👩🏽‍💻

If you need me, I’ll be over here smelling these flowers 💐 😊 Here’s to Rwanda’s mark in the building of international consensus on effective approaches to information and computer security 👌🏽🇷🇼

Easy like Sunday morning 🌞

Sometimes when someone says, “Go big or go home.”, it’s kind of nice to just go home 😁 But sometimes, choosing to go big may turn out to be the best decision of your life 😊 Here’s to chances that first scare the hell out of you 😁

This tshirt I made for Symantec Vulnerability Research, a program predating Google Project Zero by nearly a decade where we’d discover, report, & disclose vulnerabilities we found in other people’s software, is 20 years old. Still holds true: Don’t hate the Finder, hate the vuln

This lady I saw on IG said her mom told her she could be anything she wanted to be as long as she was outrageous. Imma take that as an instruction 💅🏽

🎶 I could watch you for a lifetime 🎵 You’re my favorite movie 🎶 ❤️

"So you're a software company" "That's right Dave" "and you spent $500 million on AI tokens in a month?" "Yep" "and you're using AI to...replace employees?" "that's right" "that's more than your entire annual SG&A, isn't it?" "uhuh."

There was a time when researchers and infosec folks were nicer to Microsoft than they should have been, mostly hoping it would land them a job. That era is pretty much over. Now we're watching the same dynamic play out with the frontier AI labs.

okay, now tell them that their vulnerability doesn't qualify for a bounty, but then patch it in the next release.

Few things unite the security community more than collectively dragging MSRC.

I might be out of touch here.. but requiring 5+ years experience on specific applications seems unnecessary. Give me a week and I’ll be up to speed. I don’t think anyone needs that much experience to be effective

I've been monitoring the situation since before you were born

And that cybersecurity budget? You’re gonna double it.

If you can take advantage of hype around AI use by attackers to drive better support for doing security things you would want to be doing anyway, more power to you. Don't waste a crisis, whether real, imagined, or somewhere in between.

With as much detail as I can share, from top down we are taking Mythos/AI acceleration of cyber threats seriously — by doubling-down on security fundamentals. Sandbagging attack paths using considerable levers of control we already have, w/ AI as our business justification.

🤣

I think AI coding hype follows roughly four stages: 1. Amazement You try it and can’t believe how much code it generates from a few prompts. 2. Expansion You start more and more projects because shipping suddenly feels cheap and fast. This is also the phase where people start convincing everyone around them: - coworkers - management - friends in other companies because nobody wants to “fall behind” in 6–12 months. That creates a massive snowball/FOMO effect. 3. The grind phase You realize the generated code has architectural issues, sloppy mistakes, weird abstractions, duplicated logic, broken edge cases, etc. So you start: - re-prompting - switching models - increasing reasoning effort - reviewing fixes - generating fixes for previous fixes And suddenly you spend your days reviewing AI-generated pull requests instead of building software. 4. Realization You realize AI coding increases output much faster than it increases certainty. The code still needs: - review - testing - ownership - architectural understanding - long-term maintenance Usually by expensive senior engineers. And the interesting thing is: this whole cycle can take many months or even more than a year because people become socially and professionally invested in the narrative themselves. Once teams, managers, and entire companies have been convinced that this is the future, it becomes psychologically and politically very hard to later say: “Actually, the ROI is much lower than we expected.”

Wireshark?

The beauty of a slow morning remains undefeated ☕️ 🌸 Cue “Ugirimana” by Dawidi 🎶

NextGen comin in strong with the clownery and I’m the proudest ❤️