Sean Mason

8.2K posts

Sean Mason banner
Sean Mason

Sean Mason

@SeanAMason

I lead Cyber Defense for @United. Angel Investor. Philanthropist. World Traveler. Founder of IR business for @Cisco. Former @GE CIRT Leader.

Florida Katılım Aralık 2010
71 Takip Edilen1.9K Takipçiler
Sean Mason
Sean Mason@SeanAMason·
@anton_chuvakin @bettersafetynet It's not even that... Cyber is a community working together for the common good. I'll point to the ISACs which exist for a reason, to share ideas and information, to include amongst competitors. Ignoring and/or not asking what others are doing is foolish.
English
1
0
1
40
Dr. Anton Chuvakin
Dr. Anton Chuvakin@anton_chuvakin·
@bettersafetynet This is unfixable. The desire to run faster than the *slowest* hiker to avoid the bear BUT NO FASTER is very strong.
English
2
0
6
366
Mick Douglas 🇺🇦🌻
Mick Douglas 🇺🇦🌻@bettersafetynet·
Stop asking what competitor orgs are doing re: infosec. Your org does things differently than them.
English
8
9
54
8.5K
Sean Mason retweetledi
David J. Bianco
David J. Bianco@DavidJBianco·
Yes, it is the "if you're going to be at RSA..." time of year again! If you're going to be at RSA, I'd love to see you at my talk: "How I Screwed Up #ThreatHunting a Decade Ago, and How We're Fixing it Now with #PEAK" buff.ly/3TMOngF
English
0
4
10
1.3K
Sean Mason
Sean Mason@SeanAMason·
@Garin_Pace Interesting comments... any more insight into which insurers are buying/forming IR teams?
English
0
0
0
14
Garin Pace
Garin Pace@Garin_Pace·
@AlyssaM_InfoSec @joshcorman I think carriers claiming to have access to “insights” is more marketing, though change is afoot. There are insurers out now buying or forming their own IR firms. And outside US it’s more likely to get detail, but US is biggest insurance market and location of ransomware victims.
English
1
0
0
54
Sean Mason
Sean Mason@SeanAMason·
@pchobbit @anton_chuvakin As long as the IC is only performing urgent work, they make sense (as the author states). And let's not forget about non-traditional incidents, like critical vulnerabilities that are reported to you. And in down time, ICs should focus on continual improvement, TTXs, Comms, etc...
English
0
0
1
19
PC
PC@pchobbit·
@anton_chuvakin @Google Hmm.. I made a comment. In house I agree there isn't usually a need for a fulltime IC role. As a consultancy, we absolutely have full time ICs that respond to customer incidents.
English
1
0
1
74
Dr. Anton Chuvakin
Dr. Anton Chuvakin@anton_chuvakin·
A very fun read from a colleague here @Google "You can’t Incident Command an email thread" @matt_97344/you-cant-incident-command-an-email-thread-9b46ba35f298" target="_blank" rel="nofollow noopener">medium.com/@matt_97344/yo…
English
3
9
54
7.2K
Sean Mason retweetledi
David J. Bianco
David J. Bianco@DavidJBianco·
Hospital #ransomware have a huge impact on patient mortality, it turns out. WHO KNEW?? 42-67 deaths in just patients covered by Medicare in the US, not those covered by other insurance or those in other parts of the world. Cybersecurity is healthcare. buff.ly/3RgZAoO
David J. Bianco tweet media
English
1
3
10
1.2K
Sean Mason retweetledi
Heather Adkins - Ꜻ - Spes consilium non est
Heather Adkins - Ꜻ - Spes consilium non est@argvee·
No, we aren’t turning the internet off @google. We experiment continuously to raise the cost of attacks for bad guys and are running a short test on a small # of very specific machines; testers have full internet access on other devices, and can also opt out of the test!
Techmeme@Techmeme

Sources: Google is internally piloting an opt-in program where some employees will be restricted to internet-free PCs to reduce the risk of cyberattacks (@jenn_elias / CNBC) cnbc.com/2023/07/18/goo… #a230718p38" target="_blank" rel="nofollow noopener">techmeme.com/230718/p38#a23

