Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Wim Remes TR Profile picture
@wimremes
Oct 14, 2022 7 tweets 2 min read Read on X
So here's a summary of what ISC2 is changing in its Bylaws and why you should vote NO in the upcoming Bylaws vote. Hold on to your wigs:
1/ The board will no longer have elections. Instead they will propose a slate of candidates equal to the number of open seats. They still call it an election, but it is officially a coronation. #VoteNo
2/ The board drops the Ethics Committee as a standing committee of the board. Rumor has it that the board will offload Ethics to management. I can't summarize how bad this is. #VoteNo
3/ The board is increasing the number of endorsements needed for a petition from 500 to 1% of the membership. It's already impossible to get to 500. It's unthinkable anybody would make it to 1600-2000. #VoteNo
4/ There are a lot of other small tweaks and changes that are detrimental to the association and the profession. I don't want to bore you all but if you're still a member of ISC2, this is your cue to #VoteNo
5/ It looks like this will be one vote for all changes. Not a vote per change. Given the three items listed here, there is no reason to vote yes.
6/ They’re making the chair an officer of the company. that gives them all rights to act individually in the name of the company. Imagine someone with a 4 year tenure allowed to make any and all decisions for almost 200.000 members. It’s redonkulous.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Wim Remes TR

Wim Remes TR Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @wimremes

Wim Remes TR Profile picture
Oct 14, 2022
For those who think I'm too hung up over ISC2. I don't care about the org, or the people currently leading it. I care about our profession (information security), and about my fellow professionals. There are people all over the world that invested their time ...
and effort into ISC2, to be recognized as a professional in our field. In many geographies, this meant not doing other things with their money. That was a serious investment. In and around DC alone, 60-70k people depend ...
on their cert for employment. Is that right? No. But it is still the case. As long as I am a member, and thus a fellow professional, to these people, I will do everything I can to stop the stupidity the ISC2 board and management are doing.
Read 4 tweets
Wim Remes TR Profile picture
Mar 22, 2022
I have no opinion about the veracity of LAPSUS claims but I feel I need to reiterate the importance of communication during breaches, large and small.
As a vendor, your most important asset is not tangible. It is your customers’ trust. You can try to rank your customers by revenue, by size, by any metric you desire but as a SaaS provider, you’re a black box. The only thing that really matters is maintaining trust.
Herein lies an opportunity though…you can leverage small incidents to hone your communication skills. Unfortunately the perception is that this is bad. Why?
Read 12 tweets
Wim Remes TR Profile picture
Jun 16, 2021
You should change the way you buy pentests. A thread.

Your adversary has time, and resources. Your pentest gives you limited time, and 1-2 people (with overlapping skill sets) at best.
Now let's look where your pentest team spends their time, primarily.
1) Building tradecraft. This is not done during the engagement but it is something that adds to the cost of your engagement.
2) (Assuming a black box scenario) reconnaissance and intel gathering.
1 is a given. A default question for your vendor should be how much time their teams spend, on average, building tradecraft. 2 is why your pentest isn't an adversary simulation.
Read 6 tweets
Wim Remes TR Profile picture
Jun 16, 2020
We always say that the most important part of delivering security services is reporting. I agree. If you can't get your message across, the value of your service drops immensely. A thread.
(1) In essence, you're telling a story. Your report has a beginning, a middle, and an end. Let's call it the exec summary, the findings, and the conclusions. Pro-tip 1 : don't lose that structure. Stick to it like glue. Anything that doesn't fit in "the story" -> appendix.
(2) Exec Summary : target audience = non technical. They likely won't read the rest of the report. Be succinct, be direct, be authorative. (Give kudos where kudos are due). Use graphs, but ask yourself if your audience can "get them" at a glance.
Read 14 tweets
Wim Remes TR Profile picture
Dec 16, 2019
Once upon a time I found myself in a London pub with a good friend of mine. Assisted by a steady flow of beer, we discussed our profession : "infosec". Now I must add that this friend is also incredibly smart, and a great person too.
They're also amazingly versatile. Apart from being a great hacker and researcher, they were also a magician, and well acquainted with the circus community. I'm drawing from memory here and I'm not as smart, great, or versatile but bear with me.
It was there and then that my friend drew the parallel between infosec and circus. Some of you may laugh, but it makes sense. Imagine you're a new person on the trapeze. It's freaking scary right, why would you?
Read 10 tweets
Wim Remes TR Profile picture
Sep 13, 2019
Let me explore this without joking. Ending up in jail is no fun, after all. theregister.co.uk/2019/09/13/pen…
(1) We all like to joke around "scope" all the time. Red teamers hate "scoped" engagements. This is *exactly* why you need a CLEAR scope for your engagements. If this existed, the guys would already be free.
(2) We can joke about the client not understanding. That's not their fault. If the client had known/understood, these guys would not be in jail.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(