Share this page!

Lesley Carhart Profile picture
Twitter logo
10 Nov, 9 tweets, 2 min read
I was a very early Facebook user, long before they opened for public registration. Boy, at the time I never would have guessed that they might be the specific tool used to decimate Democracy, local news, and free reporting around the world.
If you work for Facebook in anything other than an influential legal or policy position where your entire *purpose* is to make change, I really don’t know what to tell you. I’m disappointed in you. We could help you find another infosec job.
The sad thing the last 10 years have taught us is how much easier social media and big data made it to become a cult leader. Lots of people are susceptible to addiction and conspiracy theories, there just wasn’t a great way to efficiently reach them in huge numbers, before.
Idle late night trolling has grown into massive, irrational conspiracy theories that we hear daily from family and which threaten the very survival of the USA and UK. Our adversaries have learned from this and wield it well. Things are truly dark.
The incredibly sad truth is that a lot of people are poorly educated despite our national wealth, and/or lack basic critical thinking skills. They have become addicted to being told they’re in on a secret, and that they’re the victims, and that they’re part of the winning group.
The work to repair the damage of years of disinformation is an unfathomable task, but I firmly believe first steps and heavy responsibility *right now* lie squarely on social media magnates, and their employees and investors. Journalists share some as well. This isn’t status quo.
The reality *right now* is that millions of citizens are being purposefully manipulated (for various reasons) into supporting an actual coup that would destroy the fabric of our constitution. The legitimacy of our government is in jeopardy.
Even though this is very unlikely to be successful due to ham handed attempts, the next person to try will be much better prepared and likely much more competent.
So yes, I will shout this from the rooftops. Facebook, Twitter, YouTube employees- what happens in the next 70 days, the next year, the next 10 years? All but your very richest execs will actually have to *live* in that world. You are culpable. You will have to live with it.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Lesley Carhart

Lesley Carhart Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @hacks4pancakes

Lesley Carhart Profile picture
8 Nov
I’m going to share a very unpopular opinion that I think needs to be said. There was a huge outcry on Tuesday about Nate Silver and FiveThirtyEight’s poll analysis having some deep flaws. However, he and his team did some bang up analysis once real votes slowly trickled in.
Throughout the week I saw a lot of bad calls from other news sources (AZ was especially weird), but since Tuesday night they’ve been statistically and sociologically predicting what would happen with mail-in and provisional ballots very well.
(And as others have said, they were quite conservative in discussing projections for major polling errors, and ultimately did project that national race correctly.)
Read 4 tweets
Lesley Carhart Profile picture
8 Nov
It’s been so long since I’ve been able to have a celebration with friends that apparently all my champagne is corked.
Always buy the cheapest screw top champagne. There’s a lesson here.
I already took my eyelashes off and I’m not going to Aldi now
Read 4 tweets
Lesley Carhart Profile picture
23 Oct
Yea so tonight a junior infosec person called me.

He was struggling with a bad employer who was gaslighting him and not giving him any path to success.

I think my next talk needs to be about how to succeed in business as a junior infosec person.

LMK where I should submit it.
I’m talking to SANS about a webinar panel! But I’ll also release a blog.
There seems to be a lot of bitter resentment about this from people who have had bad management. There’s no silver bullet to those situations, but we really do have to have conversations about bad and good management styles and cultures.
Read 6 tweets
Lesley Carhart Profile picture
8 Oct
Hey, so I’m not sure who needs to hear this, but there’s a debate in cybersecurity as to if incident response can even ^be* an entry level job. I won’t even wade into that, but at a minimum to do traditionally defined DFIR / incident response you need some fundamentals.. (thread)
An “entry level” incident responder already has strong high level knowledge of security concepts like how hackers work, common attack and lateral movement vectors, and ways systems can be infected / exploited.
They should also have moderate knowledge of disk, memory, and network forensics. Being able to analyze evidence and figure out if and how a computer was infected is an important part of our jobs.
Read 7 tweets
Lesley Carhart Profile picture
8 Oct
SOC alert triage analysts, learn to threat hunt...
A lot of people up in my DMs upset about this because they think I’m overselling ML. I’m really cynical about ML. However, machine-aided automation has definitely reduced the manual work in security ops in the past 15 years. The job I did back then would be almost unrecognizable.
Good security teams and vendors have made a definite push to automate simple and repetitive tasks and rightly so. This goes for detection and triage. Playbooks, automated workflows, smarter SIEMs, better event correlation and statistics in bigger indexed data sets.
Read 6 tweets
Lesley Carhart Profile picture
6 Oct
I totally agree with the fury about home security companies not considering DV as a threat in their advertisements, but let’s be honest - they already designed systems that can be configured to push a notification when a specific person enters or leaves the home, so...
Much like car anti-theft tracking systems, home security installs have always been usable by DV perpetrators because of poor consideration of account separation and individual protection, and I hardly ever see anyone talking about either one.
Always, always consider DV in your physical or digital security system design. If you build it, they will come. Privileged security tools are often wonderful human monitoring appliances.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @hacks4pancakes