English
14
29
139
64.4K
Sean Mason
Sean Mason@SeanAMason·
This is one of the reasons why I struggle when it comes to trusting Microsoft. They created a target rich environment that helped incubate the cybersecurity problem, sat by and did next to nothing while it's been rampant, and now are profiting from it.
Steven Adair@stevenadair

@Volexity @Microsoft365 @Microsoft @CISAgov Spoiler: the first recommendation is "Enable Purview Audit (Premium) logging. This logging requires licensing at the G5/E5 level." That is a tough pill to swallow for most organizations due to the cost. IMHO, this log data should be available at all M365 license levels. 6/7

English
1
0
1
341
Sean Mason retweetledi
Brad Garnett
Brad Garnett@brgarnett·
Talos IR has repeatedly observed adversaries abusing VCAs in different ways during incident response engagements. These accounts are frequently leveraged for initial access and then used to move laterally through the organization’s network, especially when the victim hasn’t deployed multi-factor authentication (MFA). Since VCAs are usually given elevated permissions, theft of these credentials will often result in widespread damage to victim assets and could even be used to move along the initial victim’s supply chain. blog.talosintelligence.com/vendor-contrac…
English
0
1
1
314
Sean Mason retweetledi
Dustin Volz
Dustin Volz@dnvolz·
North Korean hackers have stolen more than $3 billion in crypto over the last 5 years, and their heists are now funding fully half of its ballistic missile program, alarming U.S. officials. Here's how they did it. w/ @bobmcmillan wsj.com/articles/how-n…
Dustin Volz tweet media
English
17
320
658
758.4K
Sean Mason
Sean Mason@SeanAMason·
Some really great insights: The airlines’ cyber chief believes storytelling, facilitation, and a marketing mindset are vital for moving IT and cybersecurity up the organizational value chain to the benefit of the business overall. cio.com/article/480461
English
0
0
4
228
Sean Mason
Sean Mason@SeanAMason·
@anton_chuvakin Well said. I'd state that even the basic hygiene needs to be threat informed these days. Nobody has enough resources to do everything and your threats should prioritize what you go after.
English
1
0
1
74
Dr. Anton Chuvakin
Dr. Anton Chuvakin@anton_chuvakin·
Everybody who does security would admit that "it is about the threats", but it does not seem that this is what they do much of the time. And, yes, hygiene/basics may (?) not need to be "threat-informed", sure. But much of "cybers" seem pretty "threat-uninformed" so why? (2/3)
English
4
1
3
1.8K
Sean Mason
Sean Mason@SeanAMason·
@security_craig Sadly a lot of developers don't use their own product and/or features.
English
0
0
0
58
Sean Mason retweetledi
Grant Milstead
Grant Milstead@grantmillie·
@lillysharples If anyone wants to work on software at United Airlines, send me a DM. We have front end, mobile and Full stack dev roles as well as cloud ops jobs open. Come where you can have an impact and help 500K people a day get to the events in their lives that matter most! #beingunited
English
0
2
7
334
Sean Mason
Sean Mason@SeanAMason·
Ransomware actors aren't necessarily going after the big pay day anymore- most ransoms are running ~$200k. What this article is missing, is once inside and prior to deploying ransomware, actors are using BEC techniques to ensure they take home some money darkreading.com/attacks-breach…
English
0
0
0
166
Sean Mason
Sean Mason@SeanAMason·
Great meeting with @mubix & our Red Team earlier. We hit our highest payout month ever in December for our Vulnerability Disclosure Program! Thank you to all of our researchers out there. If you want to get involved, check out our program on @Bugcrowd - bugcrowd.com/united-vdp
English
0
0
0
151
Sean Mason
Sean Mason@SeanAMason·
Some level of paranoia is healthy in the security space, but jumping to conclusions isn't. I'd recommend every team have a set of security checks they perform every time there is some level of IT disruption- knowing full well that 99.9% of the time it's not a security issue.
Karine Jean-Pierre Archived@PressSec46

The President has been briefed by the Secretary of Transportation this morning on the FAA system outage. There is no evidence of a cyberattack at this point, but the President directed DOT to conduct a full investigation into the causes. The FAA will provide regular updates.

English
0
0
3
300

Keşfet

@anton_chuvakin @bettersafetynet @Garin_Pace @AlyssaM_InfoSec @joshcorman @pchobbit @Google @bobmcmillan