An @RSAConference predictions thread in preparation for my attendance at #RSAC2022 next week...
At least one touched-in-the-head vendor will have swag that plugs into your USB port and will inevitably be confounded by why they get laughed at for it.
There are 470 listed sponsors for #RSAC2022, which means that there will be roughly a dozen differentiated products all told. Most will be marketing as some kind of firewall.
There will be what amounts to a Rorschach test for attendees: a bunch of vague squiggles on cards, all labeled "Zero Trust" so you can figure out what exactly that means to you.
China, Russia, Iran, North Korea, and Portugal will be listed as potential threat actors.
Portugal: "What the *HELL* are you talking about?"
Vendor: "If we didn't include you our FUD would look just like everyone else's."
A fun game to play: whenever a speaker from COMPANY starts talking, google "COMPANY data breach" and see what pops up. There's nothing like failing at security to give a company some old-time religion.
When vendors tell you how good they are both at assessing and defending against risk, note whether their booth staff are wearing masks in the midst of a pandemic.
I bet I'll be able to bait at least one vendor into agreeing with me that encryption-at-rest of S3 buckets is a Very Important Security Issue.
Collect swag. Note how it's flimsy and made by the lowest bidder. This is possibly an allegory for other things with the company's logo on it--like their products.
There's a lot of FUD that's going to be going around. Something that is absolutely not FUD: "if you roll your own protocol / encryption and aren't one of maybe four companies, you are almost certainly a dangerous lunatic."
• • •
Missing some Tweet in this thread? You can try to
force a refresh
And now, a rundown of my personal (not corporate) security posture. Let's tune in...
First, I assume you're like me: my threat model is not "the Mossad," and I talk way too much to be worth the headache of kidnapping so attackers won't bother. If that isn't true for you, make different choices.
Update everything to current. Security patches aren't for funsies or Microsoft would have animated characters introducing Patch Tuesday every month.
Today's a bit of a bittersweet day. Not because it's @Quinnypiglet's 5th birthday, not because it's also National Dinosaur Day, but because it's @NatVeisWilliams's last day here at The @DuckbillGroup.
She's been here for over a year, and as Marketing Director, was our first Marketing hire.
Think about that for a second! That's *NUTS*! Someone with a marketing background and skillset shows up to work here. A place where "spite budget" and "shitposting" exist.
This is almost certainly her first and last job where the phrase "your copy is great, but can you also make sure to call that company's leadership 'total bastards?'"
Across the street from a nexus of Amazon buildings in Seattle is a "gentleman's club" that you *know* Amazon's leadership has taken multiple stabs at getting to relocate to almost literally anywhere else.
It's called @ADevilsTriangle, and this thread is gonna upset some folks.
First off, if you're going to dunk on sex workers it's important to me that you go away. Sex work is work. Criminalization and stigma are responsible for the lion's share of issues people have with it.
Now them! @ADevilsTriangle clearly likes tweaking Amazon something fierce; otherwise they'd not run periodic advertisements like, and I swear I am not making it up, this one:
I've been experimenting a bit lately with Go, TypeScript, JavaScript, Python, and shell scripts; it occurs to me that there are two approaches to thinking about programming languages.
The first I don't care about. Yes yes, I'm sure it's type safe / has cleverness in its design / does great things with concurrency. I trust that you've successfully reinvented the for loop.
The second is the ecosystem tooling around it.
How do I set up a script / project / boilerplate and get to "writing the thing I need to build" in a straightforward way within a reasonable time?