Stuart Winter-Tear

@StegoPax

Information Security - Threat Modelling, Secure Design & Security Engineering in DevOps Advocate

Spain
linkedin.com/in/stuart-steg…
Vrijeme pridruživanja: travanj 2009.
181 fotografija ili videozapis Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @StegoPax

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @StegoPax

  1. proslijedio/la je Tweet
    prije 3 sata

    😊This guy! We do our best !

    1 proslijeđeni tweet
    Poništi
  2. prije 6 sati

    "...key challenges in developing and implementing security policies relate to organisational blindness caused by the ‘pretty words on paper’ vs the operational realities and constraints..."

    Most Infosec policies are actual business liabilities and what to do about it. I believe this stems from blindness to the gap which leads to unfunded commitments & it affects collaboration (tension/conflict) in imagined vs done work
    1 proslijeđeni tweet 1 korisnik označava da mu se sviđa
    Poništi
  3. proslijedio/la je Tweet
    prije 19 sati

    Updated the Social-Engineer Toolkit (SET) to v8.0.3 - fixes python3 handling of sockets for BaseHTTPServer and credential harvesting.

    1 reply 14 proslijeđenih tweetova 50 korisnika označava da im se sviđa
    Poništi
  4. prije 11 sati

    What an interesting observation. It was a real artform to articulate yourself so succinctly in 140 characters which forced a pause & thought. Now we have the space to pound the Twitter keyboard to pronounce our judgements on others....

    Odgovor korisniku/ci @StegoPax
    I think doubling the no. of characters allowed may have enabled more kneejerk reactions.
    3 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    prije 22 sata

    Just Don’t Do A Bug bounty & Call It Good You probably have many security holes but if the app functionality was this broken in the first place no amount of whack-a-bug by random hackers will *fix* this You need architecture reviews, security architects, & reliability experts

    We will apply the lessons learned in the future, and have already corrected the underlying technology issue. We take these issues very seriously, and are committed to improving and evolving to support the Democratic Party’s goal of modernizing its election processes.
    Prikaži ovu nit
    14 replies 70 proslijeđenih tweetova 243 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    4. velj

    Had the pleasure of playing with this and it does what most mega $$$ commercial DAST tools make hard: easily embed into git/lab. 2020 is looking like a great year for challenger automated security tools.

    It is super easy to integrate Cohesion with GitLab and start implementing dynamic scanning in your continuous delivery pipelines
    1 reply 4 proslijeđena tweeta 13 korisnika označava da im se sviđa
    Poništi
  7. prije 12 sati

    I don't want to be the good ol' days person but the tone and pitch has changed dramatically over the years. Much more kneejerk, tribal & alarmist. Even with less characters it was more of a place for reasoned debate and getting to know each other. I'll stay tho....

    Why are so many early adopters of now thinking of leaving the platform? What has changed? Are YOU preparing to join the ?
    1 reply 1 korisnik označava da mu se sviđa
    Poništi
  8. prije 12 sati

    The thought that everybody else has a maturer security practice in place compared with your organisation is probably not true.

    What is the related realization that you are most proud of?
    2 korisnika označavaju da im se sviđa
    Poništi
  9. prije 12 sati

    Good reminder. Will defo be worth it.

    Check out what happens when three CISOs talk about bad policies and stupid questions with , and me from . Full length film is here: (behind a registration wall, but it is worth it!)
    2 korisnika označavaju da im se sviđa
    Poništi
  10. prije 12 sati

    Buying this. The synopsis alone grabbed me.

    Highly recommend the book “get a grip”. Can directly apply to infosec around visionary vs implementors and 90 day planning and execution cycles with strategy.
    Poništi
  11. proslijedio/la je Tweet
    4. velj

    Some thoughts: The councils likely have *no idea* how their websites operate, what components are included or where data flows to. Like most other orgs, they say ‘build me this’ and accept what the web devs produce as long as it works >

    Councils let firms track visits to webpages on benefits and disability <sadly we lack enforcement in the U.K. The needs to act.
    Prikaži ovu nit
    8 replies 15 proslijeđenih tweetova 42 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. prije 12 sati

    Phenomenal.

    3:00
    China built this massive hospital to fight the coronavirus in just 8 days
    Poništi
  13. proslijedio/la je Tweet
    2. velj

    This is amazing. I've written my version of bits of this but putting it together like this and open sourcing it is fantastic. No excuse now, quantitative security risk adoption will accelerate.

    Really awesome seeing Netflix take quantified risk by implementing into their practices, and as Netflix does - share back to the community. Kudos!
    5 proslijeđenih tweetova 12 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    30. sij

    I work with the in helping poke fingers into the eyes of those who feel they can abuse children by using technology to hide. They are desperate for anyone who knows databases and can offer time in helping make theirs better and more efficient

    57 proslijeđenih tweetova 50 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. 30. sij

    "APIs will be the weakest link in application security bringing about cloud-native threats."

    1 korisnik označava da mu se sviđa
    Poništi
  16. 30. sij

    Move away from the norm and baffle hackers 😉

    A friend of mine had to do a pentest for a client, so he started to run all those hacking tools, but later on. He realized that there was no AD in place, so he got stuck with moving laterally 😅 - All their Windows and MacOS devices were managed through Intune though.
    Poništi
  17. 30. sij

    Folk are finally acknowledging security, compliance and privacy are potential market differentiators and have a ROI. Long time coming.....

    Privacy ROI: Benefits from data privacy averaging 2.7 times the investment from
    Poništi
  18. 30. sij

    So it's not just infosec job advertising. This is a discussion about marketing recruitment. All sounds very familiar!

    Odgovor korisniku/ci @goulcher
    Must have 6 years expirence with an App that’s been round for 12 months.
    3 proslijeđena tweeta 10 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    29. sij

    I recall the saying "A CISOs job is to keep the other executives and the board from being surprised." That was brilliant and it stuck with me, so I'm going with that.

    “What would you say the CISOs job is in one sentence?” Join the thread here:
    7 proslijeđenih tweetova 18 korisnika označava da im se sviđa
    Poništi
  20. 30. sij

    Heresy.

    Reminder to technical speakers: Literally no audience member enjoys architecture diagrams.
    Prikaži ovu nit
    1 korisnik označava da mu se sviđa
    Poništi

@StegoPax još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·