Christopher Crowley

The 2025 SOC Survey is now live. Please retweet and share. If you work in a SOC or something that vaguely resembles a SOC, please take it. Finally, please take the whole thing to demonstrate the value of longer surveys. You can pause and return. survey.sans.org/jfe/form/SV_8o…

@MalwareJake Looking good, Jake! Enjoy

Mountain coaster time in Helen, GA.

@HackingLZ Hell yeah. Defenses are genuinely working! There is still a universe of exploitable systems, though. Lots left to do. Some of it is easy, most of it is hard.

InfoSec had the same COVID era overhiring problem as the rest of tech especially entry level OffSec. The job getting harder isn’t gatekeeping, it means defenses are working and the work demands real R&D. Meanwhile, vuln assessments and low-level pentesting are exactly the kind of work automation and agents are designed for.

40% of SOCs use AI without defining where it belongs operationally. 42% run it out of the box with no customization. That’s why so many teams feel stuck. In this @TheHackersNews piece, SANS senior instructor Christopher Crowley (@CCrowMontance) explains where AI helps, where it doesn’t, and why discipline matters more than tooling: thehackernews.com/2025/12/how-to…

People are the best investment in security. Tools break. Systems fail. Skilled teams carry you through. Join @CCrowMontance at #SANSSurge, Feb 23–28 in La Jolla, CA. Build the stamina to lead when the ground shifts. Register: go.sans.org/ykwPJ9 #SANSLiveTraining

Exploitation required ... custom Deflate compressor, tailored Huffman codes ... output restricted to valid modified UTF-8 bytes (0x01-0x7F) while remaining incompressible by zlib, enabling the payload to survive a double-compression pipeline intact. slcyber.io/research-cente…

@cyber_rekk Yes & no. Lots of cyber security jobs can be done by AI/ML. But, there is not enough human attention deployed to cyber security currently. I see a net stable count, with substantial reskilling requirement to stay in cyber. ( soc-survey.com for published details )

Do you genuinely think that AI will take Cybersecurity Jobs Let's have this genuine discussion?

Hacker Feud with @edskoudis

r u @ #WWHF #MileHigh?

Hello, World! @SANSInstitute #SEC595 #CDI #AI #ML #TensorFlow #Cybersecurity

Congratulations @CorelliumHQ and @Cellebrite @CellebriteLabs

@vxunderground Nobody needs to do anything. I was sitting at a vendor event at a big conference a few years ago talking with one of their employees having a great time. The marketing manager came over and told us we needed to circulate with the guests because that's what we were there for. lulz

I guess being a stinky nerd isn't approachable to other companies that want cybersecurity stuff. I get it. But, I don't know bro, you gotta loosen up a little

There is a huge disconnect between the suits that run information security places and have money versus the nerds that are employed there Over the years I've had a few cybersecurity companies approach me and discuss potential collaboration. Each time it was super PG, watered down, boring, and generic. They were extremely concerned over my behavioral mannerisms, the ideas I recommended, etc. because they were not "brand safe". In other words, it was too nerdy schizo and not B2B sales fluff junk I get it, the suits want money, or whatever. But dawg, if you want to actually communicate and reach out to nerds and be approachable, you cannot sound like a fucking infomercial. You have to be an actual human being and actually give a fuck about shit. As an example, one time a vendor wanted to do a collaboration and sponsor a vx-underground merchandise giveaway. The idea was quickly shutdown when they realized the vx-underground 5 year anniversary swag had a pixelated woman with her breasts slightly exposed which displayed a pixelated nipple. The attached image is the image they were concerned about. They were afraid it was too pornographic.

Are you an AI/ML user, shaper, or builder? For the builders looking for #CyberSecurity applicability, or those in cyber looking to go deep into ML models, join me for @SANSInstitute #SEC595 sans.org/order-redirect…

@vxunderground How about agreeing to take money and do a comparative analysis? They pay for your time and to produce a paper. They can choose to publish or not. I have done several product analysis projects the vendor chose not to publish. 🤷🙊 But I got paid.

A large VPN provider reached out to me. They were wanting to do some stuff together to reach the cybersecurity audience, or something. The primary reason I don't do ads, while I very much enjoy having money, is because I can't in good faith recommend a product to my audience which I cannot in totality stand behind. vx-underground's success is partially due to transparency, honesty, admitting mistakes, and willingness to accept fault and/or responsibility. I believe there is a shift in the VPN-sphere whereas some providers are trying to capture a more cybersecurity attentive audience. That's cool. Do your thing homie. I understand the VPN business is rough and your company is always on the grind to make money. No hate. However, I can't deceive my audience because they're the only reason I have success Thank you for the love and support despite my many (MANY) faults, mistakes, typos, repetitive corrections and updates, unnecessarily crass tone when writing, failed and/or abandoned vx-underground experiments, etc. I have no idea what the fuck I'm doing and why so many people follow this account. But we're riding this bitch, dawg Ride and die malware ✊(I'm scared and confused)

Good morning #LightningStrikes

Lovely rooftop morning coffee setup ar @SANSInstitute #SanDiego for #SEC595

AI is going to deprecate those who don't adapt. In response to this morning 's message from Bloomberg:

sans.org/cyber-security… SANS #SEC595 is what I am teaching a lot currently. See you in Paris, Singapore, San Diego, or Dallas.

dodcio.defense.gov/CMMC/ #USDOD relevant contracts

Repost from the survey. Get the full report, review the recorded event, and download the raw response set for analysis here: soc-survey.com SANS 2025 SOC Survey Exposes Critical Gaps and What Top Teams Are Doing Right albawaba.com/business/pr/sa…

Dear @Google - just last year, Gmail seamlessly updated my Google calendar with items from email. Now, ten prompts later with Gemini, I still don't have correct calendar entries. Much worse. That's the only way to describe it. Fix it, or revert it to the working assistant.