Talked to vendor's support group that deals exclusively with F500.

After some discussion, "It's rare we have a contact at customers on the security side who have a solid understanding of email."


If you run your own email or have Exchange experience ur basically world-class.
Time and again, Security has to be in the drivers seat with vendors, regardless of silo.
Delegating to the Ops team with vague architectures isn't going to work. You have to be on the calls and pushing the vision of what needs to happen.
Our mail staff is shockingly good at pushing forward on stuff we ask for, but they have to have support from the organization and us.
Once I started joining the weekly meeting with mail stakeholders, suddenly they had somebody to point at about why things needed to happen.
In fact, when I first joined the company, I'll be honest, I thought some of the staff just weren't good. They had let stuff fester and degrade.

But that wasn't the case at all. They had just been kinda abandoned and without power to drive internally. It's hard to be a "utility."

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with SwiftOnSecurity

SwiftOnSecurity Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SwiftOnSecurity

13 Jan
I do wish more people had more freedom to share their daily IT struggles.

I am not a contractor under a nebulous NDA, and I know where the lines are. A lot of people, there's just zero-tolerance for disclosure of anything.

I'm not uniquely skilled, I just get to talk about it.
A huge part of this is power. Arbitrarily changing these lines of what's allowed to be disclosed, is how corporate power asserts itself.

Everything is warped in professional interactions all the way down. Public profiles aren't a good job requirement because it's a sign of power
It's my belief that publicly standardizing and fearlessly discusssing approaches to IT problems is a force-multiplier for Defenders.

Don't broadcast all your defenses, but should be strong enough where publicity about what they are, is not felt as threatening.

That's weakness.
Read 6 tweets
11 Jan
This is important correction to earlier reports Parler was hacked to get private access used to "steal" posts. Others may have created accounts in a different group, but the site was archived using their own public API.
Even activities that seem justified in the moment, can have serious criminal penalties.

That was not the case for the Parler archiving effort. It was clean.

Let's be very careful in conflating preservation of data posted for public consumption, with network intrusion.
The prosecution of people using APIs is a dangerous precedent that's been done before to excuse corporate oversights in security.

For sure, in other situations there is malicious exploitation possible and private data at risk. This was not that.

You don't want to walk this line
Read 5 tweets
8 Jan
Active Directory is one of the most interesting computing artifacts. Not a 1st-gen identity system, it has lots of lessons-learned from others, but it's still one built on a ultimately utopian vision.
Its strengths and deficits literally define the landscape of a modern network.
I cannot understate it enough; Active Directory is a product that believes in humans and expertise. It defines – exposes – innumerable interfaces that give you power, power you desire and demand, but power you arguably should not have.

It is the core, without the rubber bumper.
LDAP + DNS + Kerberos.

It is the making of a synergy unparalleled. And literally, it is the chosen. Everything else has fallen away for a reason.

But it is the overwhelming current of autonomy that arcs to chaos in a fallen world.
Read 6 tweets
8 Jan
I went through several job interviews with great companies and people that, in retrospect at that moment in my life and the job context, it was better off I didn't get. Of course that took years to fully realize.
I was still so timid and stuff I didn't even like expense my incidental costs for the flights.
Of course I realize now that is barely the cost of a catered cheese platter for one of their executive meetings.
Also taxi cabbies spotted me and knew I was fresh shrimp and charged me a crazy amount and I just said sure because I was awestruck and inept.
Read 4 tweets
5 Jan
Consulting with internal teams on how ActiveX works this is how I earn that Cyber paycheck
Me in 2010: This is the biggest waste of my life imaginable this is dead-end technology

Me in 2020: welcome to my presentation on ActiveX
Fun fact for years Flash would just ignore your administrative settings file if you created it with Notepad.
Read 23 tweets
3 Jan
Oh wow this talk by @deviantollam about door security is fast-paced and fun! Lots of pictures, lots of solutions. A model presentation. And a lot of surprises!
It's my opinion that there is basically no profession that isn't interesting if you ask the right questions. I have never talked to anybody and been bored.
One time I talked to a fast food drive-thru cashier and was just entranced by edge cases and tricks in their order interface.
Never ask how they do it. Ask how they respond when things outside control go wrong. That's the actual engineering + clever bits. And they feel valuable.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!