home.social

#infosectraining โ€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #infosectraining, aggregated by home.social.

  1. Dariusz Wiฤ™ckiewicz @[email protected] ยท

    ๐—ง๐—ฒ๐—ฎ๐—บ ๐——๐˜†๐—ป๐—ฎ๐—บ๐—ถ๐—ฐ๐˜€ & ๐—–๐—ผ๐—บ๐—บ๐˜‚๐—ป๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป: ๐—ง๐—ต๐—ฒ ๐—ฆ๐—ฒ๐—ฐ๐—ฟ๐—ฒ๐˜ ๐—ช๐—ฒ๐—ฎ๐—ฝ๐—ผ๐—ป๐˜€ ๐—ผ๐—ณ ๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฐ๐—ฒ

    #CyberSecurity #Teamwork #InformationSecurity #InfosecTraining #ProfessionalDevelopment #CyberSecurityAwareness #TeamDynamics #SoftSkills

    youtu.be/q7nWl6TAMmI

    #cybersecurity #teamwork #informationsecurity #infosectraining #professionaldevelopment #cybersecurityawareness
  2. Dariusz Wiฤ™ckiewicz @[email protected] ยท

    ๐—ง๐—ฒ๐—ฎ๐—บ ๐——๐˜†๐—ป๐—ฎ๐—บ๐—ถ๐—ฐ๐˜€ & ๐—–๐—ผ๐—บ๐—บ๐˜‚๐—ป๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป: ๐—ง๐—ต๐—ฒ ๐—ฆ๐—ฒ๐—ฐ๐—ฟ๐—ฒ๐˜ ๐—ช๐—ฒ๐—ฎ๐—ฝ๐—ผ๐—ป๐˜€ ๐—ผ๐—ณ ๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฐ๐—ฒ

    #CyberSecurity #Teamwork #InformationSecurity #InfosecTraining #ProfessionalDevelopment #CyberSecurityAwareness #TeamDynamics #SoftSkills

    youtu.be/q7nWl6TAMmI

    #cybersecurity #teamwork #informationsecurity #infosectraining #professionaldevelopment #cybersecurityawareness
  3. Dariusz Wiฤ™ckiewicz @[email protected] ยท

    ๐—ง๐—ฒ๐—ฎ๐—บ ๐——๐˜†๐—ป๐—ฎ๐—บ๐—ถ๐—ฐ๐˜€ & ๐—–๐—ผ๐—บ๐—บ๐˜‚๐—ป๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป: ๐—ง๐—ต๐—ฒ ๐—ฆ๐—ฒ๐—ฐ๐—ฟ๐—ฒ๐˜ ๐—ช๐—ฒ๐—ฎ๐—ฝ๐—ผ๐—ป๐˜€ ๐—ผ๐—ณ ๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฐ๐—ฒ

    #CyberSecurity #Teamwork #InformationSecurity #InfosecTraining #ProfessionalDevelopment #CyberSecurityAwareness #TeamDynamics #SoftSkills

    youtu.be/q7nWl6TAMmI

    #softskills #teamdynamics #cybersecurityawareness #professionaldevelopment #infosectraining #informationsecurity
  4. Dariusz Wiฤ™ckiewicz @[email protected] ยท

    ๐—ง๐—ฒ๐—ฎ๐—บ ๐——๐˜†๐—ป๐—ฎ๐—บ๐—ถ๐—ฐ๐˜€ & ๐—–๐—ผ๐—บ๐—บ๐˜‚๐—ป๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป: ๐—ง๐—ต๐—ฒ ๐—ฆ๐—ฒ๐—ฐ๐—ฟ๐—ฒ๐˜ ๐—ช๐—ฒ๐—ฎ๐—ฝ๐—ผ๐—ป๐˜€ ๐—ผ๐—ณ ๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ ๐——๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฐ๐—ฒ

    #CyberSecurity #Teamwork #InformationSecurity #InfosecTraining #ProfessionalDevelopment #CyberSecurityAwareness #TeamDynamics #SoftSkills

    youtu.be/q7nWl6TAMmI

    #cybersecurity #teamwork #informationsecurity #infosectraining #professionaldevelopment #cybersecurityawareness
  5. OWASP Foundation @[email protected] ยท

    ๐Ÿš€ OWASP Global AppSec US 2025: Agenda Highlights!

    Get ready, AppSec professionals! Check out the full lineup for Training (Nov 3โ€“5) and Conference (Nov 6โ€“7) in Washington, D.C.

    Whether youโ€™re sharpening your skills, exploring cutting-edge insights, or networking with industry leaders, thereโ€™s something for everyone.

