Cameron Smith

@IceSolst Shift left doesn't scale either, especially at AI speeds. We need to shift down. Processes, tooling, and security reasoning baked in at the development and platform layers.

Opposed to security being “approvers”. It is too late. We should collab during design and coding, with tools to help instill confidence in devs. If they come to us after 3 months of implementation work, w “sir plz approve” and wait for me, then we have both failed.

@vxunderground That's amazing. As a vet myself, it makes me proud and warms my heart to hear. If your boy is looking for a gig when he gets finishes school, lemme know.

One of my good friends was deployed to the Middle East about 17 years ago. He did a 6 year stint in the military. He got out and had some mental health issues and had problems integrating back into the world outside the military. After nearly 8 years of struggling with PTSD, depression, anxiety, and alcohol issues, I'm happy to share he's finally got his head back on straight. He told me he's attending university for cybersecurity. He got himself a really nice girlfriend who seems very supportive of him. He's got a nice home to call him own. He's doing really, really good. It all worked out. Proud of my boy.

@IceSolst I mean, if I'm distrustful of code that I write, imagine how much I trust code from other sources... 🤣🤣🤣

I distrust human and LLM generated code equally I similarly distrust human and LLM conducted code reviews equally And our tools to verify program correctness need a lot of improvement

@HackingDave Forming yet another very strong, warm memory of that trip with the boyz.... Sounds like life happening in real time ❤️

For this weekend I rented an RV with my airsoft boys… get to the facility … tight driveway, hit a branch.. rips off the entire left mirror completely off. So… no left mirror and in South Carolina in a big 30ft rv. So I run to auto zone and get a tiny mirror that I can roll window down to see to my left while driving.. While driving home on freeway half way in, lose grip of mirror out the window .. it’s gone. So we pry the broke mirror off it so I could use it the rest of the ride 😆

@LowLevelTweets @BentleyAudrey Big same... Like there's some facsimile left, but it's just not the same

I miss infosec twitter

@HackingDave Looks like the good stuff! Just life being lived by people and some warm, core memories being made...

😂😂

@IceSolst This is what many VCs and Startups found out. If everything is backed with the "same model," you need something besides just calling the model to have differentiated value. Many new security 'scanners' aren't doing anything different than saying "Claude, take the wheel..."

Building a harness to run scans with an agent. It is absolutely garbage. Completely useless. There’s literally 0 benefit to using it over plain Claude Code. Everything it can do, you can just do via Skills etc. Many were preaching the benefits of a harness, but I’m not sure.

@chrissanders88 I think a practical, working definition for systems work is any entity taking actions, being acted upon, or being acted on behalf of. That can be a user, system, agent, etc. Additional layers of abstraction or specificity seem like they'll miss the forest for the trees... 😜

When you hear the word "identity" in cybersecurity, what does that mean to you? How do you define it?

@HackingDave I can tell you the future is neurosymbolic and provable assurance - linkedin.com/posts/schwartz… It's not a tool, it's just math.

In all seriousness though, companies that are investing in these tools have zero control over code quality, how to protect from prompt injection, what gets shoved and executed into the developers environment, what gets shoved into production. Zero. Controls. Death of cybersecurity? Nah. It's just getting started.

@IceSolst Any chance you could turn the volume up louder for all the people in the back!?!?! This is soooooo true. I was talking with a financial institution where the CISO was getting bullied for AI acceleration by the CDO, but still had server 2008 and a flat network... 😭

Th vast majority of CISOs do not work at Google-sized companies, and will not have to worry about 0days There’s a disconnect between the Mythos discourse, and what actually happens at most orgs: Still can’t identify assets and IPs, biggest threat is still phishing, lack of defined ID mgmt and access controls, shadow IT, misconfig’d S3 buckets… If you work at one of those companies (applies to most people) you have a LOT of work to do before AI 0days is even on the top 50 things to think about. This is why advice from Google and large company leaders isn’t relevant to most folks out there. Massive scale and attack surface difference. Sure it’s still interesting and fun to speculate at that level, but it’s just not real for most people.

@TracketPacer I tell you... That feeling when the rack-jockey before you left a couple taped to the inside of the door or in the very tippy top slot is just... *Chef's kiss*

i found some cage nuts

@vxunderground Hahahaha, yessssssss....... Same here. I found 2-3 infinitely more fun, but wildly exhausting

1 year olds are far more exhausting than 6 month olds. Parents warned me. They were correct. Bro HAS to put ALL FOOD on his head. - Beans - Soup - Mac and Cheese - Strawberries - Blueberries If he doesn't rub it on his head, or eat it, he throws it on the floor. I'm tired.

@HackingDave @HackingDave - Try KiroCLI with Claude, or something backed by Bedrock. It's been solidly performing for us. Anthropic isn't an infrastructure company...?

I understand there’s a ton of Claude fans out there. I was there too 4-5 weeks ago. Then it got way way way worse and without explanation. What’s worse is that I would consider myself a heavy power user. What about the folks that aren’t and have no idea it was dumbed down over 60% or more since its initial release and are using this day to day. Codex is outperforming Claude in every way right now. Additionally OpenAI is much more transparent, cheaper, and produces much better code in every way to Claude at the moment. Claude has massive outages, lack of transparency to users, some really bad operational and security practices. They’ve lost me. I’m done. What happened ?

Look at this and tell me God exists

@IceSolst I'd argue it's because you've transferred them to some folks who desperately needed them... 🤣🤣🤣

One year ago, I created this forsaken account. I regret everything. I’ve genuinely lost brain cells, irrecoverably. What I’ve learned: - Who wrote Task Manager - Semrure Mail Transfe Protocol - Rust (Bitcoin style) encryption - Fortinet RCE (x39) - /b/ was never good

@vxunderground I'm sorry, I could hear you over the adorable bug-eyed kitten. Something about spies...?

I get messages around the clock from nerds I get information on products, breaches, forum drama, Threat Actors, what cybersecurity companies are doing, etc Sometimes I feel like I've got an international network of spies that feed me intelligence. It's fucking badass

@gabsmashh Big same... I miss that entire era. The internet felt like a place that I used to go to that was constrained to my desktop in my office rather than a pervasive digital dimension that is layered on top of everything. Simpler times, eh?

i miss limewire

@HackingDave At this rate, it may even wind up in my eulogy... 🤣🤣🤣

One thing I’ll never forget until the day I die… up up down down left right left right B A select start.

This platform remains so weird... yet still useful.

@HackingDave What's wild to me is that life really can be this simple if we let it...

We are simple, simple creatures. I would do the same had this been me 🤣🤣