Exactly, sir!
Let's talk a "Cybersecurity No Fly List."
Ostensibly, I placed a $500 bet with Marcus Hutchins at 2:1 w/ the payout going to charity because I'm half-confident many of you jumped to the wrong conclusion about BSides Cleveland.
Realistically, though...
Let's talk a "Cybersecurity No Fly List."
Ostensibly, I placed a $500 bet with Marcus Hutchins at 2:1 w/ the payout going to charity because I'm half-confident many of you jumped to the wrong conclusion about BSides Cleveland.
Realistically, though...
https://twitter.com/SM4Tech/status/1538689416415223808
...I placed the bet because I worry our industry will create a "Cybersecurity No Fly List" (CNFL).
We'll do it hastily. We won't think it out properly.
And then we'll have the equivalent of a U.S. "No Fly" list.
Our very own #doxx list for cybersecurity can...
We'll do it hastily. We won't think it out properly.
And then we'll have the equivalent of a U.S. "No Fly" list.
Our very own #doxx list for cybersecurity can...
...easily expand from a simple .xls of organizers / venues / speakers / attendees who ooze toxicity.
One day you look down and the CNFL says "ban anyone from Russia. Reason: CISA ThreatKB 202209110842 marked LEO-sensitive. Until: further notice."
The next day you...
One day you look down and the CNFL says "ban anyone from Russia. Reason: CISA ThreatKB 202209110842 marked LEO-sensitive. Until: further notice."
The next day you...
...look down and the CNFL says "ban Chelsey Manning from virtual & in-person appearances. Reason: U.S. State Dept. cable marked FOUO. Until: 2032-06-19."
Will our Cybersecurity No Fly List be transparent?
That's a question we'll only answer *later* -- and we might say "no."
Will our Cybersecurity No Fly List be transparent?
That's a question we'll only answer *later* -- and we might say "no."
Transparent or not, will a Cybersecurity No Fly List have a way for some people to get off it?
For example, can someone return to the dais if/when they quit working for EvilCorp? Or does guilt-by-association merit a lifetime ban?
Will the accused be able to arbitrate their...
For example, can someone return to the dais if/when they quit working for EvilCorp? Or does guilt-by-association merit a lifetime ban?
Will the accused be able to arbitrate their...
...inclusion on the Cybersecurity No Fly List? Or does it all hinge on the majority vote of an angry mob looking to mete justice *before* they know the background deets?
I'm NOT defending whats-his-name for getting tossed from DEF CON & BSides. But the question y'all...
I'm NOT defending whats-his-name for getting tossed from DEF CON & BSides. But the question y'all...
keep asking -- "why did BSides Cleveland do this?!?" -- may possibly be due to DEF CON's desire to sweep it all under a rug 🧹
Did whats-his-name go "out of sight, out of mind" for a very short while, then weasel his way into Cleveland pitching his own "surprise!" idea?
Did whats-his-name go "out of sight, out of mind" for a very short while, then weasel his way into Cleveland pitching his own "surprise!" idea?
You're probably thinking "Rob, that's absurd, it's too plausible that he has toxic friends on the inside." Yet from my perspective, you're acting on an assumption.
But okay: many of you believe this was orchestrated as "an insider attack." Why aren't you #doxxing those folks?
But okay: many of you believe this was orchestrated as "an insider attack." Why aren't you #doxxing those folks?
Do you think maybe John Strand (see tweet below) was behind it? His company was a sponsor, you know!
Maybe it was Milton Security? Or Netskope? Or perhaps it was Voodoo Brewery?
Who are these mysterious "insiders" who maliciously helped whats-his-name?
Maybe it was Milton Security? Or Netskope? Or perhaps it was Voodoo Brewery?
Who are these mysterious "insiders" who maliciously helped whats-his-name?
https://twitter.com/vmyths/status/1538255886703120386
Many of you believe the "malicious insider" was in fact one or more of the conference organizers.
So why aren't you pointing the finger at Rockie BY NAME? He *had* to know, right?!?
And how could Kathy *not* know?!?
Your "malicious insider" assumptions led me here, folks.
So why aren't you pointing the finger at Rockie BY NAME? He *had* to know, right?!?
And how could Kathy *not* know?!?
Your "malicious insider" assumptions led me here, folks.
Look, I get it: you're angry. You feel deceived. Especially those of you who attended the conference.
But from where I sit, you're doing what our industry has ALWAYS done since the 1980s:
You're jumping to conclusions based on assumptions.
Your #attribution skills suck but...
But from where I sit, you're doing what our industry has ALWAYS done since the 1980s:
You're jumping to conclusions based on assumptions.
Your #attribution skills suck but...
...they may indeed prove correct!
If so, then I'll lose $500 to Marcus Hutchins and you'll pooh-pooh me for being a legalistic #critic who protected toxic sponsors & organizers blah blah blah.
Yet your assumptions may prove WRONG. Then Hutchins will lose $1,000 and you'll...
If so, then I'll lose $500 to Marcus Hutchins and you'll pooh-pooh me for being a legalistic #critic who protected toxic sponsors & organizers blah blah blah.
Yet your assumptions may prove WRONG. Then Hutchins will lose $1,000 and you'll...
...pooh-pooh my #criticism whatever way makes your ego feel good.
Either way, I expect we'll create some sort of "Cybersecurity No Fly List" so the other BSides can protect everyone from toxicity.
But like I said: we'll do it hastily. We won't think it out properly...
Either way, I expect we'll create some sort of "Cybersecurity No Fly List" so the other BSides can protect everyone from toxicity.
But like I said: we'll do it hastily. We won't think it out properly...
...and then we'll have the equivalent of a U.S. "No Fly" list.
Our very own #doxx list for cybersecurity!
I hope you do it right.
Unfortunately, it's human nature to feel that "justice" never comes swiftly enough.
May justice prevail. I absolve anyone who unsubs / blocks me.
Our very own #doxx list for cybersecurity!
I hope you do it right.
Unfortunately, it's human nature to feel that "justice" never comes swiftly enough.
May justice prevail. I absolve anyone who unsubs / blocks me.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