    ๐Ÿ”— Register now: owasp.glueup.com/event/131624/

    #OWASP2025 #AppSec #Cybersecurity #GlobalAppSec #Infosec #WashingtonDC #InfoSecTraining

    #owasp2025 #appsec #cybersecurity #globalappsec #infosec #washingtondc
  6. OWASP Foundation @[email protected] ยท

    ๐Ÿš€ OWASP Global AppSec US 2025: Agenda Highlights!

    Get ready, AppSec professionals! Check out the full lineup for Training (Nov 3โ€“5) and Conference (Nov 6โ€“7) in Washington, D.C.

    Whether youโ€™re sharpening your skills, exploring cutting-edge insights, or networking with industry leaders, thereโ€™s something for everyone.

    ๐Ÿ”— Register now: owasp.glueup.com/event/131624/

    #OWASP2025 #AppSec #Cybersecurity #GlobalAppSec #Infosec #WashingtonDC #InfoSecTraining

    #owasp2025 #appsec #cybersecurity #globalappsec #infosec #washingtondc
  7. OWASP Foundation @[email protected] ยท

    ๐Ÿš€ OWASP Global AppSec US 2025: Agenda Highlights!

    Get ready, AppSec professionals! Check out the full lineup for Training (Nov 3โ€“5) and Conference (Nov 6โ€“7) in Washington, D.C.

    Whether youโ€™re sharpening your skills, exploring cutting-edge insights, or networking with industry leaders, thereโ€™s something for everyone.

    ๐Ÿ”— Register now: owasp.glueup.com/event/131624/

    #OWASP2025 #AppSec #Cybersecurity #GlobalAppSec #Infosec #WashingtonDC #InfoSecTraining

    #owasp2025 #appsec #cybersecurity #globalappsec #infosec #washingtondc
  8. OWASP Foundation @[email protected] ยท

    ๐Ÿš€ OWASP Global AppSec US 2025: Agenda Highlights!

    Get ready, AppSec professionals! Check out the full lineup for Training (Nov 3โ€“5) and Conference (Nov 6โ€“7) in Washington, D.C.

    Whether youโ€™re sharpening your skills, exploring cutting-edge insights, or networking with industry leaders, thereโ€™s something for everyone.

    ๐Ÿ”— Register now: owasp.glueup.com/event/131624/

    #OWASP2025 #AppSec #Cybersecurity #GlobalAppSec #Infosec #WashingtonDC #InfoSecTraining

    #infosectraining #washingtondc #infosec #globalappsec #cybersecurity #appsec
  9. OWASP Foundation @[email protected] ยท

    ๐Ÿš€ OWASP Global AppSec US 2025: Agenda Highlights!

    Get ready, AppSec professionals! Check out the full lineup for Training (Nov 3โ€“5) and Conference (Nov 6โ€“7) in Washington, D.C.

    Whether youโ€™re sharpening your skills, exploring cutting-edge insights, or networking with industry leaders, thereโ€™s something for everyone.

    ๐Ÿ”— Register now: owasp.glueup.com/event/131624/

    #OWASP2025 #AppSec #Cybersecurity #GlobalAppSec #Infosec #WashingtonDC #InfoSecTraining

    #owasp2025 #appsec #cybersecurity #globalappsec #infosec #washingtondc
  10. OWASP Foundation @[email protected] ยท

    ๐Ÿšจ Only have one day to train? Make it count!

    Join us at OWASP Global AppSec US 2025 in Washington, D.C. for a full day of expert-led, hands-on Application Security training.

    Pick from a curated lineup of 1-day courses designed to sharpen your skills in critical areas.

    owasp.glueup.com/event/131624/

    #OWASP2025 #AppSec #Cybersecurity #InfosecTraining #DevSecOps #ThreatModeling #PrivacySecurity #WashingtonDC #SecurityTraining

    #owasp2025 #appsec #cybersecurity #infosectraining #devsecops #threatmodeling
  11. OWASP Foundation @[email protected] ยท

    ๐Ÿšจ Only have one day to train? Make it count!

    Join us at OWASP Global AppSec US 2025 in Washington, D.C. for a full day of expert-led, hands-on Application Security training.

    Pick from a curated lineup of 1-day courses designed to sharpen your skills in critical areas.

    owasp.glueup.com/event/131624/

    #OWASP2025 #AppSec #Cybersecurity #InfosecTraining #DevSecOps #ThreatModeling #PrivacySecurity #WashingtonDC #SecurityTraining

    #owasp2025 #appsec #cybersecurity #infosectraining #devsecops #threatmodeling
  12. OWASP Foundation @[email protected] ยท

    ๐Ÿšจ Only have one day to train? Make it count!

