Profile picture
Jake Williams @MalwareJake
, 7 tweets, 2 min read Read on Twitter
I certainly don't agree with everything in this thread, but it is very thought provoking nonetheless. I tell clients regularly that cyber security IS warfare if APT is in your threat model. We often fight nation state hackers with nearly infinite resources by deploying a CEH. 1/n
This obviously doesn't work. When you step back and look at resources that APT groups have, it's obvious they can comrpomise almost any organization. My favorite example is the China/Bit9 example. Picture being an attacker who can't get into a top tier target. 2/n
Now imagine that you think "Bit 9 is standing in our way, so we'll 'just' go comrpomise them." Um, that's a moonshot. Ask yourself:
1. What kind of organization dedicates resources to moonshots?
2. How many moonshots do we not know about?
3. How valuable was that target?
3/n
Answers:
1. Only orgs with some serious firepower (resourcing) can really afford to spend some of it on a moonshot.

2. It's nearly certain that other moonshots were tried. Some certainly failed, others may have been overcome by events.

3. Wow, that data must be valuable.
4/n
Now go ask your CISO when they last had resources to allocate to a moonshot. Odds are good you're going to hear a huge belly laugh. But to the OPs point, cyber security IS warfare - and we're usually fighting it poorly. 5/n
Personally, I find the resourcing example the most effective communication strategy for executives. You're speaking their language instead of talking a bunch of technobabble (what they hear) and "always asking for more money." 6/n
All execs understand how resourcing impacts competing in an open market. What they don't usually understand is that cyber security is a competition - and typically it's one they've undercommitted resources to. 7/7
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Jake Williams
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @MalwareJake see all

Profile picture
Twas the night before Christmas and all over the ‘net,
Not a creature was stirring except China hacking Tibet.

The IPS were strung by the egress with care,
In hopes that St WannaCry soon would be stopped there.
1/n
The children were nestled all snug in their beds,
While IoT devices mined the dreams from their heads.

Mama with her EDR and I with my IDS
Were ready to tackle an infosec mess.

Down in the SOC there arose such a clatter,
I logged into my dashboard to see what was the matter 2/
This thing had better work, it cost so much cash.
But gosh darnit, I can’t use it until I update Adobe Flash…

Pondering the alarms I thought “Oh heck no!”
That’s because the threshold for alerting was configured so low.
3/n
Read 14 tweets
Profile picture
I'm writing a new blog post but I need some help. We have a problem in the tech industry with consent vs. informed consent. Problems with confusing the two are not unique to infosec. Medicine has been practiced for millennia, but informed consent is at best ~50 years old. 1/n
Legalese terms of service can't be comprehended by a large percentage of a user base. Even if you understand what is being collected, do you understand how it will be used? A patient can't give informed consent without a discussion of risk. 2/n
Doctors don't routinely downplay risk in a procedure. This comes from two sources:
1. Liability
2. In most cases (electives are a counter-example), the doctor has a product (the procedure) the patient needs

These do not hold true in the technology field. 3/n
Read 7 tweets
Profile picture
Equifax moved the IT security team out from under IT due to "fundamental disagreements." This is highlighted as a shortcoming in the report, but infosec shouldn't be under IT. Imagine if your internal audit group were subordinate to the group it was auditing. 1/n
The report goes on to discuss moving infosec back under IT. Again, in the vast majority of cases this is the wrong answer. If we are all holding hands around the campfire, then maybe this works. In the real world, it only works when the right personalities are in place. 2/n
This is why we need subject matter experts writing these reports. During the testimony, Committee members became fixated on the fact that IT and infosec were in different orgs. They then drew inferences from the fact that IT referred to infosec for answers (and vice versa) 3/n
Read 8 tweets

Related threads

Profile picture
#Thread of responses from women in aerodynamics to the question, 'what would you like to see in order for women's career progression in your field to be sustained and better supported?'

