Profile picture
Tim MalcomVetter
@malcomvetter
, 3 tweets, 1 min read Read on Twitter
@arianevans I used to think that as well, but listening to him talk about "badness-ometers" gave me a different perspective, something like: "penetration testing is the worst form of security testing, except for all the others."
@arianevans Even industry vets like @dinodaizovi have recently talked about how there is so much quality variability between testers and pentest shops, as an example.
@arianevans @dinodaizovi I don't think GEM really thinks pentests should go the way of the dinosaur, so much as the customer of one should recognize that it might be money better spent focusing on design and code review. Anyway, that's the apologetics I'll offer on his behalf on a Friday.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Tim MalcomVetter
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @malcomvetter see all

Profile picture
Tim MalcomVetter
@malcomvetter
Thought of the Day: It's actually possible to cause HARM with a #redteam exercise. Read the thread before you jump to conclusions.
There are many different "goals" that stakeholders of a #redteam exercise may expect (and they probably only latch onto one of them, not even aware of the others):
- Program/Posture Assessment
- Controls Validation
- Adversary Simulation
- Adversary Emulation ^not the same^
In a healthy red team program, you'll have stakeholders from each "camp" expecting each of those items to be represented. A SOC will want controls validation, for instance, but may not care about a Posture Assessment (i.e. this business unit has a C+ security program).
Read 15 tweets
Profile picture
Tim MalcomVetter
@malcomvetter
For the newcomers out there...

I’ve been doing InfoSec stuff for ~20 years now, & every 3-5 years I discover a better understanding of the subject. Just when I think I’ve got it figured out, I get a little closer still.

This is for your edification to stick with it 1/
20 years ago, I thought “perfect computer security” was possible if you just figured out the correct “recipe” of stuff for the technical problem you were trying to solve.

Didn’t take long to shatter that misconception.
13 years ago or so, @cigitalgem convinced me that “network security” is really “software security” since “appliances” (that was our “cloud” back then) were just CPUs, RAM, and IO with a software stack. That was eye opening for me and still affects the way I think today.
Read 22 tweets

Related threads

Profile picture
John Lancaster
@jlancasterCBC
Here’s an important thread about a serial killer, and the crimes police want you to know about. And the crimes they don’t want you to know about. Please bear with me. There’s a lot to say.
It’s about Elizabeth Wettlaufer-a former nurse who is serving a life sentence for killing 8 patients and harming 6 more. Her crimes went undetected for almost a decade, until she decided to confess.
She was sentenced, in 2017, and the public has likely believed all her crimes had been publicly disclosed. Turns out, they weren’t.
Read 42 tweets
Profile picture
White Squall
@DougieFreshii
Ok I just finished my last #Audible #Audiobook. Time to trade them all in and get new ones. For my personal record I am going to tweet all the book, that I have listened to in the last few months. Ok here we go.
Learned more about #JFK than I have in my life. I really enjoyed this one. It's long, but for someone like me that didn't live through that time period, it was good at giving a sense of just how close we came to nuclear war and how JFK avoided it.
audible.com/pd/B00507LPX4?…
Another President I knew barely anything about, #LBJ. This book was really good too. I will probably listen to it again because I would like to be able to retain and repeat some of the stories that prove how corrupt #LBJ (and the Democrats) were. audible.com/pd/B00BFYJQJQ?…
Read 16 tweets
Profile picture
Tom G Stark ⭐⭐⭐
@TomStark913
#Perspective #SyriaWithdrawal #Syria
No matter what or when, leaving an area gives opposition opportunity to potentially regroup... This is true.

To bend to this argument would mean PERMANENT occupation.

Think about it.
There does come a point when the folks of a region need to become responsible and accountable to themselves.
We cannot continually hold everyone's hand.
I must say the liberal left has tied themselves into knots on this issue proving its not about issues currently, it's about opposing Trump.
They didn't want the troops there in first place... Calling for immediate withdrawal... Until Trump announced the withdrawal that is. 🙄
Read 4 tweets
Profile picture
Alexandraah! Scarin’
@alexandraerin
Okay, so. At about 2:00 PM I'm going to do a thread (continuing off this one if you want to like/bookmark/tab it) about Trump's AP interview from earlier this week.
I've made no secret of the fact that I see limited value in interviewing a reflexive liar but as long as people are doing it, I am going to wring every drop of meaning out of them that I can.
For those who haven't followed me long and don't know what I actually do here, I'm *not* a fact checker. That takes skills and resources I don't have. What I have is a very particular set of skills, skills honed over a long career of picking words apart and putting them together.
Read 178 tweets
Profile picture
Global Entrepreneurship
@entreprenenture
Let's discuss this thread for our #GlobalEChats!

So what do you make of the wave of #ecommerce these days? Come delve into the ins and outs of it with us!
So #Entrepreneurs out there, what is ecommerce?

It just refers to electronic transactions done in the name of #sale and #purchase.

In simpler terms, you buy and sell things online with the #internet! That's it!
But to whom and from whom can these #transactions take place between? Surprisingly, it's not just between #business (B) and #Customers (C)!

It can take place between:
1. B2B
2. B2C
3. C2C (or P2P)
4. C2B
Read 11 tweets
Profile picture
Frederic Guarino
@fredericg
#perspective 2018's first 12 days have been a rollercoaster of Trumpian reactive oxygen-sucking media cycles, ranging from the "i got a bigger nuke button" to @MichaelWolffNYC s Fire&Fury to the shithole controversy, to finish w/ Stormy Daniels 1/
Sober,rational analysts of our current feverish "moment" are few&far between- @RadioFreeTom @NoahCRothman @ianbremmer @umairh try to provide sustenance to who are interested in immediate&mid-long term consequences of the circus show started on the gold plated escalator in 2015 2/
Throwing my hat into the ring, some random observations to pierce the #Trumpian-media feedback loop (ICYMI @MattGertz's must-follow tweets) : Trump's #Outsourced Presidency could have lasting consequences as it paradoxically shows 2 facets 3/
Read 12 tweets

Trending hashtags

#PaulMcCartney #DontHaveKids #FoxAndFriend #DeathOfANation #GOP #IRF #bigdata #NRATV #opendsta #Education #LFN #DestroyTheAadhaar #yourewelcome #PeakTV #Entrepreneur #TPUSA #CNS #Companies #TheBeatles #Milita #war #greenwash #RA #Audible #CivilWar
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!