Something that doesn’t rely on a reactive response to finding susceptibilities. It’s not realistic for users, and it’s a race for groups against their adversaries.
“That’s not an actual solution”
No, it’s not the specific solution. But it’s the mindset required. Pro-actively deterring unknown threats is how patching isn’t relied upon to maintain security postures (which are only maintained if we actually know that we know everything).
“So we have to proactively respond to unknowns?”
I mean, yea. If we’re going to replace patching. Unknown problems have to be dealt with either before being known or after, and after means taking a responsive action.
Not at all saying this is in any way simple.
It’s not necessarily that patching needs to or will ever go away, but right now we depend on it.
Breaking news about a new attack? Patch patch patch!
What about all the users who don’t understand the problem, or worse yet, don’t know the problem exists?
• • •
Missing some Tweet in this thread? You can try to
force a refresh
This will be an evolving 🧵 of commands I learn about today and the resources used ⬇️
1. awk
awk is used for text manipulation within the command line.
A common use is specifying what kind of information you want to pull from a file or command output.
Example:
The who command returns currently logged in users of the system, as well as other information. What if we only wanted to see the users, without extra information? We could use awk like this, knowing the user is the first parameter in who output:
Interview advice for people getting into tech 🧵 ⬇️
1. Know main points about the company.
When interviewing all around, this can be hard. But know the main things. Does it make a product? Know what the product is and does. Does the company have a specialty expertise? Know what it is. This is a simple first hurdle to prepare for.
2. Know how to sell yourself.
Interviews often start with “tell me about yourself”. Know your strengths. Know your accomplishments. Know your passions. Know what you’re interested in (multiple things is okay, esp when you’re earlier career!). Be able to be concise & to expand.
In fact, I’ve been told that being a technical lead too early (despite being qualified and requested for the position) would make others question if I actually had the technical chops.
That being a TECHNICAL lead would make people question my TECHNICAL abilities.
Male colleagues with my same experience had become technical leads no problem.
If a woman is a technical lead and you assume she’s just leading because she doesn’t have the technical abilities, and you don’t think the same of dudes, that is a YOU problem. Not a me problem.
Are we doing enough to protect our data? Are we responsible for our data being collected and used? Is it bad to depend on big tech?
🧵⬇️
Everyone has some amount of awareness, on a scale of little to lots, about how our data is collected and used by the technology we use.
Yes, even the least tech-savvy people. They know that passwords can be stored, they like the ads they see, and map apps require location.
Then there's the other side, with tech and infosec professionals. We talk about data privacy and security and protect data for a living. What are we doing in our personal lives? Are we implementing what we know? Are we able to teach others how to protect their data?
Things not (normally) taught in computer science curriculums that should be included, a 🧵 ⬇️
1. Secure coding
Not just taking off points when students submit code with security flaws, but proactively teaching why certain practices will provide said flaws. Help them recognize insecure coding practices. Understanding security is a critical aspect of sw engineering.
2. Documentation
Comments may be required in code for beginning level classes but they’re even more important in later classes where code gets complicated and single characters can change code’s ability. This is esp important when students may just be taking shots at solutions.