Share this page!

Corey Quinn Profile picture
Twitter logo
Mar 23 11 tweets 3 min read
And now, a live Zoom meeting where @Okta's CISO Ray Bradbury talks about the breach.
"It's an embarrassment for myself and the entire Okta team." He's so incensed that he misuses the reflexive pronoun!
Taking pains to point out that Sitel is an external contractor. "It's not entirely our fault because we outsource dealing with our customers because we don't want to do it ourselves" isn't the strong statement it was workshopped as.
He's giving a timeline breakdown now. I think he's reading from the @Cloudflare blog post.
"Lapsus$, spelled with a dollar sign thusly to signify they're all about 'dat money.' You see, the love of a ransomware gang is very different from that of a square..."
I am informed that he is David Bradbury; Ray wrote a slightly different form of fiction. The management regrets the error.
"The access a support engineer has is limited." Well that's good, since you just went to some lengths to reassure us that this support engineer is *not your employee.*
"They cannot have godlike access. They cannot access our source code repositories. They cannot publicly shit our pants, which is reserved for our public communications in the wake of this crisis."
"This will only serve to strengthen our commitment to security." You're one password that gives access to everything within a company. If that *can* be strengthened then you've failed, folks.
And with that the Zoom is over, 11 minutes after it started and I want to hire @Okta to run my meetings. Usually we're still talking about our weekends by this point. Yes, I know it's Wednesday.
And with that we go live to Blameless Twitter who will explain why nothing that happened is anyone at Okta's fault, be they engineer, CISO, or corporate comms person.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Corey Quinn

Corey Quinn Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @QuinnyPig

Corey Quinn Profile picture
Mar 24
I have some sympathy for the @okta corporate comms team. After all, the @awscloud PR playbook isn't really an option for them.

But perhaps mine will be? A thread. Image
I paid @acvisneski (my crisis comms consultant) to prepare a handbook for what to do in the event of an actual crisis. Chapter 1 may be of some interest: "Don't stick your dick in a pie." Let's read it together, much like I read my children bedtime stories. Image
And see, this is why she's the expert and not me; I've already run afoul of Step 1, "Don't refer to a crisis as sticking your dick in a pie."

Oops. So far, so good for you though. Image
Read 7 tweets
Corey Quinn Profile picture
Mar 23
Okay Twitter make me regret this Image
Okay, that's impressive.
I want this as a poster.

Read 5 tweets
Corey Quinn Profile picture
Mar 23
Uhhhhh was I too credulous earlier?
"We knew we were breached back in January but didn't think to check what the attacker may have done with that access" is how I read this. And reader, this is not a good interpretation.
How is it that I, a Cloud Economist whose secrets are arguably some of the most boring in the world, have a better comms plan in the event of breach than a bona fide security company?
Read 6 tweets
Corey Quinn Profile picture
Mar 23
The three hard problems in computer science are "cache invalidation," "naming," and "picking a cloud provider if you're @BMWGroup."
I mean, it's nothing short of breathtaking. We've got @awscloud, @azure, @googlecloud, @tencentcloud, @alibaba_cloud, @HPE, and @IBMcloud so far.
I mean, when's the last time you saw *that many* tags in a single tweet that wasn't shilling cryptocurrency?
Read 5 tweets
Corey Quinn Profile picture
Mar 16
Honestly, @awscloud giving self-taught learners free sandbox AWS accounts that are heavily restricted is a great thing for most people.

In my case it's like strapping raw meat to your chest right before you climb into the zoo enclosure to fuck around with the tigers.
Don't worry, if I run the AWS training and certification team's AWS bill into the stratosphere they can either ask for a concession from @awssupport or else engage The @DuckbillGroup for help!
"You know we monitor these for misuse, right?"

"Your version of 'misuse' is calibrated towards 'I use the account to mine cryptocurrency,' not 'I'm gaining nothing, but running up the AWS billing score.'"

"...I have to go make a phone call."
Read 4 tweets
Corey Quinn Profile picture
Mar 15
I'm tempted to do a Twitch livestream or something, but I feel old so instead this may be a very sad Twitter thread...
"Welcome to the island" says AWS Mustache. "On behalf of @awscloud, I mustache what you're doing here."
"As a new member of our IT staff, we invite you to do a speedrun through getting fired for making changes without management approval."
Read 38 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @QuinnyPig has new unrolls!

Check out other threads from @QuinnyPig!

Read all threads by @QuinnyPig

:(