Attention people building #authentication mechanisms for web sites and apps! Numeric verification codes sent via text or email are not actually a context in which bigger is better! 6 digits is enough. More than 6 is bad #UX, because the average person can remember 6 for long enough to get them from the message to the app, but more than that is hard for many. There's a lot of research on this. Go look it up and stop using codes longer than 6 digits. #infosec #AppDev #WebDev #SecurityEngineering
#authentication #ux #infosec #appdev #webdev #securityengineering
🔥⏲️ Fudge Sunday "Shock the Chaos Monkey" A look at chaos engineering adoption within platform engineering teams
#chaos #chaosengineering #faulttolerance #faultfinding #faultinjection #securityengineering #dataops #dataoperations #ai #resiliency #devx #devops #devsecops #platformengineering #platformengineer #cloudinfrastructure #securityautomation #securitybydesign #shiftleft #shiftup #newsletter #newsletters
#chaos #chaosengineering #faulttolerance #faultfinding #faultinjection #securityengineering #dataops #dataoperations #ai #resiliency #devx #devops #devsecops #platformengineering #platformengineer #cloudinfrastructure #securityautomation #securitybydesign #shiftleft #shiftup #newsletter #newsletters
ICYMI.
Loved doing this episode of Business, Brains, and the Bottom Line with Paul Di Liegro!
I share my not-so-straight-forward journey in tech, talk transition from customer to vendor life, and chat about how it's all come together.
https://www.prescriptive.solutions/podcast/ep-66-the-fortinet-files-amy-arnold/
#neteng #securityengineering #womenintech
I am so excited this came in the mail today :D
#securityengineering #security
Today, I actually got to do security work again. And it was meaningful. And it enabled the business. And it built relationships. And it made me feel like my work meant something again.
:catjam:
#infoSec #security #engineering #securityengineering also, shout out to @tbaraki for his great work this week
#infosec #security #engineering #securityengineering
Kotaku: The No-Fly List Has Been Leaked, TSA Investigating 'Cybersecurity Incident' https://kotaku.com/tsa-no-fly-list-leak-hack-hacked-pokemon-terrorist-1850017149 #gaming #tech #kotaku #transportationsecurityadministration #computernetworksecurity #securityengineering #nationalsecurity #computersecurity #crimeprevention #cyberwarfare #prevention #cybercrime #commuteair #noflylist #erikkane #security #crimew #shodan
#Gaming #Tech #kotaku #transportationsecurityadministration #computernetworksecurity #securityengineering #nationalsecurity #computersecurity #crimeprevention #cyberwarfare #prevention #Cybercrime #commuteair #noflylist #erikkane #security #crimew #shodan
If you (or someone who you know) wants to do a Security internship at
@google
Zurich, the application form is now up (hurry up, they are not up for that long): https://careers.google.com/jobs/results/139765941031314118-security-engineer-intern-2023/
Interns at Google Security work on real cool stuff, so I highly recommend it. Hit me up if you have any questions. #intern #security #google #fun #securityengineering
#intern #security #google #fun #securityengineering
Thoughts about #Detection Engineering
#infosec #securityengineering #blueteam #threatdetection
https://micahbabinski.medium.com/catching-a-wev-tutil-threat-detection-for-the-rest-of-us-f692f01efcd4
#detection #infosec #securityengineering #blueteam #threatdetection
Thoughts@about #Detection Engineering
#infosec #securityengineering #blueteam #threatdetection
https://micahbabinski.medium.com/catching-a-wev-tutil-threat-detection-for-the-rest-of-us-f692f01efcd4
#detection #infosec #securityengineering #blueteam #threatdetection
Introduction
Redoing my #introduction as it was a bit of a sparse one when I joined 2 weeks ago.
I am a lifelong #technology enthusiast, having worked in Financial Services IT for more than 25 years, across multiple disciplines including:
* #Unisys #MCP-based #mainframe platforms (A17/A19/HMP NX 6800/Libra 180/Libra 6xx/Libra 890)
* #EMC #Symmetrix storage arrays (DMX 3/4 and most recently VMAX) including experience of #SRDF(S), SRDF(A), BCV
* #WindowsServer (2000 through 2019) including #ActiveDirectory
* Various #Linux/ #Unix OSes (#HPUX/ #RHEL/ #Centos/ #Ubuntu/ #Raspbian) including experience of #GFS/#GFS2 SAN storage clustering
* Virtual Tape Server technology (B&L/Crossroads/ETI Net SPHiNX, #TSM)
* Automation/Scripting (#PowerShell, #NT #Batch, #DOS, #Bash, #OPAL)
* #Security (#PrivilegedAccessManagement, #LeastPrivilege, #IAM, #Firewalls, #EDR)
* #BusinessContinuity/#DisasterRecovery (Design/Implementation/Operations)
I’m focused on learning and getting hands-on with #RaspberryPi at home and #cloud computing solutions both at work and at home.
