Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Nick Carr Profile picture
Nick Carr
@ItsReallyNick
Tech Director / Threat Intelligence at Microsoft. Previously, Director of Incident Response & Intel Research at Mandiant. Former Chief Technical Analyst at CISA

Apr 2, 2020, 9 tweets

OK so this is my last week at @Mandiant / @FireEye ๐Ÿ˜ข

Here's the truth:
โ™ฅ๏ธ Joining Mandiant was the best decision of my career โ€“ the people & company have been SO good to me
๐Ÿง  Many of the brilliant minds in security are here & we have FUN every day

1/8

๐Ÿ’ป๐Ÿ” There is no better professional #infosec experience than responding to the intrusions that matter & defending at-scale alongside awesome people. If you have the chance to work here โ€“ .
๐Ÿ—“๏ธ One year here is worth many more in experience. So here are some highlights:
2/8

โ˜•๏ธ Doing LRs & writing decoders during my first Mandiant breach response - with #APT17's HIKIT & also BLACKCOFFEE malware using technet for C2: fireeye.com/blog/threat-reโ€ฆ
๐Ÿ’ฐ I was fortunate to lead the first IR for the group that would come to be known as #FIN7
3/8

If you work hard, sometimes you can outpace attackers & expose them to educate others. Here are a few IRs I did that we were allowed to share publicly:
๐Ÿ‡ท๐Ÿ‡บ #APT29 ๐Ÿคฏ #NoEasyBreach
๐Ÿ‡ป๐Ÿ‡ณ The IR that graduated #APT32 to the big stage: fireeye.com/blog/threat-reโ€ฆ
4/8

๐Ÿ‡ฎ๐Ÿ‡ท Leading the breach response that promoted #APT33: fireeye.com/blog/threat-reโ€ฆ
๐Ÿ““ Many team efforts chasing bad guys around and reporting (via the blog) on their techniques: fireeye.com/blog/threat-reโ€ฆ

... and so many more that are NDA'ed forever, but I'll never forget! ๐Ÿคซ
5/8

A few years ago, I jumped at the chance to build out the #AdvancedPractices ๐Ÿฆ… front-line research team [follow many of them @ twitter.com/i/lists/104134โ€ฆ] and work alongside to FLARE's reverse engineers ๐Ÿง™๐Ÿฝโ€โ™‚๏ธ. The teams are brimming with talent, hard-work, & creative solutions.

6/8

I'm pleased to have helped shape authentic (& spicy) comms.

It's been an honor to have front-line friends from all across the company on #StateOfTheHack for the past ~2 years: On the show & in our blogs, we now go behind-the-scenes and show our work.

7/8

The goodbyes have been brutal. I'll miss the people immensely. But like, let's be honest, we are all still going to hang out on this free website Twitter dot com.

I'm super excited for what's next โ€“ and I hope the bad guys like their hiding spots because here I come! โžก๏ธโ˜๏ธ๐Ÿ˜‰
8/8

I'm going to take a few weeks "off" to spend time with my wife, COVID-19-homeschool my kids, pace anxiously around my home quarantine, get in better shape, & try to learn piano. By the end of the month, you can find me here:

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling