A common ask: why don't you update the Diamond Model paper with newer examples? No. I like to teach the earlier papers to imbue history into infosec. We're surrounded by the new and the "today" - I want to give space to what came before. #infosec#cybersecurity#ThreatIntel
It's important in #infosec to be a student of history because you will be able to scale. There may be 1.5M new threats today, but they're just variations on 3 threats from a decade ago. You can now solve the better #cybersecurity problems.
So, in my courses I don't teach the new to make it "relevant." I teach the old to expose students who likely have never read them and provide additional insight they would have lacked with only the "newest."
• • •
Missing some Tweet in this thread? You can try to
force a refresh
A thread on bad analysis. When #ThreatIntel analysts want to show off their Foreign Policy and Economist subscription status after reading the Russian foreign policy Wikipedia page /n #threatintelligence#cybersecurity#infosec
Most analysts who are "doing attribution" aren't doing good cyber threat intelligence, they're doing poor foreign policy analysis
They neither have neither the data nor the expertise to make even a moderately confident statement on attribution
False flag operations are very rare because they're risky and the blowback effects are bad. Interestingly, the risks increase the more "important" you are so the most powerful countries are less likely to conduct FF ops. /1 #infosec#cybersecurity#ThreatIntel
Traditional covert and clandestine operations are cheaper, less risky, and more likely to succeed than false flag ops. Importantly, not all attempts to redirect blame is a false flag but just considered standard covert ops. /2
False flags are also generally misunderstood and confused. For example, using Russian as an English speaker in malware is, by itself, not a false flag but rather just considered good covert practice. It doesn't attempt to place blame but just conceal the operators better. /3
First, health data has ALWAYS been considered protected and sensitive. Hence, the privacy requirements and oaths physicians abide by - courts have LONG recognized this privacy.
Here, we're going to have health data records tied to a person tied to a phone tied to a location. It's literally a real-time walking health report.
THREAD Tonight, some live tweeting making dinner. This evening comes from a little further afield from last time. No spoilers as to what it is until the end. Guesses are welcome 😃 #Cooking#Cuisine
First, a load of Pecorino Romano cheese in a bowl.