Olivia
Online
John Field
@architectedsec
Been doing computer security since long before it was fashionable...
Joined May 2012
90 Following
78 Followers
276 Posts
Today was my last day @Pivotal. Special shout-out to @ramirosalas & @sreetummidi, & the Toronto Pivotal Compliance Innovation team. Thanks for everything. Proud of what we were able to accomplish over the last few years. Really looking forward to starting my new gig on Monday!
@ramirosalas +1. Excellent idea...and if that 2x2 is addressing security needs specifically, don't forget you need to consider the difficulty for the adversary -- Eve / Mallory / etc. -- rather than just the difficulty for _you_. Eve and Mallory don't care if it's difficult for you.
Very proud of the work being done by the Pivotal Compliance Innovation team.
https://t.co/YYguGWGTtH
PCF 2.4 is out. Go Team Go!
Pivotal Cloud Foundry is known for the best app deployment experience. With PCF 2.4, it gets even better with zero downtime updates for pretty much everything. Check out the release highlights: https://t.co/3aM5mh6JqS
Who to follow
Ramiro Salas 
@ramirosalas
Co-Founder & CTO @ Hextropian Systems. CISSP. Angel investor.
Former VMware, Pivotal, CoSine, Lucent, Ascend, and 2 advisory boards.
Real Patagonian 🇨🇱💪
Rohit Kelapure
@RKela
Building with AI https://t.co/hwNJ1Jt0Wd
Stuart Charlton ᯅ
@svrc
cloud, XR and AI; solarpunk. food,#LetsGoOilers #FTTB, economics, embodied cognition, mindfulness, audio/music and car enthusiast. he/him. BLM. always be kind
@shawnmckinney Enjoy that "new electronics" smell! 😀
As I've said before, software architecture (and security in particular) is fractal in nature. Inside that big waterfall there are a lot of similar looking little waterfalls...all the way down.
Been thinking about this a lot lately. Glad someone else took the time to write it down. Consider it required reading. And yes, I did a project where we wrote specs as per DOD-STD-2167.
The "Waterfall" methodology was a historic accident and they knew it.
https://t.co/q9XjENX9pS
@shawnmckinney +1 ...but I'd say it's a mindset for those who focus on security. For everyone else (including developers) it's more helpful to say it's a set of learned behaviors. We need devs and users to adopt specific behaviors. Less helpful to be aware, and still behave in an unsafe way.
@SteveBellovin @matthew_d_green IMHO, it's still very relevant. I can't think of a better introduction to the space. When my 20-something nephew expressed interest in a career in infosec, I gave him my copy of Cuckoo by Stoll, and Thinking Security by @SteveBellovin
@shawnmckinney Have fun. Curious to know how many COTS offerings remain...and are they actually commercially licensed but based on OSS projects, or fully closed source?
@ISC2 @hellostaceyo Hey @ISC2 thanks for your reply... FYI, I can't DM you unless you follow me. So, I've e-mailed member support with my member ID... and got an auto reply that says I can expect an answer in 3 days...
Hey @ISC2 , having trouble with the new site trying to report my CPEs... Also, got an audit flag of some CPEs, but then the audit response feature on the web site doesn't seem to be working. Please help!
@csuwildcat That used to be called a privilege escalation based on a race condition....but I guess now it's a feature. And also an excellent idea for a movie plot device.
@ramirosalas My condolences for your loss. Thanks for sharing. Inspirational, in so many ways...
@KathleeMoriarty I use #InfoSec when talking to other security pros. I use #cyber when talking about what I do with my neighbors, and their kids. Not sure why, but even highly skilled, highly educated don't grok #InfoSec, while the less precise #cyber is recognized, even if not fully understood.
Yes, continue to iterate on your features...but every individual iteration must contain an appropriate subset of security controls to ensure the completeness of protection for the features present in that given iteration. #SecureByDesign #SecDevOps #ArchitectedSecure
ProTip: Agile iteration is about adding *features* incrementally. The non-functional security requirements like confidentiality, integrity, and availability cannot be added incrementally. They need to be there from the very start, and be in scope for every iteration.
Step 1: categorize the information system. Step 2: plan the epics of features. Step 3: create acceptance criteria for the feature stories that include validation of the non-functional security requirements. (This means non-happy path testing). Step 4: go to Step 1.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers