#securityculture — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #securityculture, aggregated by home.social.
-
Impact vs Intent
Just because a pattern looks suspicious
doesn't mean someone meant it that way.
People under stress act weird.
People under threat act inconsistent.
People under pressure make mistakes.
People in danger look "guilty."
Before you assign intent, separate the two signals:
— Impact (what happened)
— Intent (why it happened)
Treat them as different questions.
Because sometimes the person acting "off"
isn't the threat —
they're the one under threat.
#purpleteam #SecurityCulture -
No to Big Tech 🖕
Delete je Whatsapp. Het is SEXY!#anticommercieleactiebeweging #bigtech #signal #fediverse #acab #techwerkers #securityculture
-
@kkarhan @GrapheneOS @tails_live @torproject @signalapp
"GrapheneOS chose their requirements and they can happily design their own platform instead."
There's no need to reinvent the wheel. AOSP is a secure, open-source platform that has been around for almost 20 years. I don't want to debate rumors that Google wants to make AOSP proprietary because there is no evidence to support this, especially since it would not benefit them in any way.
"I just think that their stubbornness"
It's not stubborness and I explained why.
"They are the antithesis to #Tails when it comes to #UserFriendly-ness and approachability for #Normies and #TechIlliterates
It's probably the first time I've seen “Tails” and “Normie” in the same sentence, It's not that Tails is difficult to use, but I'm really not sure that many “normies” use it or even know it exists. The user experience on GrapheneOS is almost identical to Pixel OS, the standard operating system for Google Pixel devices, so using GrapheneOS is likely to seem much simpler and familiar to normies, as they will already be used to it.
"Espechally since the problems woth #MobilePhones and the underlying technology ain't fixable with an #AndroidROM
GrapheneOS is not a ROM, Pixel OS is not a ROM, and LineageOS is not a ROM either, theses operating systems are not ROMs.
"Instead we need to foster a #SecurityCulture and proper #ITsec, #InfoSec, #OpSec & #comsec
Indeed, and what GrapheneOS does about security is completely appropriate, including informing people and giving them good advice.
"Otherwise we'll see them fail the same way @signalapp did, which is eitger getting shut down (#EncroChat-style) or being uncovered as a controlled opposition / honeypot (like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield)…"
Signal did not fail, and mentioning Encrochat, ANON, and honeypots in the same sentence is irrelevant. These things have absolutely nothing in common with Signal, you seem to be believing made-up stories.
-
@kkarhan @GrapheneOS @tails_live @torproject @signalapp
"GrapheneOS chose their requirements and they can happily design their own platform instead."
There's no need to reinvent the wheel. AOSP is a secure, open-source platform that has been around for almost 20 years. I don't want to debate rumors that Google wants to make AOSP proprietary because there is no evidence to support this, especially since it would not benefit them in any way.
"I just think that their stubbornness"
It's not stubborness and I explained why.
"They are the antithesis to #Tails when it comes to #UserFriendly-ness and approachability for #Normies and #TechIlliterates
It's probably the first time I've seen “Tails” and “Normie” in the same sentence, It's not that Tails is difficult to use, but I'm really not sure that many “normies” use it or even know it exists. The user experience on GrapheneOS is almost identical to Pixel OS, the standard operating system for Google Pixel devices, so using GrapheneOS is likely to seem much simpler and familiar to normies, as they will already be used to it.
"Espechally since the problems woth #MobilePhones and the underlying technology ain't fixable with an #AndroidROM
GrapheneOS is not a ROM, Pixel OS is not a ROM, and LineageOS is not a ROM either, theses operating systems are not ROMs.
"Instead we need to foster a #SecurityCulture and proper #ITsec, #InfoSec, #OpSec & #comsec
Indeed, and what GrapheneOS does about security is completely appropriate, including informing people and giving them good advice.
"Otherwise we'll see them fail the same way @signalapp did, which is eitger getting shut down (#EncroChat-style) or being uncovered as a controlled opposition / honeypot (like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield)…"
Signal did not fail, and mentioning Encrochat, ANON, and honeypots in the same sentence is irrelevant. These things have absolutely nothing in common with Signal, you seem to be believing made-up stories.