    Join us at OWASP Global AppSec US 2025 in Washington, D.C. for a full day of expert-led, hands-on Application Security training.

    Pick from a curated lineup of 1-day courses designed to sharpen your skills in critical areas.

    owasp.glueup.com/event/131624/

    #OWASP2025 #AppSec #Cybersecurity #InfosecTraining #DevSecOps #ThreatModeling #PrivacySecurity #WashingtonDC #SecurityTraining

    #owasp2025 #appsec #cybersecurity #infosectraining #devsecops #threatmodeling
  13. OWASP Foundation @[email protected] ยท

    ๐Ÿšจ Only have one day to train? Make it count!

    Join us at OWASP Global AppSec US 2025 in Washington, D.C. for a full day of expert-led, hands-on Application Security training.

    Pick from a curated lineup of 1-day courses designed to sharpen your skills in critical areas.

    owasp.glueup.com/event/131624/

    #OWASP2025 #AppSec #Cybersecurity #InfosecTraining #DevSecOps #ThreatModeling #PrivacySecurity #WashingtonDC #SecurityTraining

    #securitytraining #washingtondc #privacysecurity #threatmodeling #devsecops #infosectraining
  14. OWASP Foundation @[email protected] ยท

    ๐Ÿšจ Only have one day to train? Make it count!

    Join us at OWASP Global AppSec US 2025 in Washington, D.C. for a full day of expert-led, hands-on Application Security training.

    Pick from a curated lineup of 1-day courses designed to sharpen your skills in critical areas.

    owasp.glueup.com/event/131624/

    #OWASP2025 #AppSec #Cybersecurity #InfosecTraining #DevSecOps #ThreatModeling #PrivacySecurity #WashingtonDC #SecurityTraining

    #owasp2025 #appsec #cybersecurity #infosectraining #devsecops #threatmodeling
  15. OWASP Foundation @[email protected] ยท

    ๐Ÿšจ Only have one day to train? Make it count.

    Join us on at OWASP Global AppSec USA 2025 in Washington, D.C. for a full day of expert-led, hands-on security training.

    ๐ŸŽฏ Whether you're a builder, breaker, defender, or manager, there's a course to help you go deeper.

    ๐Ÿ”— Register: owasp.glueup.com/event/131624/

    #OWASP #AppSec #CyberSecurity #InfosecTraining #AIsecurity #ThreatModeling #DevSecOps #OWASP2025 #WashingtonDC #SecurityTraining #PrivacySecurity

    #owasp #appsec #cybersecurity #infosectraining #aisecurity #threatmodeling
  16. OWASP Foundation @[email protected] ยท

    ๐Ÿ” Ready to level up your offensive security skills?

    Join Dawid Czagan on November 3โ€“5 at OWASP Global AppSec USA 2025 for a 100% hands-on training: "Full-Stack Pentesting Laboratory"

    ๐Ÿ‘‰ REGISTER: owasp.glueup.com/event/131624/

    #OWASP #CyberSecurity #AppSec #Pentesting #DevSecOps #InfosecTraining #EthicalHacking #RedTeam #OWASP2025 #WashingtonDC

    #owasp #cybersecurity #appsec #pentesting #devsecops #infosectraining
  17. OWASP Foundation @[email protected] ยท

    ๐Ÿ“ฃ Calling all developers and AppSec pros!

    Join Jim Manico on November 3โ€“5 at OWASP Global AppSec USA 2025 for a 3-day, hands-on training experience.

    REGISTER NOW: owasp.glueup.com/event/131624/

    โžก๏ธ Ideal for beginners looking to build a strong, modern security foundation in both traditional and AI-driven environments.

    #OWASP #CyberSecurity #AppSec #AIsecurity #DevSecOps #SoftwareSecurity #WashingtonDC #SecureCoding #InfosecTraining #Developers

    #owasp #cybersecurity #appsec #aisecurity #devsecops #softwaresecurity
  18. Bishop Fox @[email protected] ยท

    Level up your web #appsecurity testing with the #OWASP #ASVS! Listen in to our live discussion with our security consultant Shanni Prutchi as she shares her #appsec expertise, happening here later today!

    Join us & bring your ASVS questions. #infosectraining #applicationsecurity #BFLive

    And don't forget about our Discord AMA starting at 1 PM MST.

    bfx.social/4601Aqt

    #appsecurity #owasp #asvs #appsec #infosectraining #applicationsecurity
  19. Christina Lekati @[email protected] ยท

    Last Call For Registrations!
    In 2 weeks we will be meeting in Vienna for a deep dive into #SocialEngineering & #OSINT!

