👩🏽‍💻

It’s challenging when each team/BU has its own tools & processes. It depends on culture too. I’ve found generally it’s helpful to state what the problem is and how you can solve it, eg trufflehog can detect secrets, here’s how you can run it locally or containerized. Most teams will know how to integrate that into their own env. Some will need loose guidance. Some will need strong handholding (or you do it). As best as you can it should all be standardized and pulled from the same repo / artifact storage. But it’s super important to cater to each team’s preferences, understand their goals and priorities, be psychologically easy on them to not feel like a burden. Essentially build trust with each org independently, so they feel comfortable reaching out.

Let me blow your mind real quick: When you use Remote Desktop (RDP), Windows secretly takes screenshots of what you are doing. It’s called the RDP Bitmap Cache. To make the connection faster, Windows saves small tiles (images) of the remote screen to your hard drive in a bin file. Even if the session is over and the remote server is destroyed... your laptop still holds the cache files. Forensics teams use tools like BMCViewer to stitch those tiles back together. They won't just see logs but the literal email, document, or picture you were looking at. 💀

Most organizations treat threat modelling as a security team activity. The security team is usually brought in after the product is built After the architecture is decided After the attack surface already exists The decisions that create risk happen in product meetings, engineering standups, and architecture reviews. Security isn't in the room By the time the threat model is written, it's a description of problems that already exist Not a plan to prevent them Threat modelling isn't a security activity It's a business activity that security keeps getting handed too late

I really like seeing posts like this. It’s great to see this kind of recognition from CEOs towards their teams. Good results don’t just happen on their own and definitely don’t come from marketing. They come from engineers fixing gaps, product teams prioritizing the right things, field teams bringing real feedback, and customers pushing for better visibility. When that work shows up in the results, it deserves to be highlighted, and we are happy to do do that. The EDR Telemetry Project is not here to point out what is bad and bash vendors. We highlight the good, too. The difference is that we do it independently, with an open methodology, and with information that is actually useful to the people using these products. Not just C-suite reports, magic quadrants, or high-level summaries that do not help much when you are trying to investigate an incident or hunt through the logs. This is the kind of evaluation Gartner will never come remotely close to doing. We offer open results, open methodology, and practical value for practitioners. Hard work pays off, and we’re glad to see teams getting the recognition they deserve 💙

There’s one simple security rule that if followed, a lot of environments would be much more hardened against attack. The rule: If it’s not needed, disable it. Take certificates for example. The amount of times I’ve done an internal pentest, compromised a misconfigured certificate template only for the client to tell me in the debrief: “Oh yeah I don’t think we use that template anymore, that’s for that old XYZ thing.” 🤦‍♂️

It’s kinda overwhelming, and wouldn’t necessarily recommend it forever, but it’s actually an advantage to start your IT career as a “jack of all trades.” You can learn a lot really quickly and get exposed to many different disciplines that may result in you finding what you’re most passionate about. https://t.co/kqLSV5EImG

CISO 2.0 The Chief Information Security Officer role is fundamentally shifting from dealing with what they have to actively shaping business strategy. A modern security leader doesn't just passively report to the Board, they actively educate directors to drive strategic outcomes. The Board becomes a tool they use to shape the enterprise. https://t.co/HwCYJYCrrI