-
@kkarhan @GrapheneOS @tails_live @torproject @signalapp
"GrapheneOS chose their requirements and they can happily design their own platform instead."
There's no need to reinvent the wheel. AOSP is a secure, open-source platform that has been around for almost 20 years. I don't want to debate rumors that Google wants to make AOSP proprietary because there is no evidence to support this, especially since it would not benefit them in any way.
"I just think that their stubbornness"
It's not stubborness and I explained why.
"They are the antithesis to #Tails when it comes to #UserFriendly-ness and approachability for #Normies and #TechIlliterates
It's probably the first time I've seen “Tails” and “Normie” in the same sentence, It's not that Tails is difficult to use, but I'm really not sure that many “normies” use it or even know it exists. The user experience on GrapheneOS is almost identical to Pixel OS, the standard operating system for Google Pixel devices, so using GrapheneOS is likely to seem much simpler and familiar to normies, as they will already be used to it.
"Espechally since the problems woth #MobilePhones and the underlying technology ain't fixable with an #AndroidROM
GrapheneOS is not a ROM, Pixel OS is not a ROM, and LineageOS is not a ROM either, theses operating systems are not ROMs.
"Instead we need to foster a #SecurityCulture and proper #ITsec, #InfoSec, #OpSec & #comsec
Indeed, and what GrapheneOS does about security is completely appropriate, including informing people and giving them good advice.
"Otherwise we'll see them fail the same way @signalapp did, which is eitger getting shut down (#EncroChat-style) or being uncovered as a controlled opposition / honeypot (like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield)…"
Signal did not fail, and mentioning Encrochat, ANON, and honeypots in the same sentence is irrelevant. These things have absolutely nothing in common with Signal, you seem to be believing made-up stories.
-
@kkarhan @GrapheneOS @tails_live @torproject @signalapp
"GrapheneOS chose their requirements and they can happily design their own platform instead."
There's no need to reinvent the wheel. AOSP is a secure, open-source platform that has been around for almost 20 years. I don't want to debate rumors that Google wants to make AOSP proprietary because there is no evidence to support this, especially since it would not benefit them in any way.
"I just think that their stubbornness"
It's not stubborness and I explained why.
"They are the antithesis to #Tails when it comes to #UserFriendly-ness and approachability for #Normies and #TechIlliterates
It's probably the first time I've seen “Tails” and “Normie” in the same sentence, It's not that Tails is difficult to use, but I'm really not sure that many “normies” use it or even know it exists. The user experience on GrapheneOS is almost identical to Pixel OS, the standard operating system for Google Pixel devices, so using GrapheneOS is likely to seem much simpler and familiar to normies, as they will already be used to it.
"Espechally since the problems woth #MobilePhones and the underlying technology ain't fixable with an #AndroidROM
GrapheneOS is not a ROM, Pixel OS is not a ROM, and LineageOS is not a ROM either, theses operating systems are not ROMs.
"Instead we need to foster a #SecurityCulture and proper #ITsec, #InfoSec, #OpSec & #comsec
Indeed, and what GrapheneOS does about security is completely appropriate, including informing people and giving them good advice.
"Otherwise we'll see them fail the same way @signalapp did, which is eitger getting shut down (#EncroChat-style) or being uncovered as a controlled opposition / honeypot (like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield)…"
Signal did not fail, and mentioning Encrochat, ANON, and honeypots in the same sentence is irrelevant. These things have absolutely nothing in common with Signal, you seem to be believing made-up stories.
-
I’ve met a few organization says they want (or have) a strong security culture… until security shows up to the meeting.
#Leadership #SecurityCulture #CISOlife -
I’ve met a few organization says they want (or have) a strong security culture… until security shows up to the meeting.
#Leadership #SecurityCulture #CISOlife -
#MutualDefense #Solidarity #NoKings #Antifa #Anarchist #Socialist
#CommunityDefense #ICEProtests #Portland #KristiNoem #Trump #Authoritarianism
#Resist #Disrupt #DirectAction #DefundThePolice #JuryNullification
#SecurityCulture #SnatchSquadsWhat's happening right now with the request from Kristi Noem according to Donald Trump to use full force on protesters demonstrating in front of ICE facilities only goes to show how very real the state's insatiable need for blood is.
