“Second massive LinkedIn breach reportedly exposes data of 700M users, which is more than 92% of the total 756M users. The database is for sale on the dark web, w/ records including phone numbers, physical addresses, geolocation data, & inferred salaries.”
🎶 Start spreadin' the news ... I'm starting my first day. I'm gonna be a part of it - the
@nytimes
#InfoSec
team! 🎶 🗽🍎
I cannot thank the community enough for all the help, guidance, and assistance I received with my job search. ❤️
#AllTheVulnsThatAreFitToRemediate
My husband was just wheeled into the OR for surgery.
If you have any spare positive vibes or healing thoughts, please send them this way.
Thanks 🙏
Dog and/or gin photos would be greatly appreciated to distract me. 🐶🍸
I just heard about a diabolical phishing simulation. Company faked an email from their own HR department, asking users if they were tired of phishing simulations and provided an unsubscribe link. Those who unsubscribed failed the simulation. I’m not sure how I feel about this.
Important personal announcement 📢
Due to a company layoff, I am now seeking new employment.
- GSEC certified
- 2 yrs SOC exp
- OSINT / research / TI exp
- Master of Library & Information Science
- Philadelphia or remote
Please RT for reach. Thanks.
I'm as pleased as a 🍍to announce that I have joined the
@KrebsStamos
Group as a Security Researcher!
I am very much looking forward to this fantastic opportunity to work alongside
@C_C_Krebs
,
@alexstamos
,
@micahmccutchan
, and the team!
I love to hear stories about how people got into cybersecurity. I had a knack when I found and removed a keylogger on my PC that my dad was using to spy on me when I was 16. Found my way into the field post college as a security analyst at PG&E. Tell me your story.
#cybersecurity
Stop calling end users the weakest link in security. That had been played out. They are your front lines, your infantry. Make them feel empowered, not belittled.
Don’t undervalue documentation in InfoSec. Writing skills are important. Relying on “enterprise knowledge” that’s only passed down verbally isn’t efficient or a best practice.
Build skills with:
- “The Elements of Style” by Strunk and White
- “On Writing Well” by Zinsser
A well-known InfoSec person, who shall remain nameless, once chastised me publicly at an event because I said that a password book actually wasn’t the worst thing in the world, depending on threat model and user’s abilities.
They have probably forgotten this.
I haven’t. 👀
My parents use something like this & I’m really glad they do. It means my parents & people like them can use unique, complex, & long passwords on every site because they don’t have to remember them.
Until password managers are effectively designed for everyone, this is good.
Pen testers are red ❤️
Defenders are blue 💙
Everyone is welcome in
#InfoSec
So, baby, you just do you! 💪
Happy
#ValentinesDay
to everyone from the seasoned veterans to the greenest of the green. Keep doing great InfoSec work.
You are valued.
You are needed.
You matter. 💕
The current bee in my bonnet -
Every other headline: So many unfilled
#InfoSec
jobs, it’s becoming a danger and a crisis!
Many employers: You need 10 certs, a CISSP, and 10 yrs of experience for that L1 SOC job we’re trying to fill. Oh, and we won’t train you.
1/3
Had a call today w/a woman who saw me give a “get into
#InfoSec
” talk at a women in tech event about 1.5 yrs ago. She was a stay at home mom for over a decade. Told me she’s earned an A+, Sec+ certs and is working on her Net+. Has a PT InfoSec job, too. What a fantastic update!!
Please don’t be like the person I saw Tweet that they won’t professionally connect with people if they are older. I don’t want to reward that nonsense with a RT. Just don’t be that person. Your best professional network is a diverse network, including age.
Update: husband’s surgery was successful. All is well.
I’m overwhelmed by all the Tweets and messages. Thank you for your support and caring. 🙏
I very much appreciated the animal photos and learned about some new gin today. 🍸 Cheers to you all!
My husband was just wheeled into the OR for surgery.
If you have any spare positive vibes or healing thoughts, please send them this way.
Thanks 🙏
Dog and/or gin photos would be greatly appreciated to distract me. 🐶🍸
True
#InfoSec
Story Time:
While evaluating a potential 3rd party vendor, I asked about their data encryption at rest and in transit.
They told me they didn't encrypt because there is a padlock on the computer room door.
Tales from technology:
I became suspicious that my “smart” TV was compromised because it would often turn itself on at random times.
Long story short, there was a spare remote I forgot about that the dogs found and played with periodically.
/scene
I almost forgot! Today is my career change anniversary!
6 years ago, I left the law firm library behind and got to know the island of misfits toys known as
#InfoSec
.
Cheers!
I saw a post on LinkedIn of someone complaining about too many webcam covers being given out at InfoSec conferences as swag. I gladly take them and offer them to librarians for their staff or patrons. Outside our silo, not everybody has access to things we take for granted.
I'm still processing the DEFCON news from today.
14 years ago, I tried multiple times to report a male coworker who was inappropriate, harassing, & threatening at work. My female manager told me, "Boys will be boys."