    You can still join the 2-day training class "Practical Social Engineering & Open-source Intelligence for Security Teams" I will be delivering at this year's #DeepSec conference, in which you will...

    ๐ŸŒ Learn how attackers leverage OSINT to identify organizational vulnerabilities.
    ๐ŸŽฏ Understand the psychology and methodology behind social engineering attacks.
    ๐Ÿ” Acquire necessary skills & knowledge that will help you prevent and better simulate social engineering attack scenarios.
    ๐Ÿ’ผ Examine real-life case studies and attack methodologies.
    ๐Ÿ“š Build better protective measures, inform your security strategy, and learn to provide realistic insights to clients.

    Date: 14 & 15 November 2023
    Location: Vienna, Austria

    โฌ‡๏ธ Course Content & Registration Details: deepsec.net/speaker.html#WSLOT

    I look forward to seeing you there!

    #socialengineeringtraining #cybersecurity #opensourceintelligence #osinttraining #infosectraining #infosec #deepsec2023

    #socialengineering #osint #deepsec #socialengineeringtraining #cybersecurity #opensourceintelligence
  20. Anthony Collette :donor: / Loistava @[email protected] ยท

    Debunking Cybersecurity Myths

    Cybersecurity expert Eva Galperin โ€” @evacide โ€” helps debunk some common myths about cybersecurity.

    โ˜‘๏ธโ€‹ Is the government watching you through your computer camera?

    โ˜‘๏ธโ€‹ Does Google read all your Gmail?

    โ˜‘๏ธโ€‹ Does a strong password protect you from hackers?

    โ˜‘๏ธโ€‹ Will encryption keep my data safe?

    โ˜‘๏ธโ€‹ Are all hackers bad people?

    Eva answers all these questions and much more using clear language that's easy to understand.

    Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation โ€” @eff

    Rather read than listen? A helpful transcript is available.

    wired.com/video/watch/expert-d

    #Infosec #Cybersecurity #BeCyberSmart
    #MoreThanAPassword #InfosecTraining
    #DiceWare #Encryption #Passwords
    #PasswordManagers #PublicWiFi #VPN
    #EFF #ElectronicFrontierFoundation

    #infosec #cybersecurity #becybersmart #morethanapassword #infosectraining #diceware
  21. Christina Lekati @[email protected] ยท

    It appears that the ALPHV ransomware group is behind MGM Resorts' cyberattack on Monday. The way they reportedly gained initial access is by looking into the MGM employees on LinkedIn, picking one, and then calling the Help Desk.

    The ALPHV group is said to be "extremely skilled at social engineering".

    Yet finding information on an organization's employees on LinkedIn & and then using it in a vishing attack, often impersonating that individual, is a frequent and rather standard practice in #vishing attacks.

    I have seen first-hand that there is a need to improve in a few areas:

    ๐Ÿ”น Few organizations are prepared to handle phone-based social engineering. Most companies focus almost entirely on #phishing attack simulations.
    That allows blind spots and a lack of processes/preparedness in too many other areas like vishing, social media and SMS-based attacks among other things.

    ๐Ÿ”น Having a proper identity verification process in place and training your employees to stick with it often mitigates a lot of vishing/impersonation attacks.
    Yet in most cases, there is either a lack of verification process or the employees are not aware of it (they sometimes get trained on it once during onboarding, and then forget all about it).

    ๐Ÿ”น Understanding that social engineering is not limited to email attacks. It is a serious threat, and it requires working on a comprehensive social engineering prevention protocol.

    We are still waiting for more information on the exact methodology. But it won't be the last time we hear of a similar attack scenario.

    News Reporting:

    cybernews.com/security/mgm-cyb

    #socialengineering #cybersecuritytraining #cybersecurity #cyberattack #cybernews #infosec #infosectraining #ransomeware

    #vishing #phishing #socialengineering #cybersecuritytraining #cybersecurity #cyberattack
  22. Anthony Collette :donor: / Loistava @[email protected] ยท

    Debunking Cybersecurity Myths

    Cybersecurity expert Eva Galperin โ€” @evacide โ€” helps debunk some common myths about cybersecurity.

    โ˜‘๏ธโ€‹ Is the government watching you through your computer camera?

    โ˜‘๏ธโ€‹ Does Google read all your Gmail?

    โ˜‘๏ธโ€‹ Does a strong password protect you from hackers?

    โ˜‘๏ธโ€‹ Will encryption keep my data safe?

    โ˜‘๏ธโ€‹ Are all hackers bad people?

    Eva answers all these questions and much more using clear language that's easy to understand.

    Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation โ€” @eff

    Rather read than listen? A helpful transcript is available.

    wired.com/video/watch/expert-d

    #Infosec #Cybersecurity #BeCyberSmart
    #MoreThanAPassword #InfosecTraining
    #DiceWare #Encryption #Passwords
    #PasswordManagers #PublicWiFi #VPN
    #EFF #ElectronicFrontierFoundation

    #infosec #cybersecurity #becybersmart #morethanapassword #infosectraining #diceware
  23. Anthony Collette :donor: / Loistava @[email protected] ยท

    You clicked on what?

    Check out this piece of conference swag.

    An infosec vendor gave out these T-shirts at a conference last year.

    Initially this shirt made me laugh, but just wondering if we should try not to make fun of โ€œthe stoopid usersโ€ so much.

    Are "people" really the weakest link in the cybersecurity chain?

    Lance Spitzner prefers the phrase:

    "People are the primary attack vector."

    This subtle change in messaging reframes the conversation, and moves the blame away from the user.

    He encourages all of us to stop *blaming* others and figure out how to *enable* instead.

    "After all, how many operating systems do you know of that self-report when they've been hacked?"

    Just wondering if there are other ways to shift the convo when we engage with ordinary consumers / end users without talking down or making them feel โ€œless thanโ€ for their lack of technical skillz?

    Cybersecurity savvy *isn't* evenly distributed in the general public. Lots of folks are living below the cybersecurity poverty line, and don't even know it.

    #Infosec
    #Cybersecurity
    #BeCyberSmart
    #InfosecTraining

    Lance Spitzner is a board member of the National Cybersecurity Alliance and Director, SANS Security Awareness.

    #infosec #cybersecurity #becybersmart #infosectraining
  24. Anthony Collette :donor: / Loistava @[email protected] ยท

    You clicked on what?

    Check out this piece of conference swag.

    An infosec vendor gave out these T-shirts at a conference last year.

    Initially this shirt made me laugh, but just wondering if we should try not to make fun of โ€œthe stoopid usersโ€ so much.

    Are "people" really the weakest link in the cybersecurity chain?

    Lance Spitzner prefers the phrase:

    "People are the primary attack vector."

    This subtle change in messaging reframes the conversation, and moves the blame away from the user.

    He encourages all of us to stop *blaming* others and figure out how to *enable* instead.

    "After all, how many operating systems do you know of that self-report when they've been hacked?"

    Just wondering if there are other ways to shift the convo when we engage with ordinary consumers / end users without talking down or making them feel โ€œless thanโ€ for their lack of technical skillz?

    Cybersecurity savvy *isn't* evenly distributed in the general public. Lots of folks are living below the cybersecurity poverty line, and don't even know it.

    #Infosec
    #Cybersecurity
    #BeCyberSmart
    #InfosecTraining

    Lance Spitzner is a board member of the National Cybersecurity Alliance.

    #infosec #cybersecurity #becybersmart #infosectraining
  25. Anthony Collette :donor: / Loistava @[email protected] ยท

    And the answer to the poll is . . . 1882!

    Yup, itโ€™s true. Asking someone to disclose their โ€œmotherโ€™s maiden nameโ€ as a security technique was first publicly described in 1882.

    Thatโ€™s the year Sacramento, CA banker โ€” Frank Miller โ€” published his book titled "Telegraphic Code: To Insure Privacy and Secrecy In The Transmission Of Telegrams."

    This was the same book which described the first concept and implementation of the One-Time Pad.

    Frank and his fellow banker buddies conducted high finance over the Internet of their day, the Telegraph, which was considered by many to be completely insecure; about as private as sending a postcard.

    How did you transfer loads of your employerโ€™s money securely over an insecure means of communication?

    You used a telegraphic code book and combined it with other layers of security. Big $$$$s were involved, and no one wanted โ€” then or now โ€” to be the one who screwed up a transaction.

    So โ€œmotherโ€™s maiden nameโ€ became one of the layers of security used in money transfers.

    As they said on Battlestar Galactica: โ€œAll this has happened before, and all this will happen again.โ€

    Interesting how things seem to repeat over and over.

    Thanks to everyone who voted in the Poll!

    #Infosec
    #Cybersecurity
    #MothersMaidenName
    #InfosecTraining
    #OneTimePad

    #infosec #cybersecurity #mothersmaidenname #infosectraining #onetimepad
  26. Anthony Collette :donor: / Loistava @[email protected] ยท

    Debunking Cybersecurity Myths

    Cybersecurity expert Eva Galperin -- @evacide -- helps debunk some common myths about cybersecurity.

    โ˜‘๏ธโ€‹ Is the government watching you through your computer camera?