The state drops its need for war, like a dead mouse on every country's doorstep, even our own, in order to satiate this thirst. This is America, this is what our country has always been. As disgusting as what's happening now is, it is not new.
We sit weeks, days, hours, if not moments away from watching our allies being slaughtered in our own towns by the very forces "intended" to keep them safe from horrors like this. This is not a drill and it is not hyperbole. The rhetoric has been tested, the laws are being preemptively written to criminalize dissent, and the paramilitary forces are being ideologically vetted for their willingness to pull the trigger on their fellow citizens. The call for "full force" is a deliberate and calculated signal, a green light for the kind of violence we have seen deployed against Black and brown communities for generations to now be officially sanctioned against anyone who stands in the way of the state's agenda.
This moment demands that we look directly at the machinery of repression and understand its components. It is the police in tactical gear, but it is also the legislators writing the "anti-riot" laws that equate to crushing resistance with claims of terrorism. It is the governor calling for violence, but it is also the media apparatus that will frame any resistance as unprovoked aggression. It is the orange goblin king baying for blood, but it is also the silent complicity of a political class that has already conceded to fascism for a taste of power. They are not hiding their intentions anymore. They are telling us, in plain language, that they view our assemblies, our solidarity, our cries for justice as existential threats to be crushed without mercy.
This is why our old models of resistance are insufficient. Marching with permits, appealing to the conscience of politicians who have none, relying on the very systems designed to pacify us these are luxuries from a bygone era that is crumbling before our eyes. The state has declared its hand. It does not seek to manage us it seeks to eliminate us. The labels they use, like "domestic terrorist," are not descriptions they are death warrants. They are intended to isolate, to criminalize, and to justify the coming violence in the eyes of a populace conditioned to fear the word "terrorist" more than they fear the death of their neighbors.
Therefore, our only logical and moral response must be the rapid, deliberate, and organized construction of networks of mutual defense. This is not a call for reckless violence it is a call for profound, community based solidarity. It is a recognition that when the state vows to use full force, our survival depends on our ability to have each other's backs without question or hesitation. Anarchists, socialists, abolitionists, community organizers, medics, legal observers, and every person who sees the nightmare on the horizon must now begin the serious work of forming pacts of protection.
These pacts are not abstract. They are built on concrete actions. They mean establishing clear and secure communication channels now, before the phones are shut down or the networks are monitored. They mean training together in de-escalation, first aid, and legal rights, so that when a protest is kettled or raided, we have medics who can treat gunshot wounds and legal teams who can track the arrested. They mean creating rapid response networks that can alert entire cities when a demonstration is under attack, mobilizing observers and support at a moment's notice. They mean setting up community defense patrols that can monitor police movements and protect vulnerable neighborhoods from targeted incursions.
Crucially, this extends to material support. It means building community bail funds that are robust and readily accessible, so no one sits in a cage because they cannot pay for their freedom. It means creating safe houses and escape routes for those who are targeted for arrest or worse. It means sharing resources, from food and water to protective gear, ensuring that no one is left exposed because of poverty. This is the practical meaning of solidarity it is the commitment to ensure that the risks we take are shared and the burdens we carry are collective.
The goal of this mutual defense is not to win a street battle with the police. The goal is to make their intended violence as difficult, costly, and visible as possible. The goal is to ensure that when they move against one of us, they find a hundred of us, standing together, documenting, resisting, and refusing to be scattered. It is to transform their easy targets into unbreakable formations of community resilience. We must make their bloodlust so public, so messy, and so morally repugnant that it shatters the illusion of their authority.
History has shown us that the state's appetite for violence is only checked when it meets organized, unyielding resistance. They rely on our fear, our isolation, our disorganization. Our task is to weaponize our solidarity. Let the calls for "full force" from the Kristi Noems and Donald Trumps of the world serve as our final wake up call. The time for vague solidarity is over. The time for specific, actionable, and sworn pacts of mutual defense is now. Find your people. Make your plans. Swear your oaths. Let them know that if they come for one, they come for us all, and we will not make it easy for them. Our communities are not their hunting grounds. We will become ungovernable not through chaos, but through an ironclad commitment to protecting one another from the storm they are so desperate to unleash.
