OK I said I wasn't going to do this but I guess I am, so here goes and if I left you off, I'm sorry, please know I love you and it was just an omission. Some amazing women doing amazing things that I want to recognize on #IWD2022. A ๐งต
@DeweyRitten my partner, pushing me to learn and grow, and conquer @LilMzMuffinCup amazing woman who inspires me @virulentvalor proving every day what force she is @invertedgeek an honor to watch your career launch @gabsmashh the most intelligent human I know
@CISAJen overcoming BS to make CISA great @BentleyAudrey beautiful woman whose always got my back @aprilwright another amazingly talented and intelligent friend @shehackspurple my appsec buddy doing amazing work to help others @ki_twyce_ a constant source of inspiration
@notshenetworks amazing content, amazing trolling, amazing human @B3dwin inspiring me to do more and be more @IssaUrbanGirl fellow BISO just crushing it @jessrobin96 truly inspiring leadership @investigatorchi an incredible human that makes me think differently
@d0rkph0enix always making me laugh @k3r3n3 I've always admired her work @k8em0 leading the charge for equity and fairness @Krenner a dear friend I'm so lucky to have in my life @EvieAlways a dear dear friend and total fucking badass
@dianemariedev an infosec n00b headed for amazing things @Ell_o_Punk have you met her? She's incredible!!! @julesmgmt power personified in an infosec leader @snubs intelligent, fun, beauty, great content, literally the complete package @1dark0ne incredible artist and friend
@LisaForteUK inspiration and just total badassery @aloria fucking badass in all ways imaginable @Fox0x01 hacking the shit our of ARM and just an incredible woman! @CircuitSwan sparkly, glittery, and a little dark all at once!! @dnsprincess one of the most genuine people I know
@shewhohacks beautiful inside and out and doing amazing work @MaggieFero dear friend who always brightens my day @zbraiterman another partner in appsec doing great work with OWASP @Coleens_ one of my favorite people in all the world @lil_lost simply fabulous and a dear friend
OK I could go on but I have to finish dinner. I know I missed literally more than I listed of all the incredible women I'm so fortunate to call friends. But they're out there, find them, see them, and work with them!! You'll be better for it.
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
Let me explain something. Cybe_rpunkfixer (subject of the original thread) attacked @gabsmashh, Ian Coldwater, myself and numerous other women. So calling me a troll and us a "mob" is an attack on us and a defense of an epic misogynist.
Cybe_rpunkfixer has been banned under multiple accounts, for his harassment. Jonathan defends him as a victim. Jonathan still, inconceivably, has an audience that are unaware of how phony and toxic he is. So calling it out, I hope helps them to see that so they don't
2/
get sucked in and taken advantage of by a known bad actor in our midst. So instead of saying ignore him and he'll go away, understand he hasn't gone away. He's carefully groomed an audience, duped many (including mainstream media) and is doing active damage to
3/
No joke I still remember the exact details. That was the day I started my first salaried job as a programmer. I had no degree (I was enrolled in a Computer Science program at Marquette University), no real documented dev experience.
/1
All of what I knew of programming was self-taught and a little theory from my course work that I had only just begun that semester. BASIC, Visual C++, and a little bit of VB.
I got hired to write code for a home banking and billpay application. It was the dot com era.
/2
Programmers were in high demand. The company that hired me provided banking software as a service (we called it a service bureau back then) to banks across the country. Consumers nationwide relied on the systems I maintained to manage their accounts and to pay their bills.
/3
I don't come from money. Growing up, we weren't poor, but near the bottom of the 80's middle class. I always dreamed of being in a better financial position than my parents, but swore I wouldn't forget where I came from.
1/
My first child (of 3) came when I was 17. Married at 21, I lived through nearly two decades of overdrawn bank accounts, maxed out credit cards, collection calls and threats of lawsuits.
Ultimately, we were fortunate. Never had a night where I couldn't scrounge
2/
something together for dinner. I have my family to thank for much of that.
So why I am I giving you this walk through Alyssa's past? Well because now in my 40's I'm in a position that I dreamed of as a child. Financially, while not rich by today's standards, I am in
3/
Christmas more than NYE for me is the time I look back.
I remember so clearly the day I took the red pill. While I knew it'd change my life, many of the changes came in ways I'd have never imagined. So many good things happened this year for me as a result of that day.
1/
I have learned to be authentic in ways I never was before.
That authenticity has allowed me to connect with people in ways I never did before.
Those connections have enabled me to climb mountains in my career and personal life faster than ever before.
2/
Summiting those mountains has given me confidence like never before.
Each climb has brought new amazing people into my life who I love and rely on for support in ways I never could before.
Sure, lots of crappy things happened to me since taking the red pill too.
3/
I certainly believe while we have moved past the tip of the iceberg, we're nowhere done with #log4j and it's issues. EVERYONE is now looking at this package and finding new variants and even new vulns. Don't expect to sleep anytime soon my dear #infosec fam.
1/
That said, remember there are likely malicious actors out there looking for the next thing already. With log4j burnt and orgs rapidly applying mitigations and fixes, what next? Where do we find the next widely used package with significant vulnerabilities like this?
2/
With that in mind, please drop the adversarial bullshit. I've seen devs abdicating all responsibility for the maintainers. I've seen security folks hating on devs. The mistakes made that led to this vuln. are laughably easy (to us as #infosec professionals).
3/
Hey #infosec peeps, many of us are tired, frustrated, and exasperated by #Log4Shell.
That said, how about we not blast developers en-masse or even within OSS or even within the Log4j project. Let's remember we have culpability here as well.
1/
We did nothing with a warning that was given to us in 2016 at BlackHat. Not one detection rule or scanner policy was created.
Despite extensive OSS security research done by orgs and academia, we failed to find this vuln in probably the single most popular Java package.
2/
How many of us are scrambling now because basic security controls (WAF's, Outbound connectivity lockdowns, etc.) that could have limited/prevented exploit of this vulnerability don't exist in our environments?
3/