    โ˜‘๏ธโ€‹ Does Google read all your Gmail?

    โ˜‘๏ธโ€‹ Does a strong password protect you from hackers?

    โ˜‘๏ธโ€‹ Will encryption keep my data safe?

    โ˜‘๏ธโ€‹ Are all hackers bad people?

    Eva answers all these questions and much more using clear language that's easy to understand.

    Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation -- @eff

    Rather read than listen? A helpful transcript is available.

    wired.com/video/watch/expert-d

    #Infosec #Cybersecurity #BeCyberSmart
    #MoreThanAPassword #InfosecTraining
    #DiceWare #Encryption #Passwords
    #PasswordManagers #PublicWiFi #VPN
    #EFF #ElectronicFrontierFoundation

    #infosec #cybersecurity #becybersmart #morethanapassword #infosectraining #diceware
  27. Anthony Collette :donor: / Loistava @[email protected] ยท

    Motherโ€™s Maiden Name?

    This was one of the most common security questions. Thankfully we donโ€™t encounter these as often as we used to.

    But for at least two decades, during online account setup, sites frequently asked us to enter our motherโ€™s maiden name as a way of identifying ourselves.

    Take a guess!

    When do you think asking for this tidbit of personal info (as a security technique) was first publicly described?

    #Infosec
    #Cybersecurity
    #MothersMaidenName
    #InfosecTraining

    #infosec #cybersecurity #mothersmaidenname #infosectraining
  28. Anthony Collette :donor: / Loistava @[email protected] ยท

    You clicked on what?

    Check out this piece of conference swag.

    An infosec vendor gave out these T-shirts at a conference last year.

    Initially this shirt made me laugh, but just wondering if we should try not to make fun of โ€œthe stoopid usersโ€ so much.

    Are "people" really the weakest link in the cybersecurity chain?

    Lance Spitzner prefers the phrase:

    "People are the primary attack vector."

    This subtle change in messaging reframes the conversation, and moves the blame away from the user.

    He encourages all of us to stop *blaming* others and figure out how to *enable* instead.

    "After all, how many operating systems do you know of that self-report when they've been hacked?"

    Just wondering if there are other ways to shift the convo when we engage with ordinary consumers / end users without talking down or making them feel โ€œless thanโ€ for their lack of technical skillz?

    Cybersecurity savvy *isn't* evenly distributed in the general public. Lots of folks are living below the cybersecurity poverty line, and don't even know it.

    #Infosec
    #Cybersecurity
    #BeCyberSmart
    #InfosecTraining

    Lance Spitzner is a board member of the National Cybersecurity Alliance.

    #infosec #cybersecurity #becybersmart #infosectraining
  29. Anthony Collette :donor: / Loistava @[email protected] ยท

    Debunking Cybersecurity Myths

    Cybersecurity expert Eva Galperin -- @evacide -- helps debunk some common myths about cybersecurity.

    โ˜‘๏ธโ€‹ Is the government watching you through your computer camera?

    โ˜‘๏ธโ€‹ Does Google read all your Gmail?

    โ˜‘๏ธโ€‹ Does a strong password protect you from hackers?

    โ˜‘๏ธโ€‹ Will encryption keep my data safe?

    โ˜‘๏ธโ€‹ Are all hackers bad people?

    Eva answers all these questions and much more using clear language that's easy to understand.

    Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation -- @eff

    Rather read than listen? A helpful transcript is available.

    wired.com/video/watch/expert-d

    #Infosec #Cybersecurity #BeCyberSmart
    #MoreThanAPassword #InfosecTraining
    #DiceWare #Encryption #Passwords
    #PasswordManagers #PublicWiFi #VPN
    #EFF #ElectronicFrontierFoundation

    #infosec #cybersecurity #becybersmart #morethanapassword #infosectraining #diceware
  30. Anthony Collette :donor: / Loistava @[email protected] ยท

    And the answer to the poll is . . . 1882!

    Yup, itโ€™s true. Asking someone to disclose their โ€œmotherโ€™s maiden nameโ€ as a security technique was first publicly described in 1882.

    Thatโ€™s the year Sacramento, CA banker โ€” Frank Miller โ€” published his book titled "Telegraphic Code: To Insure Privacy and Secrecy In The Transmission Of Telegrams."

    This was the same book which described the first concept and implementation of the One-Time Pad.

    Frank and his fellow banker buddies conducted high finance over the Internet of their day, the Telegraph, which was considered by many to be completely insecure; about as private as sending a postcard.

    How did you transfer loads of your employerโ€™s money securely over an insecure means of communication?

