Jayme Metcalfe

@jaymemetcalfe

Cybersecurity, Data & AI, resilience, and everything in between. Risk geek. Author of IRAM2. Opinions are my own.

Singapore

Joined May 2014

136 Following

165 Followers

1.3K Posts

jaymemetcalfe retweeted

9 months ago

I cannot tell you how many times I have had GenAI generate code and I have to ask it, “Isn’t that susceptible to a (x) attack?” and it replies, “Oh! Yes it is, do this instead:” These non-programmers are vibe coding garbage and deploying it to production. Poorly architected, not extensible, not secure and in prod.

6

65

10

15

13K

jaymemetcalfe retweeted

9 months ago

i never saw this coming

ThePrimeagen's tweet photo. i never saw this coming https://t.co/u1wSqUrE1y

317

21K

1K

1K

809K

Jayme Metcalfe @jaymemetcalfe

10 months ago

As #AI is rapidly deployed in every aspect of our digital lives, it's imperative that we push forward with proper governance and oversight frameworks. Relying on vague promises of vendors to protect data won't suffice. #cyber #privacy https://t.co/OLBWUsRAxX

0

0

0

0

39

Jayme Metcalfe @jaymemetcalfe

10 months ago

#genAI usage has grown at a rapid pace over the past few years, for many people it has become an integral part of their lives. However, it has been evolving more quickly than either guardrails or regulation can keep up. #cyber #privacy https://t.co/zAhjWraDh2

0

0

0

0

39

Who to follow

Tech Director. Insert cliches here

Cybers and whatnot. Head of technical services @nettitude_labs

Jayme Metcalfe @jaymemetcalfe

11 months ago

#risk and control frameworks have lagged behind the rapid development of #AI, and now that AI risks are starting to be realised in the 'real world' the need for sound governance and risk management, as well as independent assurance, is growing. https://t.co/sqJqBXKVfq

0

0

0

0

16

Jayme Metcalfe @jaymemetcalfe

11 months ago

A critical #sharepoint vulnerability is being weaponised on a large-scale campaign presently. In the absence of a patch, #Microsoft is currently advising to configure AMSI integration in SharePoint and deploy Defender AV on all SharePoint servers #cyber https://t.co/272eIAm6L7

0

0

0

0

70

jaymemetcalfe retweeted

François Chollet

11 months ago

In order to supervise an automation tool (or another person!) effectively, you need to be able to do the same job yourself. Doesn't matter if you rarely ever do the job yourself (like a manager who no longer codes), you need to be *able* to do it.

32

941

164

273

90K

Jayme Metcalfe @jaymemetcalfe

about 1 year ago

Australia has become the first country in the world to require #ransomware victims to disclose to the gov't when they pay a ransom. It's uncertain at this point what behaviours this will drive, but other jurisdictions are following closely. #cyber https://t.co/jfHmlwvyYN

0

0

0

0

67

Jayme Metcalfe @jaymemetcalfe

about 1 year ago

#resilience of critical financial services continues to be a major focus for organisations and national regulators, given their importance to national security. https://t.co/diarHBoooH

0

0

0

0

21

Jayme Metcalfe @jaymemetcalfe

about 1 year ago

Japan’s FSA is warning around a sharp increase in the number of cases of unauthorized access through online trading services. Over 12 securities firms have reported breaches to customer accounts, with losses reaching ~$700M USD. #cybersecurity https://t.co/1kuVjXCOIX

0

0

0

0

38

Jayme Metcalfe @jaymemetcalfe

about 1 year ago

Effective #cyber security underpins trust in modern markets. All organisations at some point will suffer a breach, how they respond to it determines in part whether trust is sustained or eroded. https://t.co/6qZWi0AbSl

0

0

0

0

35

Jayme Metcalfe @jaymemetcalfe

about 1 year ago

#Google just released 'Sec-Gemini', a new AI model specifically for #cyber security use cases. No doubt going to be a huge number of such models being released; the trick is going to be how to uplift our workforce and op models to get the most benefit. https://t.co/8Ywvt5bBJw

0

0

0

0

28

Jayme Metcalfe @jaymemetcalfe

about 1 year ago

This is another in recent major incidents in int'l airports, following on from Heathrow last week and Seattle, Japan and Mexico in the past 6mo. This brings home the importance of #operationalresilience and #crisis mgmt, especially with regards to CNI. https://t.co/HFhSdfslZ5

0

1

0

0

41

Jayme Metcalfe @jaymemetcalfe

about 1 year ago

Another ex. of a software supply chain breach, this one showing a novel malicious use of #github actions. Notable many affected orgs don't appear to have followed best practices, and didn't use trusted tags rather than hashes of vetted versions #cyber https://t.co/ze8GxIzHc9

0

0

0

0

30

Jayme Metcalfe @jaymemetcalfe

over 1 year ago

There's increasing concern around the impact of #AI on #cyber security, and while there definitely will be changes on both offense and defense sides in the future, for now organisations are often still best placed to focus on nailing good cyber hygiene https://t.co/mhSsCaejwz

0

1

0

0

19

Jayme Metcalfe @jaymemetcalfe

over 1 year ago

The rapid rise of #AI has also led to a corresponding boom in the developer ecosystem. Alongside this, the unfortunate rise in #cyber threats. https://t.co/ud9Y9usZHn

0

0

0

0

26

Jayme Metcalfe @jaymemetcalfe

over 1 year ago

There's been a lot of discussion around #deepseekR1, which promises equivalent performance of leading models, with potentially significantly less investment in expensive hardware. Questions remain around the actual chips used, as well as security/privacy https://t.co/Ho4sYs4eff

0

1

0

0

38

Jayme Metcalfe @jaymemetcalfe

over 1 year ago

@SherryYanJiang The ban makes sense from an economy fairness perspective (market access reciprocity), but also from a state security perspective. If it goes through, the precedent it sets will primarily impact state-owned enterprises.

0

0

0

0

21

Jayme Metcalfe @jaymemetcalfe

over 1 year ago

The rise of #AWS S3 targeted #ransomware sees threats abusing AWS' own Key Management Service (KMS) to encrypt company AWS buckets (or any cloud provider). It's a good time for #cloudsecurity teams to sense check their current #cyber security posture. https://t.co/c9r8nkHsN0

0

0

0

0

32

Jayme Metcalfe @jaymemetcalfe

over 1 year ago

Blue Yonder, producing #supplychain software used by over 3k orgs, was subject to a #ransomware attack last week and have not yet provided a timeline for service restoration. Another reminder of the role of critical 3rd parties in #operationalresilience. https://t.co/KMMpLrA3tv

0

0

0

0

63

Last Seen Users on Sotwe

Trends for you

Most Popular Users