Julian Cohen

@HockeyInJune

Risk philosopher. CISO. Advisor. Mentor. Retired vulnerability researcher. Retired CTF organizer and competitor. he/him

Vrijeme pridruživanja: veljača 2008.

Tweetovi

Blokirali ste korisnika/cu @HockeyInJune

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @HockeyInJune

  1. Prikvačeni tweet
    29. srp 2019.

    ┏┓ ┃┃╱╲ in this ┃╱╱╲╲ house ╱╱╭╮╲╲ we ▔▏┗┛▕▔ ╱▔▔▔▔▔▔▔▔▔▔╲ make defensive decisions based on real adversaries ╱╱┏┳┓╭╮┏┳┓ ╲╲ ▔▏┗┻┛┃┃┗┻┛▕▔

    Poništi
  2. 28. sij

    If you can only identify with one or two of these types of security people, you're probably leaving a significant portion of your security program on the table. A good security practitioner can apply different perspectives to a problem to find the best solution for that problem.

    Poništi
  3. 28. sij

    "...any change in a system, even a change intended to prevent or mitigate a potential hazardous incident, also has the potential to introduce new hazards, or new mechanisms by which existing hazards can result in an incident."

    Poništi
  4. 24. pro 2019.
    Poništi
  5. 20. pro 2019.

    Sometimes that means best practices and state-of-the-art tools and technology and sometimes it doesn't. Sometimes that means a 24/7 in-house SOC and sometimes it doesn't. But it always means understanding your risks and your adversaries and meticulously defending against them.

    Prikaži ovu nit
    Poništi
  6. 20. pro 2019.

    Your job as a security engineer isn't to build unhackable systems or fix every security vulnerability. It's to allow the business to succeed despite hackable systems and security vulnerabilities. This means using all available resources to prioritize what's best for the business.

    Prikaži ovu nit
    Poništi
  7. 20. pro 2019.

    Always remember to take a step back and make sure the control you're building or the detection you're engineering or the problem you are solving is still relevant and prudent. New information about your adversary may require you to change course. Do not ignore it.

    Prikaži ovu nit
    Poništi
  8. 20. pro 2019.

    Continuation bias (commonly referred to as get-there-itis) is the unconscious cognitive bias to continue with an original plan despite mounting evidence and changing conditions. This is a common problem in a lot of places, but especially in cybersecurity.

    Prikaži ovu nit
    Poništi
  9. 6. pro 2019.

    Why bother try because of a chance it won't work? Why take any security advice, then? All defenses might not work. Our job as security practitioners is to make work more difficult for adversaries and that includes not publishing tools that help them complete their objectives.

    Poništi
  10. 5. pro 2019.

    I don't know what's changed over the last couple months (maybe I've just unfollowed all the wrong people), but I have been delighted to see the general consensus on topics like disclosure accountability and adversary intelligence moving in the right direction.

    Poništi
  11. 2. pro 2019.

    On a scale of 6 to 10 with an average of 10, how useless is this graph?

    Poništi
  12. 1. pro 2019.

    This is a bad take. Any platform you may be sharing sensitive information on can be controlled by private organizations and will be owned by foreign intelligence agencies. Share information on the platform that allows you to react, respond, and recover the quickest.

    Poništi
  13. 21. stu 2019.

    If the adversary sends the target a link, it's not a watering hole attack.

    Poništi
  14. 28. lis 2019.

    "How else do you stop the bad guys but by living in reality and aggressively taking the fight to them based on an accurate assessment of the facts?"

    Poništi
  15. 25. lis 2019.

    If your work isn't based on evidence or critical thinking, then it's not good work.

    Poništi
  16. 9. lis 2019.

    Taxes are being used to pay ransoms and incident response firms because of these breaches. Why is this not a debate topic?

    Poništi
  17. 5. lis 2019.

    Adversary Simulation is not Continuous Testing

    Poništi
  18. 29. ruj 2019.

    It's easy to single out Rudy for this bad advice, but there are many security advisory firms that have retired military and private security staff selling nonsense as information security advice. Be angry at consumers and be angry at your peers for allowing this market to exist.

    Poništi
  19. 27. ruj 2019.

    I hate when security folks say "attackers only have to win once, defenders have to win every time" because it's flawed thinking. Thanks for this: "Actually, an attacker can win everywhere and as a defender you only have to find them once"

    Poništi
  20. 25. ruj 2019.

    Panel time with Jeff Miller, , John Linzy, Eddie Doyle, and Roman Garber.

    Poništi
  21. 13. ruj 2019.

    Bug bounty memes, send your favorites.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·