-
Geopolitics Shapes Security Budgets in Financial Services https://www.byteseu.com/1386268/ #CyberResilience #cybersecurity #EconomicPressures #FinancialServices #Geopolitics #Governance #Inflation #LondonFinancialServicesSummit2025 #Regulation #RiskManagement #RoyalUnitedServicesInstitute #RUSI #SecurityCulture #TradeWars #WilliamDixon
-
We talk about zero trust.
MFA.
Segmentation.
Defense in depth.But we don’t talk enough about belonging.
#Cybersecurity #HumanRisk #Leadership #SecurityCulture #Loneliness #DigitalTrust #EmotionalSecurity #InsiderThreat #LimitlessCyber
-
From scanning ports to structuring security programs that meet real-world demands, this book helps practitioners level up from technical know-how to strategic capability.
It bridges foundational knowledge with practical security leadership. Designed for those who build, defend, and explain security every day
https://nostarch.com/foundationsinfosec
#infosec #cybersecurity #securityengineering #nmap #SOC2 #compliance #devops #securityculture
-
Security lives in culture—not silos. What’s your take? Share it below. #SecurityCulture #CyberAwareness #CrossDepartment #SecurityMindset #EnterpriseSecurity #TeamSecurity #DigitalTrust #EveryClickCounts #CyberHabits #CyberLeadership #ExecBuyIn #LeadByExample #SimpleSecurity #DataDrivenSecurity #CultureShift #LongTermThinking
https://medium.com/@sanjay.mohindroo66/security-isnt-a-department-it-s-a-promise-de1ae5847cc2 -
Security lives in culture—not silos. What’s your take? Share it below. #SecurityCulture #CyberAwareness #CrossDepartment #SecurityMindset #EnterpriseSecurity #TeamSecurity #DigitalTrust #EveryClickCounts #CyberHabits #CyberLeadership #ExecBuyIn #LeadByExample #SimpleSecurity #DataDrivenSecurity #CultureShift #LongTermThinking
https://medium.com/@sanjay.mohindroo66/security-isnt-a-department-it-s-a-promise-de1ae5847cc2 -
Building a strong security culture is key to IT success. Join the discussion on strategies and real-life lessons to protect your business. Share your insights! #SecurityCulture #CyberSecurity #DigitalTransformationLeadership #ITRiskManagement #EmployeeTraining #SecurityAwareness #TechDebate #SecurityInnovation
https://medium.com/@sanjay.mohindroo66/building-a-strong-security-culture-within-your-organization-ded57d231b45 -
Introduction Continue reading on Medium ». Decode the forgotten timelines.
#Technology #SecurityCulture #Consciousness #AncientKnowledge
-
Building a strong security culture is key to IT success. Join the discussion on strategies and real-life lessons to protect your business. Share your insights! #SecurityCulture #CyberSecurity #DigitalTransformationLeadership #ITRiskManagement #EmployeeTraining #SecurityAwareness #TechDebate #SecurityInnovation
https://medium.com/@sanjay.mohindroo66/building-a-strong-security-culture-within-your-organization-ded57d231b45 -
Why Only Phishing Simulations Are Not Enough – Source: securityboulevard.com https://ciso2ciso.com/why-only-phishing-simulations-are-not-enough-source-securityboulevard-com/ #phishingawarenesstraining #PhishingSimulationPlaform #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityTrainingROI #PhishingStatistics #ThreatIntelligence #AwarenessTraining #CyberSecurityNews #SecurityBoulevard #Threats&Breaches #Risk&Compliance #SecurityCulture #securitymetrics #cyberattacks #Compliance #DevOps
-
Why Only Phishing Simulations Are Not Enough – Source: securityboulevard.com https://ciso2ciso.com/why-only-phishing-simulations-are-not-enough-source-securityboulevard-com/ #phishingawarenesstraining #PhishingSimulationPlaform #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityTrainingROI #PhishingStatistics #ThreatIntelligence #AwarenessTraining #CyberSecurityNews #SecurityBoulevard #Threats&Breaches #Risk&Compliance #SecurityCulture #securitymetrics #cyberattacks #Compliance #DevOps
-
Why Only Phishing Simulations Are Not Enough – Source: securityboulevard.com https://ciso2ciso.com/why-only-phishing-simulations-are-not-enough-source-securityboulevard-com/ #phishingawarenesstraining #PhishingSimulationPlaform #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityTrainingROI #PhishingStatistics #ThreatIntelligence #AwarenessTraining #CyberSecurityNews #SecurityBoulevard #Threats&Breaches #Risk&Compliance #SecurityCulture #securitymetrics #cyberattacks #Compliance #DevOps
