Chris Wilken

@MeasureTwiceMNY Share

I am publicly sharing my entire financial planning process on March 1st - including how I review each financial document, discover opportunities for deeper conversations, develop planning recommendations, and present each of these summaries. Comment "Share" if you want to learn!

@MerrittBaer @AccidentalCISO Security in the SDLC? I know, SDLC isn’t cool anymore…

is there a term for "shifting left" or "devsecops" that isn't cringe? (real question)

@lovelydreamer @AccidentalCISO What specifically are you looking for? Basic OS design? AD/Server roles? Security hardening? User/group mgmt?

@tonybgoode Your tweet is fitting for the last one

What should the last tweet be?

@khaxan @NerdPyle I have this feeling that my bracket will massively bust today…

@khaxan @NerdPyle I knew better, but thought this year was different. Now I know what being a Mets fan feels like…

@NerdPyle I’m in

@CisoHelen @wendynather @nickgray produced an amazing list here: museumhack.com/list-icebreake…

@AccidentalCISO @securitybrew You too? I thought I was the only security professional by day, plumber by night.

@securitybrew The kids don't wear diapers anymore, so now I'm an all-pro toilet plunger. 🤣😭

If you're a Dad, how many diapers have you changed? Caveat: In the case of an adopted child no longer in diapers, it's ok to answer "thousands" I think, because it would be unfair otherwise.

@toddmckinnon Thanks!

Pleb: Assign group policies to OUs Chads: Assign all group policies to root domain and use WMI filters to select the LDAP DN of the OUs you want them to apply to

@try_it_sometime @AccidentalCISO What is the purpose for the audit? Physical security? Asset Mgmt? General computer controls?

@AccidentalCISO I would appreciate your input on this question: what would you put in a datacenter audit file. Further context and details here: reddit.com/r/ITManagers/c…

@scottmassari @SwiftOnSecurity Assuming it’s this? cyberscoop.com/blackmatter-ne…

Guessing it's not someone large like Cargill or we would have heard something by now ... Sounds like a vendor that plays in the grain/commodity erp/processing space via software for weigh scale, grain elevator, pricing/bid management,etc ... Messing with our corn is a bad move.

@nickgray @michaelalexis I believe @tonybgoode was there

@nickgray Please start a conga line

@Frichette_n 💯but Twitter as threat intel is hard to sell to auditors…

This isn’t a subtweet at any vendor or anything, but I’m pretty sure Twitter beats most threat intel feeds. When your staff are a part of the infosec community and current events, they can inform you faster than a third party vendor.

@marcoarment One approach is to say that you are aware of it and it is on the roadmap to get implemented next quarter. A majority of these are sent to so many targets that they’re just looking for payment. Another option is to give swag instead of $

@kadavy this is for you! lego.com/en-us/product/…

@nickgray So no to investing into a low cost S&P index fund and accumulating wealth over time?

@poiThePoi @hacks4pancakes Find out if anyone with security exp helped them with the decisions into their design and what was the focus. Based on their response, you can then ask more questions about arch or go into asking about other aspects of security (access mgmt, sec config, sdlc, sec mon, vuln, etc)

@poiThePoi @hacks4pancakes Then ask if everything talks with each other over the Internet restricted by IPs or if they have a firewall and network segmentation where specific resources talk only to other resources via private networks

I think I have a provisional job offer to be DevSecOps team lead at a medical startup in Pittsburgh. I know what questions to ask about the state of the Ops world, what questions should I be preemptively asking about their security state?