Responses incl. career flexibility, mentoring and more women in leadership roles #WomeninSTEM
1. "I think young female engineers need to see more female role models and mentors in my field. Having a visible example of someone that looks like you and is succeeding in their field is important. Having an opportunity to meet with a mentor like that can be very powerful."
2. "I would like to see that any career promotion is based on own merits and value added to the company or the society independently of the gender. I want that women are measured with the same rules as men and are given equal opportunities."
Read 68 tweets
Profile picture
#Thread If I were Obama.
If I was Obama on January 5, 2017 sitting in the WH meeting with my AG, FBI, DOJ, Perkins Coie Counsel, WH counsel, ODNI, CIA etc.. with a portfolio of data we manufactured, collated, paid for and collected and an EO I had just singed in Dec of 2016 (1)
An Executive Order that makes it the law of the land "Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities" calling our #russia and all the entities we referenced in our "Portfolio" (2)
govinfo.gov/content/pkg/FR…
A portfolio we had in our hands that was lack luster, circular and completely manufactured... If I was Obama I would gear up and call upon all those "of our unique and comprehensive system of alliances and partnerships" to join me. To join me (3)
Read 32 tweets
Profile picture
FCO announcement:

The UK government and its allies are holding responsible elements of the Chinese government for an extensive cyber campaign targeting commercial secrets around the world.
Along with its allies, the UK has announced that a group known as APT 10 acted on behalf of the Chinese Ministry of State Security to carry out a malicious cyber campaign targeting intellectual property and sensitive commercial data in Europe, Asia and the US.
"This campaign shows that elements of the Chinese government are not upholding the commitments China made directly to the UK in a 2015 bilateral agreement. It is also inconsistent with G20 commitments"
Read 4 tweets
Profile picture
#Thread: Rough translation on Rajini's recent statement on RMM activities.

I'd like to clarify the false rumors stating RMM works are happening without my permission. All activities regarding RMM are happening with my knowledge & permission.

#RajinikanthPoliticalRevolution
Already by last year May month, I said that "I won't allow people near me who have thoughts of getting posts & earning money when I enter politics. So, those people stay away right now."

#RajinikanthPoliticalRevolution #Thread #Rajinikanth
Didn't say it for word-sake. We are entering politics to bring out a new political culture for a good political change. If we've to do politics like others, why should we enter politics?

#RajinikanthPoliticalRevolution #Thread #Rajinikanth
Read 15 tweets
Profile picture
Thread: Have you seen all the fantastic sessions planned for our upcoming Risk Forum? crarisk.com/news-events/ri… (1/10)
Dr Claire Taylor from @energiteknikk will present: ‘Looking between the numbers’ at the CRA Risk Forum. She’ll discuss Halden Reactor Project numerical data studies. bit.ly/2ug7G7h to register for the forum. #humanperformance (2/10)
@CyberQ_Group Dr Clive Stainton will present: ‘Cyber data and resilience: the good, the bad and the ugly’ at the CRA Risk Forum. He will draw on his 25 years+ experience to discuss #cyber security. Visit: bit.ly/2ug7G7h to register. (3/10)
Read 11 tweets
Profile picture
#Europe "an increasingly complex & competitive security environment," SACEUR/@US_EUCOM Commander Gen. Curtis Scaparrotti tells #SASC in opening statement
"Our adaptation to the environment has made significant progress...particularly under the European Deterrence Initiative" per Gen Scaparrotti, calling it "the largest reinforcement of Euro-Atlantic Defense in a generation"
Gen Scaparrotti also says @NATO alliance "is strong" and that "European allies & #Canada have turned a corner on defense spending with increases in each of the past 3 years" adding $46 billion to defense spending
Read 44 tweets

Trending hashtags

#filming #Ahwaz #Relationships #riskanalysis #brand #FieldService #SEPTEMBRE2018 #humanperformance #SocialMediaMarketing #ksleg #Iran #SmartCities #AhvazAttack #BestOf #xl8 #Washington #ZAPAD #Turkey #Arctic #someonecomeandgetstan #LaSource #manif #InfluencerMarketing #WomeninSTEM #storytelling

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!