Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Kat Sweet Profile picture
@TheSweetKat
Jun 24, 2020 8 tweets 3 min read Read on X
#BadStockPhotosOfMyJob

The hardest part about working in security is when someone tries to crack the password on the Adriatic Sea by setting it on fire.

The second hardest part is playing the piano solo from “Layla” on your desk before you begin the triage process. Stock photo of “network sec...
Meanwhile, after a rogue admin Konami-coded their way into AWS’s Artic Circle and Kazakhstan regions, Gabon gets DDoS’ed by shopping carts via a nation-state attack on Aldi’s 25-cent cart-unlocking mechanism.

Such carnage. It’s a good thing you‘re wearing your IR cufflinks.
(As a sidebar: Oceania becoming bar graph-shaped isn’t related to your job. Just collateral damage from climate change. Which you may or may not be contributing to by mining crypto — no, the other crypto — in your spare time.)
Determined to do some Attribution™️ on this attack, you turn to the best tool known to hackerkind for binary analysis: an iPad.

Sadly iOS doesn’t use standard octets; they developed a proprietary system for grouping the beeps and boops (that’s 1s and 0s in security speak, kids). Stock photo of “network sec...
Your employer, claiming “security is a cost center”, didn’t bother to pay for the accessibility features on your reverse-engineering iPad. It’s so hard to read that you need a magnifying glass.

You try to select “mark as read” but instead you hit “mark as red”.
At last you uncover a human-readable payload.

Oh god.

They’ve encrypted all of your workloads until you give up your fancy suit. And — gasp — your good IR cufflinks. Having seen the Aldi cart DDoS, you know full well the havoc they can wreak.

You pay.
Deprived of your suit, you retire to your lab and fire up the blue lights to ward off the SAD. You sullenly blast Dar Williams’ “I Am the One Who Will Remember Everything”, with an empty gaze into one of your 15 monitors.

Heavy is the head that wears the Warby Parker glasses. Stock photo of “network sec...
You caress your mechanical keyboard, the only personality you have left now that your suit and cufflinks are in enemy hands.

Small price to pay for security, you muse. For today, you, a mediocre neckbeard named Brayden who failed upward...

You survived your first ransomwear.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kat Sweet

Kat Sweet Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @TheSweetKat

Kat Sweet Profile picture
Jan 23, 2022
You can glean a lot about an organizational culture by which straight white men-authored business books everyone passes around and which corporate astrology personality tests they put employees through.
As a few examples:

Deep Work: does the org devalue the glue work of administrative tasks, relationship-building, mentorship? Which employees are afforded the privilege to work "deeply"?
How to Win Friends and Influence People: does this org value conflict-avoidance and toxic positivity above honesty and direct communication? Do they make room for neurodivergence?
Read 8 tweets
Kat Sweet Profile picture
Sep 22, 2020
Security operations folks: what do you wish the teams who design and develop detection/response tools understood better about your jobs?
And to clarify, I’d also welcome just a description of current state or problems you’re trying to solve — proposed solution optional!
One thing I wish more vendors would grok is how little time is actually spent on most of their tools. Their source of alerts is just one of many. We determine priority not just in the context of an alert itself but in the landscape of a ton of things competing for our attention.
Read 4 tweets
Kat Sweet Profile picture
Sep 3, 2020
Since folks are discussing communication as a core security skill, I’ll add that it’s vast and multidimensional. Helps to pick a fairly narrow area to focus on developing, w/ time-box & tangible measures of progress/success.

Thread of how I’ve tackled this in past pro-dev plans:
First, a few ways to structure. IDPs (individual development plans) can be useful for this — there are tons of templates for these online. A broad development goal, then a specific goal and steps to work toward it within a set amount of time, like one quarter.
Some break these steps into “learn”, “connect”, and “create”: what books/tutorials/trainings can I consume, who can I talk with about this, what hands-on project can I apply this knowledge toward?

So, a few comms/people-ing areas that I have tackled in the past:
Read 17 tweets
Kat Sweet Profile picture
May 14, 2020
I’m enthusiastically singing along to the @Indigo_Girls livestreaming concert of the entire Rites of Passage album. Cheers, queers. 🏳️‍🌈
“Galileo” now. 😍 I remember seeing them in Madison in 2011, and they closed the show with this song... they got the entire audience singing the bridge a capella.
Track 3, “Ghost”. The slow burn up to the intense af bridge is still glorious.
Read 11 tweets
Kat Sweet Profile picture
May 10, 2020
Ohhhh Mean Girls quotes work so well for this.

She doesn’t even go here, and I still don’t have a toaster!
You can’t sit with us! And I still don’t have a toaster!
I don’t think my father, the inventor of Toaster Strudel, would be too pleased with this, and I still don’t have a toaster.
Read 4 tweets
Kat Sweet Profile picture
Apr 14, 2020
What does a technical evangelist do to scratch the in-person conference itch when there are none? Live-tweet a fake security con held at her apartment, of course.

Here we go. (1/14)
I’m here today at the illustrious and completely faux StayHomeCon ATX! I’ll be in the @capsule8 tshirt so come say hi if you see me!!

First impressions: super impressed with this year’s badges — the organizers really went all out this year. Hashtag badgelife. (2/14) Wearing a face mask around ...
This is one of the first cons I’ve been to where all the restrooms are gender-neutral. Thank you for being so inclusive, StayHomeCon ATX!! (3/14) My bathroom
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(