Share this page!

Lesley Carhart Profile picture
Twitter logo
23 Oct, 6 tweets, 1 min read
Yea so tonight a junior infosec person called me.

He was struggling with a bad employer who was gaslighting him and not giving him any path to success.

I think my next talk needs to be about how to succeed in business as a junior infosec person.

LMK where I should submit it.
I’m talking to SANS about a webinar panel! But I’ll also release a blog.
There seems to be a lot of bitter resentment about this from people who have had bad management. There’s no silver bullet to those situations, but we really do have to have conversations about bad and good management styles and cultures.
Unfortunately, a lot of people who should not be managers and do not have basic requisite skills become managers. Sometimes they’re pushed into it. Some cultures just have irredeemable cultures from the highest level.
That doesn’t mean that there aren’t essential skills to becoming a good manager and that we need to send a wake up calls to people who are lacking them and to people who are being negatively effected by reporting to those managers.
Overall, though, I notice a lot of resentment in general from seasoned infosec pros to junior ones when they don’t have to suffer the same indignities and roadblocks we did. It’s natural, but absurd. We should be happy when things improve.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lesley Carhart

Lesley Carhart Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @hacks4pancakes

Lesley Carhart Profile picture
8 Oct
Hey, so I’m not sure who needs to hear this, but there’s a debate in cybersecurity as to if incident response can even ^be* an entry level job. I won’t even wade into that, but at a minimum to do traditionally defined DFIR / incident response you need some fundamentals.. (thread)
An “entry level” incident responder already has strong high level knowledge of security concepts like how hackers work, common attack and lateral movement vectors, and ways systems can be infected / exploited.
They should also have moderate knowledge of disk, memory, and network forensics. Being able to analyze evidence and figure out if and how a computer was infected is an important part of our jobs.
Read 7 tweets
Lesley Carhart Profile picture
8 Oct
SOC alert triage analysts, learn to threat hunt...
A lot of people up in my DMs upset about this because they think I’m overselling ML. I’m really cynical about ML. However, machine-aided automation has definitely reduced the manual work in security ops in the past 15 years. The job I did back then would be almost unrecognizable.
Good security teams and vendors have made a definite push to automate simple and repetitive tasks and rightly so. This goes for detection and triage. Playbooks, automated workflows, smarter SIEMs, better event correlation and statistics in bigger indexed data sets.
Read 6 tweets
Lesley Carhart Profile picture
6 Oct
I totally agree with the fury about home security companies not considering DV as a threat in their advertisements, but let’s be honest - they already designed systems that can be configured to push a notification when a specific person enters or leaves the home, so...
Much like car anti-theft tracking systems, home security installs have always been usable by DV perpetrators because of poor consideration of account separation and individual protection, and I hardly ever see anyone talking about either one.
Always, always consider DV in your physical or digital security system design. If you build it, they will come. Privileged security tools are often wonderful human monitoring appliances.
Read 4 tweets
Lesley Carhart Profile picture
4 Aug
Grab a bag of M&Ms. Put them in a bowl. Let’s pretend that green ones are infected people. Pull out all green ones but a couple.

Close your eyes and start pulling out M&Ms. Check the colors. The more you check, the more clear it becomes that there are a low number of green M&Ms.
Now, add a bunch of green M&Ms back. Start pulling M&Ms out blindly again. You will notice that now a lot of the M&Ms you grab are green. It’s obvious that there are a lot of green M&Ms in comparison to other colors. The ratio has clearly changed.
Checking *more* M&Ms has not changed the fact that if there are more green M&Ms, you pull more out randomly from the bowl.

The *percentage you identify* of green M&Ms to other colors has to do with how many were in the bowl, not how many times you checked another M&M.
Read 5 tweets
Lesley Carhart Profile picture
21 Jul
I think the most numbing part of the last year is that I’ve kept making really unpleasant predictions, and very smart authority figures I respect continually reassured me I was wrong. The pandemic. Lockdowns ending too early. Vegas. Disney. The protests. I haven’t been wrong yet.
After the election, my dad shrugged quietly and told me, “science and reason will always exist in my house”.

For the indefinite future, I can only see my dad masked, outside, and briefly anymore, for his own safety.
This isn’t an “I told you so”. I wanted to be wrong about everything.
Wear a mask.
Distance.
Take care of your neighbors.
Be informed and care about your nation.
Vote.
Read 4 tweets
Lesley Carhart Profile picture
16 Jul
STORYTIME: I once worked an IR case which ended up being an org substantially compromised by an advanced adversary when an employee was spear phished on his *personal* email using pretext surrounding his previous job at another company. He was logged in on his work PC.
The org that paid a boatload for IR and had to do lots of cleanup was never the intended target. They were just an unintended victim whose system was exploited though webmail as part of a campaign against an unrelated company.
The adversary still did extensive recon, password theft, and moved laterally through their network because they likely didn’t know where they were at first, and once they figured out where they were, likely decided it was a windfall to have a foothold somewhere else. Opportunism.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @hacks4pancakes