A lot of talk about threat modeling lately. Let me give you some idea of why I hate it and think threat modeling is bullshit. I'll also tell you what I think is better. I'm going to use $BIGCO as my example. Here's a long thread. #infosec#blueteam#malware#skincare
ππ§΅
First, you constantly hear the snarky refrain "my threat model is not your threat model" from people trying to sound important. They don't have a "threat model". They have a superiority complex in their head about potential "threats" π It's silly. Show me your threat model. ππ§΅
Aug 19, 2022 β’ 8 tweets β’ 3 min read
The day after I got back from DEFCON, my dad texted me and said βIβm driving up tomorrowβ. He lives in Florida. This is what he has been up to. Prepare yourself for the most dad thread you have ever seen. ππͺ£β οΈππ
He got here and within about 20 minutes he went to work. He randomly asked me to bring him a bucket. πͺ£ π
Apr 29, 2022 β’ 10 tweets β’ 2 min read
It's friday. Here is a 𧡠on communication choices that I think have paid off for me. 1/β π
I avoid saying "yeah" when asked a question. I try to say "yes" and another affirmative statement. "Yes, definitely!" "Yes, I think so" "Yes, let's do it" "Yes, that's right" "Yes, I want to" and the old Office favorite "Yes, absolutely I do" π
