Mr.Trunk · @mrtrunk
12 followers · 19496 posts · Server dromedary.seedoubleyou.me
Mr.Trunk · @mrtrunk
12 followers · 19394 posts · Server dromedary.seedoubleyou.me
Mr.Trunk · @mrtrunk
9 followers · 15933 posts · Server dromedary.seedoubleyou.me

SecurityWeek: US Government Publishes Guidance on Migrating to Post-Quantum Cryptography securityweek.com/us-government &Strategy

#securityarchitecture #management

Last updated 1 year ago

Mr.Trunk · @mrtrunk
4 followers · 5151 posts · Server dromedary.seedoubleyou.me
Mr.Trunk · @mrtrunk
4 followers · 5049 posts · Server dromedary.seedoubleyou.me
VentureBeat :press: · @VentureBeat
63 followers · 56 posts · Server press.coop

Understaffed security teams are facing increasing pressure to do more with less. Here's how adopting a multilayered is the -proof approach to weathering the storms of today and tomorrow: venturebeat.com/security/for-r

#securityarchitecture #recession #cybersecurity #press

Last updated 1 year ago

Nate · @nolsen311
32 followers · 182 posts · Server infosec.exchange

Vendor management is operations for security architects.

#infosec #securityarchitecture #vendormanagement

Last updated 1 year ago

Josh M | Wham · @Wham
51 followers · 32 posts · Server infosec.exchange

One of the most accurate large enterprise architecture diagram sets I’ve seen .

Artist: @manu

#securityarchitecture

Last updated 2 years ago

Teri Radichel · @teriradichel
651 followers · 126 posts · Server infosec.exchange

Would You Accept an Inconvenience To Prevent a Data Breach?