I moved into a #SecurityEngineering role in 2020, so a lot of my focus is now more security focussed across all tech stacks.
My main focus at present when it comes to cloud is predominately #Microsoft #Azure, with Google and AWS of interest also, as well as other cloud infrastructure services such as those provided by CloudFlare, though I’m planning a move away from them due to their moral/ethical choices.
Away from work and tech, I love to #travel the world with my wife and enjoy very amateur #photography to record our adventures.
I also love most genres of #music, live in concert when I can, with a particular love of #Rock/ #Metal and also #Trance (coincidentally, given the profession of a somewhat more well known namesake of mine!).
#introduction #technology #unisys #mcp #mainframe #emc #symmetrix #srdf #windowsserver #activedirectory #linux #hpux #gfs #powershell #nt #batch #dos #bash #opal #security #privilegedaccessmanagement #LeastPrivilege #iam #firewalls #edr #businesscontinuity #raspberrypi #cloud #securityengineering #microsoft #azure #travel #photography #music #rock #trance #unix #rhel #centos #ubuntu #raspbian #tsm #metal
Working today on a tool review my team completed. At what point does the complexity of a security took overcome its value? Ignoring price and labor for the moment; I’m not a huge fan of generic 80/20 style rules. I’d rather use specific and actionable criteria. More work to do on my part. #securityengineering
New Report on IoT Security https://www.schneier.com/blog/archives/2022/09/new-report-on-iot-security.html #securityengineering #InternetofThings #Uncategorized #cybersecurity #reports
#securityengineering #internetofthings #Uncategorized #cybersecurity #reports
Prompt Injection/Extraction Attacks against AI Systems https://www.schneier.com/blog/archives/2022/09/prompt-injection-extraction-attacks-against-ai-systems.html #artificialintelligence #securityengineering #Uncategorized #cyberattack
#artificialintelligence #securityengineering #Uncategorized #cyberattack
Manipulating Machine-Learning Systems through the Order of the Training Data https://www.schneier.com/blog/archives/2022/05/manipulating-machine-learning-systems-through-the-order-of-the-training-data.html #securityengineering #machinelearning #academicpapers #Uncategorized
#securityengineering #machinelearning #academicpapers #Uncategorized
Hiding Vulnerabilities in Source Code https://www.schneier.com/blog/archives/2021/11/hiding-vulnerabilities-in-source-code.html #securityengineering #operatingsystems #vulnerabilities #academicpapers #Uncategorized #steganography #usability
#securityengineering #operatingsystems #vulnerabilities #academicpapers #Uncategorized #steganography #usability
Open Source Does Not Equal Secure https://www.schneier.com/blog/archives/2020/12/open-source-does-not-equal-secure.html #securityengineering #Uncategorized #cybersecurity #opensource
#securityengineering #Uncategorized #cybersecurity #opensource
New Privacy Features in iOS 14 https://www.schneier.com/blog/archives/2020/10/new-privacy-features-in-ios-14.html #securityengineering #Uncategorized #privacy #Apple #iOS
#securityengineering #Uncategorized #privacy #apple #ios
Privacy Analysis of Ambient Light Sensors https://www.schneier.com/blog/archives/2020/09/privacy-analysis-of-ambient-light-sensors.html #securityengineering #academicpapers #Uncategorized #privacy #risks
#securityengineering #academicpapers #Uncategorized #privacy #risks
The Third Edition of Ross Anderson’s Security Engineering https://www.schneier.com/blog/archives/2020/09/the_third_editi.html #securityengineering #Uncategorized #books
#securityengineering #Uncategorized #books
IoT Security Principles https://www.schneier.com/blog/archives/2020/07/iot_security_pr.html #securityengineering #internetofthings #cybersecurity
#securityengineering #internetofthings #cybersecurity