Normalize empowering people to speak up, without retaliation.
This is one example of the kinds of empathy I talk about. Provide users with material so that they don’t have to be embarrassed to ask. This goes for
#infosec
as well. ⬇️
I just realized that this week is my
#InfoSec
anniversary!! 🥳
Three years ago, I quit my law firm librarian job and took the plunge into a career change. No regrets. Cheers! 🥂
I’m *at* a security conference.
I’m *in* a session.
Guy asks me, “So, I assume you are in security, because you are here?”
WTF kind of question is that?
It is with a shattered 💔 spirit that I share the crossing of the Rainbow Bridge by our beloved boy pup, Reese. He was saved from a shelter when my husband & I made him our family 8 years ago. A happy pup with a constantly wagging tail and the cutest yawn, he will be missed.
Someone told me that I was “brave” for admitting my gaps in technical knowledge.
Isn’t it potentially dangerous to pretend you know tech stuff that you don’t, esp in InfoSec?
I see it as an opportunity to learn & an opportunity to share what I do know, tech or otherwise. 💪
A guy at conference to me, “I’m looking forward to your talk about cryptocurrency!”
Me, confused, “Oh, no, I’m speaking about Information Security.”
Him: “Will you tell us all about BitCoin?”
Me: “That’s not what-“
Him: “Cryptocurrency!”
Me: 😕
Well, he’ll find out tomorrow
Past jobs:
1. space cowboy
2. gangster of love
3. Maurice
4. picker
5. grinner
6. lover
7. sinner
8. played music in the sun
9. joker
10. smoker
11. midnight toker
MY TALK WAS ACCEPTED FOR
@DerbyCon
🤯
Look for “Empathy as a Service to Create a Culture of Security” in Louisville 🤗 Thank you
#DerbyCon
!
#NoYoureCrying
I saw this on
@LinkedIn
and I forgot who posted it to give them credit. When I went back to it, the feed refreshed. 😞 Anyway, this looks useful for those who need assistance with
#infosec
career paths.
Note: There is a 3 question survey when you go to sign up. If you do not have a Bachelor's degree in Cybersecurity, IT, etc., they disqualify you from participating in the virtual hiring event --- which is completely stupid and ageist especially b/c a cyber degree is newer.
United Airlines is looking to hire experienced
#cybersecurity
professionals for various fully remote cybersecurity roles.
The virtual hiring event starts in 5 hours.
Please read more and register using the link below
*takes a deep breath* This is hard for me to do.
Wanna take a guess to whom I was referring? I was being polite using the word “chastised.” I was humiliated and bullied at a professional event. My OP is a snippet version.
Others had it worse. Not comparing. Stating my truth.
A well-known InfoSec person, who shall remain nameless, once chastised me publicly at an event because I said that a password book actually wasn’t the worst thing in the world, depending on threat model and user’s abilities.
They have probably forgotten this.
I haven’t. 👀
An idea popped into my head yesterday & I emailed my local public library to ask if they had plans for Cyber Security Awareness Month in October, and if so, I'd be happy to help.
15 minutes later, an enthusiastic response and a dialogue started. Reach out to your library!
My husband walked into the living room, finding me on the couch. I said, "I kind of had a public meltdown on Twitter." He replied, "I saw." Grabbed his keys and said, "Stay put. I'm going to get ice cream." He's a keeper. 🤗
Tonight is Cybersecurity Awareness Month Eve.
Make sure you leave some milk and persistent cookies out, and Yubikeys under your pillow.
(That’s how this works, right? Seems right. 🤔
#NCSAM
)
I'm as pleased as a 🍍to announce that I have joined the
@KrebsStamos
Group as a Security Researcher!
I am very much looking forward to this fantastic opportunity to work alongside
@C_C_Krebs
,
@alexstamos
,
@micahmccutchan
, and the team!
How does Lent work in InfoSec? Do we give up patching? Does that make today Hash Wednesday? Are there only Phish on Fridays? These are things I think about.
I was feeling a little down, so I perked myself up by remembering that an end user once emailed the SOC about a problem and wrote the salutation as, "Dear Phish People." That made me feel better. 🐟👩
@KristyT
Try your local library. They likely have an online portal with access to a wide variety of publications. Also, check out
@MILibrary
in SF. They have online subscriptions to their databases for what I think is a reasonable price.
I swear to Xenu that I’m blocking people who post mocking commentary about physical password notebooks. I’m tired of having this conversation, for Pete’s sake. Worry about helping people get 2FA enabled and do some actual good for people rather than belittle them over a notebook.
I just received a note from someone with whom I shared a job lead that they got that job!
I do my best to RT every job post and every job searching Tweet that I see. Sometimes I will DM people a job I’ve seen.
Be the rising tide that lifts all boats in
#InfoSec
.
I’ve never done one of those “felt cute, might delete later” posts. So, here it is. On my way to a very important elf board meeting, apparently. 🎄
#UglySweater