Opens profile photo
Follow
Lesley Carhart
@hacks4pancakes
ICS DFIR , martial artist, marksman, humanist, Lvl14 Neutral Good rogue, USAF Ret. Tweet *very serious* things about infosec. Thoughts mine. They/them
Chicago, ILtisiphone.netJoined October 2010

Lesley Carhart’s posts

I know I am not the first one to say this, but there are a lot of very well credentialed people in tech worrying what would happen if internet giants collectively de-platformed a group who isn't right wing, while totally erasing the fact that it already happened to sex workers.
64
10.2K
If you’re angry for no reason you’re burnt out, If you’re sleepy for no reason you’re burnt out, If you’re irrationally mad and your work suddenly looks bad, Spontaneously apathetic you’re burnt out.
103
5,148
In my life as a security professional, I have had exactly three IT friends / colleagues come up to me bragging about the secret digital surveillance they constructed to monitor their kids. Every single one of them ultimately destroyed and lost their relationship with their kid.
156
4,735
Everyone shocked about a drop in US life expectancy while looking at their phone in 2AM instead of sleeping because they have to work 90 hours a week, and planning their meals of food that's 70% processed sugar because that's what's affordable at the grocery store on average pay.
75
3,606
Escort services, but just to rent a man to stand there and nod sagely in a manly way when you are trying to negotiate to buy a car or hire a contractor as a single woman. 😣
261
3,285
One of the Anonymous accounts now has thousands of people leaving five star Russian-language reviews for random restaurants and hotels in Russia with facts about the invasion of Ukraine, to evade censors. 🤷🏻‍♀️🍸 It’s hard to keep up.
35
3,306
Very hot take - your employer should never force you to use then install security monitoring on a personal device which can be legitimately used to watch porn, sext, perform financial transactions, call your sponsor, or anything else that you reasonably could be blackmailed for.
105
3,180
MySpace taught a whole generation of girls to learn to write HTML on their own terms outside of class and without parental pressure, and I sometimes worry if anything popular today forces young people to learn to build tech stuff other than video editing on their own anymore.
112
3,069
Stupid tech problems: I bought a new area rug, and have to get rid of it because my robot vacuum sees the abstract patterns as a cliff and can’t cross the room anymore.
109
2,881
Things I wish we would stop saying in tech: “She shouldn’t complain. We all got hazed as new hires!” “He’s a wimp. We all did 70hr weeks and never saw our families!” “Vacation?! I didn’t take a vacation for 6 years!” Like, why are you defending horrible labor practices so hard?
80
2,643
Buying a house requires me to shut off my security brain and make like 5 terrible security choices a day just to finish the process. Today I introduced a mortgage guy to password managers. He was using Excel.
183
2,502
Every couple years, someone reverse engineers a popular free social app, discovers it collects all the metadata it possibly can about your device and behavior, it blows up, everyone is shocked and promises to delete the app, then like 100 people do and people keep using them all.
37
2,404
Replying to and
This is a rare instance in which I’m very proud of Google. This feature will save lives, as these monitoring services are perpetually misused by domestic abusers. Google doesn’t know if you’re a helicopter parent or a boyfriend beating his girlfriend if she looks for a shelter.
26
2,286
Family. There Are No “InfoSec Rockstars” I’m eating an entire brick of Target cheese after falling asleep at my desk again and being too tired to cook. I am a grumbly security janitor. If someone not-sarcastically claims to be an “Infosec Rockstar” they’re selling you FUD.🤷🏻‍♀️
169
2,251
It’s 2022, and I just saw an adult cybersecurity person on LinkedIn unironically suggest installing Linux instead as a requested solution to securing a Windows server. Help me while I turn into a pumpkin, fly into the October sky, and implode into candy corn above the land.
144
2,413
I don’t know who needs to hear this, but you need to think of the pandemic as a long-term problem stretching well into 2021, read up on risk of activities and mitigations for you personally, and design a plan that allows you to keep your physical and mental health that long.
64
2,295
This tweet is for a specific type of person - especially young and hungry ones. I’m talking to the ones who jump in and quietly save things whenever their teammates and seniors drop the ball. Sometimes when not too much is on the line, you have to just let them fail.
92
2,317
Recognize the early stages of infosec: “I just read the ‘top 100 passwords’ and they’re super weak!!” “I turned on external logging and there’s all these brute force attempts!” “People still use Java!!!” “SHODAN!” *Results may vary. Ask your doctor if infosec is right for you.