-
Why Only Phishing Simulations Are Not Enough – Source: securityboulevard.com https://ciso2ciso.com/why-only-phishing-simulations-are-not-enough-source-securityboulevard-com/ #phishingawarenesstraining #PhishingSimulationPlaform #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityTrainingROI #PhishingStatistics #ThreatIntelligence #AwarenessTraining #CyberSecurityNews #SecurityBoulevard #Threats&Breaches #Risk&Compliance #SecurityCulture #securitymetrics #cyberattacks #Compliance #DevOps
-
How Slashing the SAT Budget Is Appreciated By Hackers – Source: securityboulevard.com https://ciso2ciso.com/how-slashing-the-sat-budget-is-appreciated-by-hackers-source-securityboulevard-com/ #TheComprehensiveGuidetoFraudDetection #phishingawarenesstraining #rssfeedpostgeneratorecho #SecurityBloggersNetwork #SecurityTrainingROI #AwarenessTraining #CyberSecurityNews #SecurityBoulevard #Threats&Breaches #Risk&Compliance #SecurityCulture #cyberattacks #andAnalysis #Compliance #Governance #DevOps
-
#TheFinalStrawRadio 12 Jan 2025
-
We believe there’s often a communication gap between security teams and the rest of the company. Crowdalert’s quick, automated Slack prompts connect analysts with employees when an alert is raised—bringing more people into the “circle of trust.” It’s a simple way to build better, cross-functional relationships and a stronger company as a whole. #CyberSecurity #SecurityCulture #Crowdalert #Slack
-
We believe there’s often a communication gap between security teams and the rest of the company. Crowdalert’s quick, automated Slack prompts connect analysts with employees when an alert is raised—bringing more people into the “circle of trust.” It’s a simple way to build better, cross-functional relationships and a stronger company as a whole. #CyberSecurity #SecurityCulture #Crowdalert #Slack
-
We believe there’s often a communication gap between security teams and the rest of the company. Crowdalert’s quick, automated Slack prompts connect analysts with employees when an alert is raised—bringing more people into the “circle of trust.” It’s a simple way to build better, cross-functional relationships and a stronger company as a whole. #CyberSecurity #SecurityCulture #Crowdalert #Slack
-
We believe there’s often a communication gap between security teams and the rest of the company. Crowdalert’s quick, automated Slack prompts connect analysts with employees when an alert is raised—bringing more people into the “circle of trust.” It’s a simple way to build better, cross-functional relationships and a stronger company as a whole. #CyberSecurity #SecurityCulture #Crowdalert #Slack
-
We believe there’s often a communication gap between security teams and the rest of the company. Crowdalert’s quick, automated Slack prompts connect analysts with employees when an alert is raised—bringing more people into the “circle of trust.” It’s a simple way to build better, cross-functional relationships and a stronger company as a whole. #CyberSecurity #SecurityCulture #Crowdalert #Slack
-
Strategies for security leaders: Building a positive cybersecurity culture https://www.helpnetsecurity.com/2024/08/20/cybersecurity-culture-strategies/ #InformationSecurityForum #securityculture #Expertanalysis #communication #cybersecurity #Expertcorner #Don'tmiss #Hotstuff #strategy #opinion #News #CISO
-
Small business cyber security guide: What you should prioritize & where you should spend your budget – Source: securityboulevard.com https://ciso2ciso.com/small-business-cyber-security-guide-what-you-should-prioritize-where-you-should-spend-your-budget-source-securityboulevard-com/ #rssfeedpostgeneratorecho #CreatingActiveAwareness #SecurityBloggersNetwork #CyberSecurityRisks #CyberSecurityNews #EmployeeAwareness #SecurityAwareness #SecurityBoulevard #SecurityCulture #Seednsoilposts #CISOSuite
-
Over 225 security professionals have signed up for today's bi-weekly Cyber Security Awareness Forum.