    You used a telegraphic code book and combined it with other layers of security. Big $$$$s were involved, and no one wanted โ€” then or now โ€” to be the one who screwed up a transaction.

    So โ€œmotherโ€™s maiden nameโ€ became one of the layers of security used in money transfers.

    As they said on Battlestar Galactica: โ€œAll this has happened before, and all this will happen again.โ€

    Interesting how things seem to repeat over and over.

    Thanks to everyone who voted in the Poll!

    #Infosec
    #Cybersecurity
    #MothersMaidenName
    #InfosecTraining
    #OneTimePad

    #infosec #cybersecurity #mothersmaidenname #infosectraining #onetimepad
  31. Anthony Collette :donor: / Loistava @[email protected] ยท

    Motherโ€™s Maiden Name?

    This was one of the most common security questions. Thankfully we donโ€™t encounter these as often as we used to.

    But for at least two decades, during online account setup, sites frequently asked us to enter our motherโ€™s maiden name as a way of identifying ourselves.

    Take a guess!

    When do you think asking for this tidbit of personal info (as a security technique) was first publicly described?

    #Infosec
    #Cybersecurity
    #MothersMaidenName
    #InfosecTraining

    #infosec #cybersecurity #mothersmaidenname #infosectraining
  32. Anthony Collette :donor: / Loistava @[email protected] ยท

    You clicked on what?

    Check out this piece of conference swag.

    An infosec vendor gave out these T-shirts at a conference last year.

    Initially this shirt made me laugh, but just wondering if we should try not to make fun of โ€œthe stoopid usersโ€ so much.

    Are "people" really the weakest link in the cybersecurity chain?

    Lance Spitzner prefers the phrase:

    "People are the primary attack vector."

    This subtle change in messaging reframes the conversation, and moves the blame away from the user.

    He encourages all of us to stop *blaming* others and figure out how to *enable* instead.

    "After all, how many operating systems do you know of that self-report when they've been hacked?"

    Just wondering if there are other ways to shift the convo when we engage with ordinary consumers / end users without talking down or making them feel โ€œless thanโ€ for their lack of technical skillz?

    Cybersecurity savvy *isn't* evenly distributed in the general public. Lots of folks are living below the cybersecurity poverty line, and don't even know it.

    #Infosec
    #Cybersecurity
    #BeCyberSmart
    #InfosecTraining

    Lance Spitzner is a board member of the National Cybersecurity Alliance.

    #infosec #cybersecurity #becybersmart #infosectraining
  33. Anthony Collette :donor: / Loistava @[email protected] ยท

    Which Password Manager Is Better?
    Standalone or Built-In?

    Tavis Ormandy Sounds Off

    Should ordinary folks use a separate, standalone Password Manager, or the Password Manager built into their browser?

    Tavis Ormandy is an Information Security Engineer from England currently employed by Google as a member of their Project Zero team.

    After discussing various technical problems with password managers, and after downplaying the need for "nuance," Tavis says:

    "If you want to use an online password manager, I would recommend using the one already built into your browser. They provide the same functionality, and can sidestep these fundamental problems with extensions.

    I use Chrome, but the other major browsers like Edge or Firefox are fine too. They can isolate their trusted UI (user interface) from websites, they donโ€™t break the sandbox security model, they have world-class security teams, and they couldnโ€™t be easier to use."

    Tavis also recommends writing down and securely storing passwords.

    Thinking about what would work best for most people, where do you think this advice lands?

    Good idea, bad idea, or somewhere in between?

    #Infosec
    #Cybersecurity
    #BeCyberSmart
    #MoreThanAPassword
    #InfosecTraining
    #Passwords
    #PasswordManagers

    lock.cmpxchg8b.com/passmgrs.ht

    #infosec #cybersecurity #becybersmart #morethanapassword #infosectraining #passwords
  34. Anthony Collette :donor: / Loistava @[email protected] ยท

    Debunking Cybersecurity Myths

    Cybersecurity expert Eva Galperin -- @evacide -- helps debunk (and confirm!) some common myths about cybersecurity.

    โ˜‘๏ธโ€‹ Is the government watching you through your computer camera?

    โ˜‘๏ธโ€‹ Does Google read all your Gmail?

    โ˜‘๏ธโ€‹ Does a strong password protect you from hackers?

    โ˜‘๏ธโ€‹ Will encryption keep my data safe?

    โ˜‘๏ธโ€‹ Are all hackers bad people?

    Eva answers all these questions and much more using clear language that's easy to understand.

    Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation -- @eff

    A helpful transcript is available.

    wired.com/video/watch/expert-d

    #Infosec #Cybersecurity #BeCyberSmart
    #MoreThanAPassword #InfosecTraining
    #DiceWare #Encryption #Passwords
    #PasswordManagers #PublicWiFi #VPN
    #EFF #ElectronicFrontierFoundation

    :boost_ok:โ€‹ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.