70
2,109
The hacker / infosec Mastodon servers have really reached critical mass to contain useful community and information. If you haven't tried it out yet, I really recommend it. There's enough intel and news to be viable at this point.
62
2,289
The Venn diagram of people who won’t get the COVID vaccine during a society crushing pandemic because imaginary microchips, and the people who install Ring doorbells, post videos to NextDoor, and share facial data with the police is a circle.
57
2,085
Hear me out - what if we just leave Facebook dead and just like, null route them globally while they’re locked out of their offices and can’t see us?
51
2,144
You don’t get to pretend it’s not eugenics when you force women of color to have a hysterectomy against their will, while at the same time I’m not allowed to get my tubes tied as a white woman at high risk of ovarian cancer because I’m unmarried and “MIgHt wANt KiDs lATEr”.
36
2,059
Remember how in TNG there was a mental health professional sitting next to the Captain on the Bridge, who went to all senior staff meetings and gave input directly to senior leadership? Why can’t we be more like that?
72
2,082
My dudes, there are like only 300 of us in each cybersecurity niche and we *all know one another*. If you plagiarize our research, training, or blogs, we are going to find out before Judge Judy reruns end for the day.
51
2,096
I’m in this very serious management course and they told us to put a virtual background on today when we logged in. Everyone else has a pretty landscape photo. I chose the Star Trek bridge. It was apparently not the correct choice. This is all going really well.
260
2,105
Confronted the guy who was abusing the retail workers at the checkout for the first time. Absolutely gave him the third degree. Still shaking from that adrenaline. The magical thing was that once I did, everyone else in line finally stood up to him too.
61
2,044
I'm just instantly blocking people who try to gaslight me this week, be it on infosec, minimum wage, natsec, or human dignity. Don't care if they're blue checks, execs, or have 8000 infosec followers. I'm all out of bubblegum.
53
1,924
Yea so tonight a junior infosec person called me. He was struggling with a bad employer who was gaslighting him and not giving him any path to success. I think my next talk needs to be about how to succeed in business as a junior infosec person. LMK where I should submit it.
101
1,858
*goes to buy bus ticket* *bus ticket site is down* *can’t get to work destination* Me: jokes to coworker that bus company is ransomwared Coworker: texts that bus company is, indeed ransomed* Me: WTFFFF
43
1,937
This is 💯 super duper salty, but I wish the people who shredded me in March when I suggested DEF CON go virtual would unblock me. Because the pandemic is still a thing, Vegas did open irresponsibly, and the DC crew have done an absolutely amazing job organizing a virtual event.
56
1,858
Merry Christmas to everyone except GoDaddy infosec leadership specifically.
Quote
With the holidays around the corner, GoDaddy employees received an email last week offering some welcome financial relief: a $650 holiday bonus. Two days later, they received another email from GoDaddy: “You failed our recent phishing test.” coppercourier.com/story/godaddy-
55
1,832
Next time you decide to not take a vacation for a year and work with the flu and don’t see your kids, please remember that people were beaten in the streets so that you could have weekends, corporations would take them away in a second - and replace you with a robot in a second.
37
1,771
My favorite hot take of the day is the Russian bots defensively claiming Russian industry can “just switch over to Huawei from Cisco” since the country has been cut off.I mean, I’ve seen companies postpone Cisco network *segmentation* alone for 20 years. 😅🍸🤷🏻‍♀️💀
93
1,856
Oh no. The whole “Alexa is a spy tool” thing is making the rounds again. 🤦🏻‍♀️ Once again, reducing attack surface is awesome, but keep your panic relative to the fact you have a smartphone with a *hardwired area mic* that you use to view dubious ad services, in your pocket.
53
1,703
Hello, I would like to introduce you to the new plethora of free cliche hacker stock art, now *finally* available in a multitude of genders and skin tones. But still entertainingly cliche and extremely context-free.
Image
Image
Image
Image
67
1,841
Do you ever just ... want to lock a fully grown adult you genuinely care about in a classroom for 8 hours and just ... start from scratch with basic critical thinking, life skills, science, objective reality, etc?
165
1,759
Why am I sharing stuff about the dire financial state of the USPS as a cybersecurity professional? Because I care about secure remote elections, and after years of debate and study we know of one way to do them well. That is the USPS. (fin)
35
1,765
Friend calls me, 9PM. “Hey, can you like, pretend over the phone to hack into a military database to prove to my 8 year old who can’t sleep that Jason Voorhees isn’t real?” 😑🤔👩🏻‍💻 Yes, I even grabbed a noisy keyboard.