Addressing the rise in credential and session compromise
~~~~~~
by Teri Radichel | Jan, 2023

medium.com/cloud-security/woul

#cloudsecurity #iam #mfa #separationofduties #securityarchitecture #circleci #oktapus

Last updated 2 years ago

Ryan Victory · @beerandraptors
1 followers · 1 posts · Server infosec.exchange

Make it easier to find malware targeting your users: If you’re designing (or redesigning) your web presence and it includes login or authentication functionality of some sort, consider making your authentication cookie names unique to your system.

For example, instead of calling your authentication cookie “auth” or “session,” maybe call it “blue_tiger_cub” (completely contrived example). Now, if you’re hunting for credtheft or infostealing malware targeting your brand, your searches just got a whole lot more targeted.

This does have me thinking though…could you rotate the authentication cookie name on a regular basis?

Or maybe we could just move away from cookies for session management and use an extended version of something like to sign every single request, but I digress…

#webauthn #malware #webauthentication #cookies #securityarchitecture #threathunting #yara

Last updated 2 years ago

Ryan Victory · @beerandraptors
1 followers · 1 posts · Server infosec.exchange

Make it easier to find malware targeting your users: If you’re designing (or redesigning) your web presence and it includes login or authentication functionality of some sort, consider making your authentication cookie names unique to your system.
For example, instead of calling your authentication cookie “auth” or “session,” maybe call it “blue_tiger_cub” (completely contrived example). Now, if you’re hunting for credtheft or infostealing malware targeting your brand, your searches just got a whole lot more targeted.
This does have me thinking though…could you rotate the authentication cookie name on a regular basis?
Or maybe we could just move away from cookies for session management and use an extended version of something like to sign every single request, but I digress…

#webauthn #malware #webauthentication #cookies #securityarchitecture #threathunting #yara

Last updated 2 years ago

I spent waaaay too much time creating secure administrative scheduled tasks in . So I made a blog post to walk others through the process. Check it out!

cybergladius.com/secure-window

Also, doing the same thing in Linux is so much easier! ugh... Windows...

#windows #windowssecurity #securityarchitecture #cybersecurity

Last updated 2 years ago

Justin Pagano · @p4gs
29 followers · 101 posts · Server infosec.exchange

In light of the recent breaches of LastPass’ infrastructure systems, I've been thinking:

What would happen if the data in my password manager were successfully breached?

And what can I do right now to reduce the impact of such a breach?

If you've ever wondered the same thing but have never come across a satisfying answer, well, do I have some Thought Leadership™ for you!

justinpagano.substack.com/p/pr

#passwordsecurity #passwordmanager #passwordvault #lastpass #1password #bitwarden #authy #yubikey #Passkey #yubico #mfa #2fa #multifactorauthentication #twofactorauthentication #securityarchitecture

Last updated 2 years ago

Eleanor Saitta · @dymaxion
636 followers · 30 posts · Server infosec.exchange

A few :

I run Systems Structure Ltd., a US consultancy that provides fractional CISO services for pre-A to post-C round , along with training and reviews.

I've been working in since 2003 and did a spell in NGOland from ~2011 to 2016, working with NGOs and news organizations targeted by states and on tools they use, including the messaging app. The field work I did then fundamentally reshaped my approach to security, and I recommend that everyone in the field learn about the reality of being a high-risk user.

I live in the days, although in the before times (and hopefully soon again) I spent a fair bit of time in and . I run a performance space out of my home, along with my partner, called The Attic (@theatticfi on insta), where we make space for , , , and music, along other things. Before I moved here, I spent six or so years traveling full time.

I have written various essays over the years, which you can see on dymaxion.org, and I'm slowly writing a book. While security pays the bills, I spend a lot of my time thinking about , and in particular how the human and technical bits mesh, how they fail, and how to redesign them to fail better. In practice, this has meant everything from consulting on a constitution to thinking about what comes after the apocalypse. The "recruiting barbarians" in my bio refers to being more comfortable outside of institutions, but I'm starting to think more about community and infrastructure building now that I live somewhere.

I'm also an ; I paint and am slowly learning my way around a , and I've been accused of being an . I'm active in the scene, where we take larp serious as a dramatic form and do everything from a reworking of Hamlet played at the actual Elsinore castle to a larp about the early days of the HIV crisis. I'm primarily a theorist and critic there, as well as player, and I've edited two books and written a number of essays. Nordic larp has the best toolkit I've seen anywhere for analyzing the human parts of complex systems and especially for building new systems; it's heavily influenced my security work, along with my thinking.

#introductions #startups #threatmodeling #securityarchitecture #security #briar #helsinki #nyc #london #queer #drag #burlesque #performanceart #complexsystems #climate #artist #synthesizer #architect #nordiclarp #designfutures

Last updated 2 years ago

Chris Clarksjon · @ClarksonCJ
0 followers · 1 posts · Server infosec.exchange
Chris Clarksjon · @ClarksonCJ
64 followers · 5 posts · Server infosec.exchange
Paul Reynolds :verified: · @ren
64 followers · 10 posts · Server infosec.exchange

Having learned are a thing, here goes.

I've worked in tech for >25 years, starting in support and writing apps amd basic games on my.own time.

A fairly winding road took me through systems engineering, technical architecture, solution architecture,. enterprise architecture and now cybersecurity consultanccy and architecture.

I write books on cloud computing, content for security websites, and.spend my days offering security consultancy to those needing it. I'm pretty heavily into and and in my spare time I'm a Trustworthy AI Researcher.

Also a married father of three, a pretty tidy guitar player, an enthusiastic gamer (halo), and a shitty but enthusiastic skateboarder.

Good to meet you 🍺

#introductions #azure #aws #networksecurity #govtech #fintech #healthtech #saas #introduction #securityArchitect #securityarchitecture #securityconsultant #CyberWriter

Last updated 2 years ago

CyberEd :verified: · @ebcovert3
221 followers · 371 posts · Server infosec.exchange
ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online

Time to secure hybrid work for 2022, not 2002 - By Nick Biasini, with contributions from Vitor Ventura.

The cyber world today is chaotic... blog.talosintelligence.com/202

#security #hybridwork #ciscotalos #securityarchitecture

Last updated 3 years ago