Olivia
Online
Sean Mason
@SeanAMason
I lead Cyber Defense for @United. Angel Investor. Philanthropist. World Traveler. Founder of IR business for @Cisco. Former @GE CIRT Leader.
Florida
Joined December 2010
71 Following
1.9K Followers
8.2K Posts
@anton_chuvakin @bettersafetynet It's not even that... Cyber is a community working together for the common good. I'll point to the ISACs which exist for a reason, to share ideas and information, to include amongst competitors. Ignoring and/or not asking what others are doing is foolish.
Yes, it is the "if you're going to be at RSA..." time of year again!
If you're going to be at RSA, I'd love to see you at my talk: "How I Screwed Up #ThreatHunting a Decade Ago, and How We're Fixing it Now with #PEAK"
https://t.co/Yj9d4G6Dzd
@Garin_Pace Interesting comments... any more insight into which insurers are buying/forming IR teams?
@pchobbit @anton_chuvakin As long as the IC is only performing urgent work, they make sense (as the author states). And let's not forget about non-traditional incidents, like critical vulnerabilities that are reported to you. And in down time, ICs should focus on continual improvement, TTXs, Comms, etc...
Who to follow
Dr. Anton Chuvakin 
@anton_chuvakin
Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXG
Ron Gula
@RonGula
I invest in solutions that protect the nation's cyberspace. President Gula Tech Adventures, Co-founder Tenable, Former NSA and amateur animator.
Kris McConkey
@smoothimpact
#threatintel and #dfir lead @ PwC. Blue team forever. Christian, husband, dad, coffee addict, bad photographer, awful cyclist. Tweets my own, not PwC's.
Hospital #ransomware have a huge impact on patient mortality, it turns out. WHO KNEW??
42-67 deaths in just patients covered by Medicare in the US, not those covered by other insurance or those in other parts of the world.
Cybersecurity is healthcare.
https://t.co/NaHoQOHAIs
No, we aren’t turning the internet off @google. We experiment continuously to raise the cost of attacks for bad guys and are running a short test on a small # of very specific machines; testers have full internet access on other devices, and can also opt out of the test!
This is one of the reasons why I struggle when it comes to trusting Microsoft. They created a target rich environment that helped incubate the cybersecurity problem, sat by and did next to nothing while it's been rampant, and now are profiting from it.
@Volexity @Microsoft365 @Microsoft @CISAgov Spoiler: the first recommendation is "Enable Purview Audit (Premium) logging. This logging requires licensing at the G5/E5 level." That is a tough pill to swallow for most organizations due to the cost. IMHO, this log data should be available at all M365 license levels. 6/7
Talos IR has repeatedly observed adversaries abusing VCAs in different ways during incident response engagements. These accounts are frequently leveraged for initial access and then used to move laterally through the organization’s network, especially when the victim hasn’t deployed multi-factor authentication (MFA). Since VCAs are usually given elevated permissions, theft of these credentials will often result in widespread damage to victim assets and could even be used to move along the initial victim’s supply chain. https://t.co/60SJ18xrUn
North Korean hackers have stolen more than $3 billion in crypto over the last 5 years, and their heists are now funding fully half of its ballistic missile program, alarming U.S. officials. Here's how they did it. w/ @bobmcmillan
https://t.co/Kx0djViDB2
YES!!! This is awesome!
As someone who has extensive experience with airplane puns, SHIPS AHOY. Welcome @United to the @Wrexham_AFC team as front of shirt sponsor.
Some really great insights: The airlines’ cyber chief believes storytelling, facilitation, and a marketing mindset are vital for moving IT and cybersecurity up the organizational value chain to the benefit of the business overall. https://t.co/YSymgoKPQj
@anton_chuvakin Well said. I'd state that even the basic hygiene needs to be threat informed these days. Nobody has enough resources to do everything and your threats should prioritize what you go after.
@colinbraun @CrowdStrike @GeorgeKurtz You guys were an absolute pleasure to watch race. Can’t wait for the next event!
@security_craig Sadly a lot of developers don't use their own product and/or features.
@lillysharples If anyone wants to work on software at United Airlines, send me a DM. We have front end, mobile and Full stack dev roles as well as cloud ops jobs open. Come where you can have an impact and help 500K people a day get to the events in their lives that matter most! #beingunited
Ransomware actors aren't necessarily going after the big pay day anymore- most ransoms are running ~$200k. What this article is missing, is once inside and prior to deploying ransomware, actors are using BEC techniques to ensure they take home some money
https://t.co/vChGJwKEkQ
It's almost as if storing all your secrets in one place and entrusting that knowledge to a company that prioritizes revenue first and foremost is a bad thing...
Norton LifeLock warned thousands of customers that intruders may have accessed their stored passwords.
https://t.co/rdP3gEesxX
Great talk on ASO and CD/CR that's worth a watch if you're in the Defense/SecOps/IR space. https://t.co/XQmgXvuWlM
SOC modernization 101: Watch our in-depth discussion on Autonomic Security Operations (ASO) and Continuous Detection, Continuous Response (CD/CR) at Mandiant mWISE.
@Anton_Chuvakin
#ASO #CDCR #SOC #CISO
https://t.co/h4EMgfw0Hz
Some level of paranoia is healthy in the security space, but jumping to conclusions isn't. I'd recommend every team have a set of security checks they perform every time there is some level of IT disruption- knowing full well that 99.9% of the time it's not a security issue.
The President has been briefed by the Secretary of Transportation this morning on the FAA system outage. There is no evidence of a cyberattack at this point, but the President directed DOT to conduct a full investigation into the causes. The FAA will provide regular updates.
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers