@d1ngbat_ @endingwithali I will still say I work in fashion, despite the holes in my work t-shirt and sweatpants. The skeptical looks I get make it worth it
English
Zack Smith
856 posts
Zack Smith
@SecOpsEngineer
Senior Cyber Security Engineer | Doing data things
Присоединился Aralık 2021
1.1K Подписки948 Подписчики
@endingwithali For sure. I work in cybersecurity at a bank but you should never consult me about getting a business line of credit. I wouldn’t tell a banker in the same building that I’m in “finance” because they’d laugh me out of the building.
English
@endingwithali I'm a security engineer at an apparel company, but my wife rolls her eyes when I say I work in fashion. Same thing?
English
The reaction to this post on twitter versus Instagram is insane
ali@endingwithali
I might get cancelled for this one - but it’s been on my mind. I want to meet women in tech who are building the tech - coders, engineers, developers. I am still kind of confused where we lost the plot with the term “tech” - and how it now basically means a startup, and not engineering. Tbh when i go to tech events, i want to meet people who can relate to my experiences. In the future, I’d love to see more distinction - maybe we start going as women in software instead? What do you think? Am i about to get so much hate? 😳🙈 aaaaaa
English
@T_Zahil I think Patrick O'Shaughnessy said something similar in a podcast with @davidsenra. Everyone's mind recalls the world a little differently
English
I realised very recently that I had aphantasia.
Aphantasia is the inability to visualise images in your mind.
I always though "visualizing" or "picturing" were figures of speech lol, I didn't know people could really SEE things in their mind
Since then, a lot of things about me started to make sense. Aphantasia is also associated with a few specific traits:
- Poor autobiographical memory
- Bad spatial orientation
- Difficulty imagining the future
- Rarely dreaming
I don't know if it changes anything to know about this 😂 but the literature and the researches are interesting, our brain is truly and amazing machine!
English
@mailspec Yes, in many ways user privacy isn't strictly a technology issue. It's often a UX problem. Friction for the user results in insecure behavior.
English
One of the biggest reasons MFA deployments fail isn’t technology — it’s usability.
If authentication is:
❌ Too complex
❌ Too slow
❌ Too disruptive
Users look for ways around it. Security becomes optional.
That’s why user experience matters just as much as cryptography.
MailSPEC’s ActiveAuth focuses on seamless authentication:
Biometric authentication for administrators managing critical systems
OTP-based access for end users and third-party applications
Mobile-friendly workflows that don’t interrupt productivity
💡 Security that users accept is security that actually works.
Strong MFA doesn’t need to feel heavy — it needs to feel natural.
How user-friendly is your MFA today?
English
@thesamparr These themes will allow you to build out series of shorts, compilations for target groups, etc.
Different themes could be linked to different landing pages for leads, allowing you to know more about the stage a lead is in and what they're thinking about. This is just a start.
English
@thesamparr I am assuming you have your own target buckets. Take all content that you've previously produced or will produce and group them up with similar themes that match target groups.
Use those themes to identify gaps in content and build out a roadmap. Add themes/groups as you grow.
English
I own a podcast called Moneywise. Its a personal finance podcast for high net worth people.
It gets 15k-20k downloads an epiosde + 2k-30k views on youtube per episode.
I don't have an owner of the podcast in my company. I'm trying to decide what to do with it.
Any ideas?
Would love to have someone run with it.
English
@s4rah_dev A dad walking around the neighborhood with his kid was giving each house a shot of malört. Does that count?
English
Earlier this year I had the opportunity to speak at @bsides312. It looks like the video of my talk just got posted, so if you think using python for dark web intelligence sounds interesting you should check it out!
youtu.be/uVkqON80rAg?si…
YouTube
English
@shrisec @hetmehtaa A lot of it boils down to how they approach coworkers or other teams that are opposed to security related change.
Something like focusing on finding a way to help them achieve their end goal while still maintaining a level of security. We want to block breaches, not the business
English
@SecOpsEngineer @hetmehtaa Interesting question, and what would you consider an apt answer for this
English
@hetmehtaa It doesn't cover all CVEs but exploit-db is pretty good. Also check out rapid7.com/db/?type=metas…
English
@gitpush_gitpaid Seems Chrome is just against devs finding love at this point. Clearly, you're a bad actor...
English
@The_Geminiman Having done the clean-up for that after the fact, years of giving out access flippantly can make quite a mess. Just-in-time access has made a good difference in this area, but not fixed it entirely
English
One question I always ask during onboarding:
“What access do you actually need to do your job and for how long?’”
Most orgs grant permanent access for temporary tasks.
That’s how risk creeps in silently.
Least privilege starts with better questions.
#AccessControl #GRC
English
secutils.com/cve/CVE-2019-5…
Path traversal in Ruby on Rails (Action View). Affects versions < 5.2.2.1. CVSS 7.5. Attackers can disclose arbitrary files using manipulated HTTP Accept headers. Still relevant in legacy Rails deployments.
English
secutils.com/cve/CVE-2014-3…
A buffer overflow in Multi-Router Looking Glass (MRLG) that allows remote attackers to write arbitrary memory. Affects versions ≤ 5.4.1. CVSS 9.8. Exploitation can lead to memory corruption and potential code execution. This one is over a decade old!
English
Zack Smith ретвитнул
In your opinion, what are the differences between cyber security journalism and cyber threat intelligence?
English
@SecOpsEngineer @bettersafetynet Thank you for being so responsive to my criticisms. I was very appreciative of the fact you mentioned AIs involvement in the code. I was pleased with the talk up until I stepped away from it.
English
Went to see a talk at GrrCon yesterday on using python for monitoring the dark web and the speaker honestly admitted early on that his code was generated by AI.
Why would someone listen to that talk after that point when you can go and have AI make something similar.
English
@bettersafetynet @SiliconShecky The code I used worked and I was able to show some scan results after a few tweaks. You're right though, QA is definitely required for AI generated code. Just like any code from another dev, there's bound to be mistakes
English
@SiliconShecky Increasingly, I think we'll have code that is partially generated.
I don't mind if someone uses AI (with a few exceptions)... but I want the code to work. Gen'ed code still can absolutely be broken. Doing QA/validation still is IMO a value add.
English