Dave Kennedy Profile picture
Aug 22, 2020 4 tweets 3 min read Read on X
Hiking time! #RedTeamFit ImageImage
ImageImageImage
ImageImageImageImage
Lol yep

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Dave Kennedy

Dave Kennedy Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @HackingDave

Jun 17, 2022
Long thread but serious talk.

Seeing a massive problem in the security industry today. We have brand new candidates lacking "hands on" experience coming into the workforce and finding it extremely difficult to find a job. 1/10
We talk about skills shortages everywhere in cyber security - but almost 99% of the job postings I see are for already experienced individuals.

We have a skills shortage because we are not hiring new security folks into this industry. 2/10
As an example, we recently opened up two internship spots and had over 900 applicants. This is insane and impossible odds for these folks.

Salaries are out of control for minimal experience where companies are paying outrageous wages for just a few years of experience. 3/10
Read 10 tweets
Oct 11, 2021
A friend sent me a pic of mandatory/required in-person training they are required to do and one of the topics was cybersecurity.

Of course, it was a black hoodie-looking hacker, and the course was about as dry as it could possibly be.

It was good to get his perspective (1/4)
He learned absolutely nothing.

It was more on scare tactics of what hackers could do to spy on you and the company.

It wasn't exciting and wasn't about what's happening and what you can do to protect the company and your own personal assets.

(2/4)
If we are looking to curb user behavior, we need to explain WHY humans are a risk factor in the organization's overall threat model in very basic terms.

Assigning responsibility and ownership here is key in that it's everyone's mission in an org. Again, keep it basic.

(3/4)
Read 4 tweets
May 9, 2021
Ditch the diet.

95% of diets fail.

(psychologytoday.com/us/blog/change…)

It's simple, calories in vs. calories out.

If you control your calories, you control your body.

It starts with eating.

Losing weight == less calories.
Some tools can help, mostly short term such as intermittent fasting, keto, etc. These are great things for fast or short term..some can do it long term but is rare.

Once coming out of these "diets", you need a program to keep the weight off.

Count those calories.
Don't start with cardio and buying a treadmill.

It won't work unless your mind is right on food.

Control your food first, and add cardio or weightlifting once your calories are right.

More cardio == you wanting to eat more == eating too much.
Read 9 tweets
Apr 11, 2021
Let's go #Cavs
Zion
Read 5 tweets
Mar 31, 2021
I wanted to clarify some complex topics regarding the Exchange / ProxyLogon discussions that happened since the dust has settled.

1. I'm concerned generally about the negativity against security researchers releasing code as I view this as taking steps back not forward.

1/10
2. I think researchers should be mindful of when a PoC drops. In the ProxyLogon event, I was against dropping early to give companies time to patch. In stating that, there should be no hindrance as to when a researcher publishes code, especially after a patch is released.

2/10
3. My biggest fear is we are moving back to where red is secretive in TTPs which does not help the industry progress forward. This occurred several years ago in this industry, and there were several years of organizations not understanding how to defend themselves.

3/10
Read 10 tweets
Mar 11, 2021
Last week, made a comment about how I wasn't a huge fan of Sentinel overall. Got to dive a bit deeper into it with my team over at Binary and has definitely changed my perspective a bit.

Sentinel is not easy by any stretch but there is a lot to it.

If you have the right data going into it (which isn't easy), and you have a team behind you to build up the detections, Sentinel is extremely powerful.

With jupyter and KQL foundation is super powerful to build what you need to off of it.
From my comments earlier, it is a solid product.. It just requires a substantial lift to get it to a point that will help you mature monitoring and detection capabilities.

Requires a knowledgeable team is the biggest thing there.
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(