Adrian Sanabria (@[email protected])

I've been working on a talk tentatively titled "Myths and Lies in InfoSec" Some of the research I'll be referencing in the talk was inspired by one particular stat: "60% of small businesses go out of business within 6 months of a data breach" How do we know a stat is fake? 🧵⏲️

@vmyths Speaking of debunking myths, my Destroyed by Breach dataset now has a website! destroyedbybreach.com

Your occasional reminder

Breaches Don’t Kill Companies. Being Unprepared Does (wisdom from @sawaba and @adamshostack). cybrsecmedia.com/breaches-dont-…

@thedawgyg IIRC, it was $20k to find ONE bug, the one that crashed OpenBSD Maybe DoS is valuable to someone, but these bugs are just mostly wasting everyone’s time by forcing software updates for no tangible benefit. But what do I know - maybe Rocket League’s servers run on OpenBSD?

They spent $20k finding their bugs, while I spend less than $1000 on my fuzzing setup and found alot of the same bugs (several in their announcements i found and have in my 'to report' docs since they werent exploitable beyond DoS). i havent found 'thousands' but i have found nearly 1000 since December. And the VAST majority that have been found with AI and fuzzing are Null Ptr Derefs. and as mentioned, they are almost never exploitable on modern systems since memory at 0x0000000 cant be mapped to anything anymore. (it cant with like +8/16/32/64 offsets either, i forget what the first usable spot is but its not anywhere near a null ptr deref location). Mythos might be good at finding bugs, but it is not finding things that would set the internet on fire in most instances. im sure they found some nice bugs in their thousands, but most of them would be DoS impact at absolute most.

Please check support inbox at terminal dot shop pls @thdxr @adamdotdev @ThePrimeagen @teej_dv @iamdavidhill i need help with my subscription pleeeeeease ordering coffee over SSH was hilarious, did it live on a podcast, but it won't let me manage my subscription

🛡️ Securing access to data alone is no longer enough in an AI-driven world. On this @SecWeekly episode learn what is driving renewed interest in hybrid architectures and how a #SASE platform is adjacent to #DSPM and vice-versa. bit.ly/49WS9wi #SkyhighSecurity #AI

ICYMI: Mandiant’s Principal Security Consultant Ryan Fried and @Google’s Principal Strategic Security Consultant José Toledo joined @SecWeekly podcast to explore how cyberattacks can derail organizational spending—and (cont) bit.ly/4pYHZRH

Why does security keep failing despite massive investments in tools and compliance? Adrian Sanabria (@sawaba), Principal Researcher at The Defenders Initiative and Main Host of Enterprise Security Weekly (@secweekly), explores this uncomfortable truth in our latest episode of the Be Fearless Podcast. Adrian discusses with @JohnCarse why checklist-focused security keeps defenders behind, how cyber insurance might force real change, and why AI has become the attacker's number one accomplice in 2025. Hear the conversation: open.spotify.com/episode/5FSLs2… #cybersecurity #browsersecurity #enterprisesecurity

Exposure is everywhere now — cloud, SaaS, IoT, shadow IT, vendors you don’t control. Replay the @SCMagazine webcast with @sawaba, @hdmoore & @todb to learn why continuous discovery matters and how attackers exploit what you can’t see. 👉 runzero.com/resources/asm-…

@dtathemes @Pebble Support never stopped (just moved from Pebble the company to Rebble the community), the old ones still work!

@Pebble Wait what? Was my favorite watch till the support for it stopped. I wore my OG pebble till it wouldn’t turn on anymore. Good old days!

rePebble.com 👀

Another Controversial Point Of View That I agree with

📺 Live webcast Dec 3 with @SCMagazine! Your attack surface doesn’t end at the firewall. Join @hdmoore, @todb, and @sawaba to learn how continuous discovery + attack path mapping keeps you ahead. 👉 scworld.com/cybercast/atta…

Your attack surface is sprawling & full of blind spots. 🎥 On Dec 3 at 2 PM ET, @SCMagazine brings together @hdmoore, @todb, & @sawaba to reveal how to operationalize attack surface management without losing your mind. 👉 Register here: scworld.com/cybercast/atta…

Why does security keep failing despite massive investments in tools and compliance frameworks? Adrian Sanabria (@sawaba), Principal Researcher at The Defenders Initiative and Main Host of Enterprise Security Weekly (@SecWeekly), explores this uncomfortable truth in our latest episode of the Be Fearless Podcast. Adrian discusses with @JohnCarse why focusing on checklists keeps defenders perpetually behind, how cyber insurance might force real change in security practices, and why AI has become the attacker's number one accomplice in 2025. He also covers prompt injection attacks as the next big problem, using frameworks correctly to guide decisions, and why CISOs must avoid the "hoarding" mindset. Watch now: youtu.be/n79YY-pqwBA #cybersecurity #browsersecurity #enterprisesecurity

Wait..there’s more. If you liked @sawaba piece ‘ A Market for Lemonade’, this insightful piece expands on it. The very astute Adrian writes that much of the funding in #cybersecurity industry is going to the lemonade makers. And that is not a good thing. defendersinitiative.substack.com/p/cybersecurit…

@UMNND @mattjay Holy shit, I forgot about that

@sawaba @mattjay He was once the most followed person on twitter.

Matthew McConaughey? The Cybersecurity Investor?

When evaluating, buying & using #infosec products, it can be difficult to determine how well they work. You can discover #cybersecurity products that weren’t even functional after deployment. Cybersecurity - A Market for Lemonade, by the brilliant @sawaba. defendersinitiative.substack.com/p/cybersecurit…

@ericmigi Blue is my fav but both One of my favorite things about Pebbles is how easy it is to swap them out. I have 5 I wear for different occasions/outfits

Would you pick rivian-blue or orangered?

@brysonbort All sizes nest and they all use the same size lid. Freeze & microwave in them, and they’re cheap enough that you can send someone home with leftovers and they don’t need to return the container.

@brysonbort There’s actually a ‘one weird trick’ for this one. Deli containers. a.co/d/97hchSS

Y'all always complaining Cyber is hard. Have you organized Tupperware?