Share this page!

SwiftOnSecurity Profile picture
Twitter logo
22 Nov, 7 tweets, 2 min read
😱 Here's my perspective on the question of importance for TECHNICAL LEADERSHIP, as someone who works for a very large firm with direct outside hires, career advancement, and cross-department transfers, at all levels. Can be dynamic place. A sandbox for this very question. 🧵
First, the premise of the question about technical leadership is wrong. "Technical" is a __meaningless term__. There are many who'd argue I'm not "technical" enough because I can't reverse-engineer in assembly. Or the fact I specialize in Windows, despite my breadth of knowledge.
Anyone speaking about technical qualifications must clarify what that means to them, because it will be different to every person in the room. A project coordinator with experience in InfoSec concepts I might call technical, even if they can't administer the basics of a system.
First, let's address arguments why technical leadership is important. Someone who delegates technical knowledge to others is exclusively at the mercy of competing performative arguments from delegates, instead of speak individually and pressing each in their uncontested forums.
Recently I had a long conversation with my VP and CISO. The VP made an adoption goal for a certain technology. Although I was agnostic, I had no problem pressing multiple extremely aggressive killing blows in presence of their boss, because I was confident they could retort them.
In fact, they addressed every problem I brought up as carefully weighed choice - and I accepted their direction. To non-technical management, this would have been a humiliating experience without attendance of opposing subject matter experts. Instead, we made direction in minutes
This thread is incomplete but I don't feel like talking more I'll resume some other time. This thread by @csoandy is good

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with SwiftOnSecurity

SwiftOnSecurity Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SwiftOnSecurity

SwiftOnSecurity Profile picture
18 Nov
This question's wording belies immense technical difference in what they want for security education, and what they are literally asking.
They are asking for the highest-level privately owned domain. Determining this is actually really complicated to authoritatively answer. 🧵👇
The domain name system is read right-to left.
three.two.one(.<start here>)

To make security decisions, you want to determine when a potentially untrustworthy individual entity starts to control the string.

google.example.com starts at example. Easy.
BUT...🚨
Just saying look at the second-level domain doesn't work because
1.) The top-level-domain could be privately owned
2.) The second-level domain may still be owned by countries, infrastructure services firms, private registrars.
For example, here's the -EFFECTIVE- TLDs for India. Image
Read 9 tweets
SwiftOnSecurity Profile picture
13 Nov
In 1988, two men sit in a room. One of them is cryptographer Bob Morris, the father of Robert Morris, who had just released the first Internet worm.

"A line had been crossed and the world we inhabited had changed."

(@johnmccumber, Assessing&Managing Security Risk in IT Systems)
Book excerpt: "In 1988, a young graduate student at Cornell University released the first destructive Internet worm. Late one night in November of that year, it crashed thousands of connected computer systems and startled computer administrators and government officials alike."🧵
"Shortly after that incident, I learned about it from my supervisor, who was also this young man’s father. As I sat with Bob Morris in his office that early morning, he motioned me to shut the door so he could try to get away with smoking in the government office building."
Read 6 tweets
SwiftOnSecurity Profile picture
8 Nov
On technical communication:
The authority of the sender and the mental capability of the recipient are irrelevant.
Communication is to achieve results. If it is not succeeding, the communication and environment should be changed until it does. Anything else is whining.
I worked in Helpdesk. I've written communications to a thousand people asking them to do something in their own interest. When that didn't happen, I sat and stewed and left them to their fate.
That also achieved nothing. Value judgements are pointless. Find out how to get results
Communication is its own form of hacking. You find out what the recipient responds to, makes time for, and then is convinced to act on.
This is often simpler and dumber and without the detail you think it expects. In fact, leaving stuff out is often critical. Find out how to win.
Read 4 tweets
SwiftOnSecurity Profile picture
3 Nov
ADEPT-LEVEL IT TROUBLESHOOTING:
In this series, I will lay concepts and processes for ascertaining technical causes of IT failures and outages.
🎖I am a Microsoft MVP in Windows management, worked 10 years in Helpdesk and System Engineering, and now work as an F500 Security IC.
⭐️LESSON 1: EXECUTION CONTEXT
You initiate a process that should work. But it seems like it can't access what it needs. For example, you make a machine login script on a network share, but logs access denied. Or, you launch a process, and the target you have access to can't open.
A critical, advanced IT troubleshooting concept is understanding _execution context_.
You see a machine with everything on one screen. Diagnostic tool or another tool should have same experience as other apps, right? If you can access file, everything else should? No.
Explained:
Read 24 tweets
SwiftOnSecurity Profile picture
2 Nov
Please note I am a real person I have met @hacks4pancakes multiple times and been to @tarah + @deviantollam's house.
Just to be clear Tarah was there I did not break in.
The emplaced gun turrets were a nice touch props to @deviantollam tho
Read 7 tweets
SwiftOnSecurity Profile picture
2 Nov
Not everything can be captured on phone cameras (40D 70-200 f/2.8) Car windshield in rain show...
Note the 40D is a DSLR from 2007, over 14 years ago.
Your prosumer camera and even lower-tier lenses were unimaginable when I was getting into photography. Image
The biggest advancement in sensors in my mind has been low-light performance. It's just unimaginable how clear night photography has become. This was as good as I could get it in 2009. (South Silicon Valley as seen from turnoff near Lick Observatory, 40D 24-105 f/4) Image
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @SwiftOnSecurity has new unrolls!

Check out other threads from @SwiftOnSecurity!

Read all threads by @SwiftOnSecurity

:(