    :mastodon: โ€‹Here on Mastodon, boosting doesnโ€™t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (โ€œtootโ€) without the platform interfering.

    #infosec #cybersecurity #becybersmart #morethanapassword #infosectraining #diceware
  35. Anthony Collette :donor: / Loistava @[email protected] ยท

    And the answer to the poll is . . . 1882!

    Yup, itโ€™s true. Asking someone to disclose their โ€œmotherโ€™s maiden nameโ€ as a security technique was first publicly described in 1882.

    Thatโ€™s the year Sacramento, CA banker โ€” Frank Miller โ€” published his book titled "Telegraphic Code: To Insure Privacy and Secrecy In The Transmission Of Telegrams."

    This was the same book which described the first concept and implementation of the One-Time Pad.

    Frank and his fellow banker buddies conducted high finance over the Internet of their day, the Telegraph, which was considered by many to be completely insecure; about as private as sending a postcard.

    How did you transfer loads of your employerโ€™s money securely over an insecure means of communication?

    You used a telegraphic code book and combined it with other layers of security. Big $$$$s were involved, and no one wanted โ€” then or now โ€” to be the one who screwed up a transaction.

    So โ€œmotherโ€™s maiden nameโ€ became one of the layers of security used in money transfers.

    As they said on Battlestar Galactica: โ€œAll this has happened before, and all this will happen again.โ€

    Interesting how things seem to repeat over and over.

    #Infosec
    #Cybersecurity
    #MothersMaidenName
    #InfosecTraining
    #OneTimePad

    #infosec #cybersecurity #mothersmaidenname #infosectraining #onetimepad
  36. Anthony Collette :donor: / Loistava @[email protected] ยท

    Motherโ€™s Maiden Name?

    This was one of the most common security questions. Thankfully we donโ€™t encounter these as often as we used to.

    But for at least two decades, during online account setup, sites frequently asked us to enter our motherโ€™s maiden name as a way of identifying ourselves.

    Take a guess!

    When do you think asking for this tidbit of personal info (as a security technique) was first publicly described?

    #Infosec
    #Cybersecurity
    #MothersMaidenName
    #InfosecTraining

    :boost_ok:โ€‹ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.

    :mastodon: โ€‹Here on Mastodon, boosting doesnโ€™t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (โ€œtootโ€) without the platform interfering.

    #infosec #cybersecurity #mothersmaidenname #infosectraining
  37. Anthony Collette :donor: / Loistava @[email protected] ยท

    โ€œCatchingโ€ People Doing The Right Thing

    What if we put some effort into incentivizing security behaviors in an overt way?

    In some situations, could the work of infosec leadership be more about reinforcing positive behavior than correcting behavior that falls short?

    Is that even possible to do in a way that doesnโ€™t seem like intrusive surveillance, or feels creepy?

    Some years ago business writers explored the concept of incentivizing behaviors through โ€œcatchingโ€ employees doing the right thing.

    One writer suggested:
    โ˜‘๏ธโ€‹ Brainstorming the behaviors the organization wants to see more of.
    โ˜‘๏ธโ€‹ Writing the specific behaviors down on pieces of paper.
    โ˜‘๏ธโ€‹ Putting them all into a bowl or hat.
    โ˜‘๏ธโ€‹ Pulling one behavior out of the bowl/hat once each day.

    During the day, business managers would look for employees doing the โ€œright thing,โ€ and make a point of calling out their good behavior.

    Is there some way to do this with typical consumers that would move the needle in the right direction?

    Perhaps at the point of signing in to a website, we could celebrate with users their strong password, or their use of MFA to log in, or . . . any other security behavior we want to encourage?

    Is it possible to do this in a way that doesnโ€™t feel like theyโ€™re being watched too closely?

    This article from Harvard Business Review details putting these concepts to work at a large bank using stickers, and a Canadian law enforcement organization issuing โ€œpositive tickets.โ€

    hbr.org/2012/10/catch-people-i

    Just sitting here wondering if thereโ€™s a way to incorporate this into helping ordinary consumers become more safe online.

    Have you noticed anything along these lines that worked well? Or that failed?

    #Infosec
    #Cybersecurity
    #BeCyberSmart
    #InfosecTraining

    :boost_ok:โ€‹ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.

    :mastodon: โ€‹Here on Mastodon, boosting doesnโ€™t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (โ€œtootโ€) without the platform interfering.

    #infosec #cybersecurity #becybersmart #infosectraining