than a treadmill minute? Watching a 7 year old sign a Mother’s Day card before mommy comes downstairs!
2
1
62
I love
#mentoring
people. But please give me some basic info if you reach out. Where are you coming from, where are you at, and where do you want to go? I can do a lot with that. I cant do much with "hey how do i cyberz"
#infosec
#threatintel
#careeradvice
#helpmehelpyou
13
10
60