Think of these sessions as: "The Best Part of Your Security Week"
Attendees love the casual atmosphere, the panel format and the variety of perspectives from CISOs and security awareness managers.
Why not join us today at 1pm EDT, to hear what other security professionals have to say about employee-related risks "beyond phishing links"?
https://us02web.zoom.us/webinar/register/5016940050066/WN_2F_JwTZCThKBK5L3aI4dfw
#csaf #cybersecurityawarenessforum #securityawareness #securityculture #securitymanagement #riskmanagement
-
Learn what really takes up security awareness managers' time in their jobs.
Join us for today's Live Cyber Security Awareness Forum panel session on:
"A day in the life of a security awareness manager (tasks and challenges)"
We have live audience Q&A with an industry expert panel, to share insights and lessons learned about managing security awareness programs.
https://us02web.zoom.us/webinar/register/7716927883621/WN_FuV5x9lyTj-8RfHItu0cVw
#csaf #cybersecurityawarenessforum #securityculture #securitymanagement #riskmanagement
-
Said with absolutely no shade to anyone:
Our movements and organizations urgently need to improve our security culture!
An important first step: build community security and safety into EVERY event from the start, whether it's in person or virtual. Don't sleep on it!
#digisec #CommunitySafety #SecurityCulture #WeProtectUs #WeKeepUsSafe #trans #queer
-
A report by ClubCISO and Telstra Purple found that despite perceived dips in the quality of overall security posture, the majority of CISOs have observed positive security culture gains in their organizations in the last year. The report surveyed 182 members of ClubCISO, with CISOs reporting a drop... https://www.csoonline.com/article/3699119/security-culture-improving-in-businesses-despite-factors-holding-teams-back.html#tk.rss_all #securityculture #CISOs #cybersecurityresources #softcorpremium
-
🎙️ New Podcast Episode Alert! 🎙️
In this episode, we speak with Kai Roer, a leading security culture coach, and CEO of Praxis Security Labs.
Kai shares his insights on building and maintaining a healthy security culture, the biggest impediments organizations face in this process, and his career journey in cybersecurity.
He also discusses some of the biggest surprises he's encountered in working with organizations and offers advice to security awareness professionals and executives.
Tune in to learn more about Kai's vision for the future of security culture!
#SecurityCulture #CyberSecurity #PraxisSecurityLabs #SecurityAwareness #InfoSec
Listen now:
https://sharedsecurity.net/2023/05/01/building-a-healthy-security-culture-insights-from-kai-roer/Watch on YouTube:
https://youtu.be/iTc4FDNvMLkSubscribe wherever you like to get your podcasts:
https://sharedsecurity.net/subscribe#podcast #cybersecurity #infosec #securityculture #securityawareness
-
Does your carefully designed security awareness program suffer from low engagement?
Find out how to fix it in my latest blog post:
https://clickarmor.ca/2023/03/low-employee-engagement-in-your-security-training-heres-how-to-fix-it/
#employeeengagement #securityculture #securityawarenesstraining #gamification -
I’ve talked about the positive feedback cycles of a healthy security culture, but I have to stop and brag about this because my heart is bursting with rainbows and I’m tearing up a bit. :amaze:
This morning a user reached out to let me know that they look forward to reading our security emails and notices. That they are super interesting and that they are taking the stuff they learn back into the personal life.
1,000,000 simulated kb4 phishes would never have bought me this engagement. We can do better y’all.
-
It's a great day to talk about "cyber security industry statistics" in the Live Cyber Security Awareness Forum.
Join the panel discussion with live audience Q&A today at 1pm ET.
#csaf #cybersecurity #statistics #riskmanagement #securityculture
https://us02web.zoom.us/webinar/register/6116755984161/WN_J5jQ7FcETn2wNhilo4tyUQ -
Periodic #SecurityCulture reminder, this time thanks to #FTXScam crypto shenanigans:
Don't name your #signal thread after the crime you are committing on it!