75
1,806
My assumptions, whenever the following people say, "can we have a chat": Boss: I'm getting fired Direct report: They're quitting Family: Someone is dying Friend: I've done something embarrassing Doctor: I in specific am dying CEO: We're all dying
80
1,866
Spent my weekend busting my butt to get new folks into our industry, and come back to more gatekeeping. Know this: You can succeed in and enjoy cybersecurity. Regardless of gender, race, background... Society and life may throw hurdles, but lots of us want to help you succeed.
43
1,812
Is it only because I’m an infosec person, or does anyone else see an interesting ad for a product you actually want or need, jump through screens of hoops and then totally give up in disinterest when they require an email to get pricing or product details?
171
1,767
Everyone is tired. The adults are tired. The kids are tired. The teachers are tired. The students are tired. Everyone is just tired, and companies and leaders just don’t seem to notice.
55
1,760
How utterly sad is your life and hacking career if you get super mad when people use a different text editor than you, like they don’t both write characters into files and then display them.
134
1,681
I would pay very serious and close attention to Mr. Nance. He is an eminently credible expert and I trust his judgement. Review your physical security plans at offices and data centers.
Quote
WARNING Followup: Specific targets being discussed by RWEs are HQ offices of @amazon, @Facebook, @Microsoft, @cnn, @MSNBC, @washingtonpost @nytimes, @Google facilities & staff. Assess plans as aspirational but quickly radicalizing armed supporters. #IncreaseYourSecurity twitter.com/MalcolmNance/s…
34
1,621
If this is it for Twitter, it has been an honor and a privilege to serve, shitpost, cry, and laugh with *all* of you pals for the last 12 years. Thanks for being an amazing community and for believing I was worth your time.
83
1,744
I guess I can tell now that's it is just about over. I'm retiring from the USAF. It's been a wild ride, but also my entire adult life. A long time. My retirement ceremony has my D&D Dungeonmaster giving the invocation, and insane amounts of D20 party favors and Portillo's.
156
1,694
Every few days, imposter syndrome hits me about some cybersecurity thing or another. Then I remember Rudy Giuliani exists and I feel much better about myself
69
1,619
(TW abuse) I need to lay out a scenario for y’all because it’s it’s just not getting through some thick skulls. You’re a young woman. For some reason you have an unplanned pregnancy. It’s not really our business, but maybe a date goes sideways and the dude takes the condom off.
9
1,614
I wish I could be friends with every single person in infosec. I wish I could help all of you and make your lives better. I'm just one, flawed human. I really do my best, but I won't be driven out of this field or off social media because I disagree with you or your friends.
116
1,560
PSA: Shitty frat boy behavior at tech cons *always* bothered and pushed away a ton of people, but for decades the only way to network and do the work you loved was to shut up and deal with it with alcohol or a therapist, because shitty frat boys owned such a huge market share.
43
1,561
All the other infosec 'influencers', it feels: - impressive pro home gym - posting workouts at 5am - luxury car photos - perfect candid head shots Me, Pancakes: - pro thriftin' at the Goodwill - eating peanut butter by the jar - accidentally ate a hair - in my Honda - lets Tweet
154
1,612
A friend in finance just asked me to put internet explorer back on her PC because the official usgov site she needs only runs in it, her help desk is outsourced and won’t help, and the only option she could do herself was doing her work on a personal Windows 7 laptop. Ah, yup.
91
1,607
20 years ago today, I was a young SQL developer just starting to go to some hacker stuff, and my friends and I were so-super-psyched to see the Matrix after it’s mysterious trailers. That was a long time ago.
Embedded video
GIF
67
1,472
Unwritten guidelines for infosec Twitter: - it’s a great source of intel and education - most people are not being paid to provide you infosec content, so don’t yell when they don’t - you can find a job here if you’re sincere - there is shitposting - most people like shitposting
40
1,544
You know how we’ve been asking to remove those “joined Signal!” messages for like one million eons do to cybersecurity and privacy concerns? Today is the day my mom’s former number joined :(
78
1,540
To the person who refused to wear a mask around me indoors a week ago who has tested positive, caused me to drive 50 miles across Chicagoland to find a test center with any tests, miss work, and be quarantined waiting for test results for 4-7 days - thank you. This is a pleasure.
115
1,484
Man... I don’t know how to break it to some infosec companies, but infosec is small and we talk, a lot. If you burn bridges by continually abusing your employees or acting seriously unethically, we all know within a few months. Heard some more awful burnout stories last weekend.
49
1,445