CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.
Phoenix, AZ
Joined July 2009
- Tweets 8,305
- Following 139
- Followers 776
- Likes 17,402
Free ethical hacking course, but you have about 5 hours to sign up for free.
udemy.com/course/ethical-hac…
1
1
And to be clear, I also ask employees to not break the law for their own benefit. It’s a solid 10 minutes of reminding them to conduct business lawfully.
1
In my security awareness training, I cover ethics and ask employees to NOT break the law to benefit the company, then give a bunch of examples. I’ll be adding this one to to deck.
Ticketmaster to pay $10 MILLION fine for illegally accessing computer systems of a competitor in an attempt to "cut [its rival] off at the knees."
Read: thehackernews.com/2021/01/ti…
#infosec #cybersecurity #privacy #hacking #databreach
2
Best not to look at how much it costs taxpayers.
patheos.com/blogs/freethough…
1
2
Warning from the FBI about swatting attacks that also include hacking of home smart devices, which are then used to interact with the police and stream the entire event.
ic3.gov/Media/Y2020/PSA20122…
1
1
Here's a short 28-minute documentary about the time that Big Tech colluded to cheat workers out of wages. Since it happens repeatedly, you'll have to watch to know which one this is about.
vimeo.com/327830855
1
Reminds me of the anti-competitive “no poaching” agreement from 2010.
Speaking of which, this 2019 documentary looks interesting.
mercurynews.com/2019/05/24/w…
1
Even better, don’t send phishing emails at all, save that money and time for other more valuable efforts, and instead use your real phishing emails as the basis for improving your program. 3/3
1
That’s why employees hate phishing tests when they’re held accountable, it doesn’t prove anything. It’s trivial to create a highly clicked-on email, I’ve created many. Use the click-thru rate as a means to shore up controls and training. 2/3
1
Phishing tests are testing the security team’s technical controls and education; if an employee is duped, it’s the security team, not the employee, that failed. 1/3
coppercourier.com/story/goda…
1
You might address the privacy and security concerns related to requiring testing surveillance software be installed.
Also, Pearson sends the recordings back to you which contain identity documents (per their privacy policy), but your privacy policy does not address this.
That’s not what “optional” means!
“The collection of such data is optional, but necessary if you choose to use the online proctoring function.”
Source:
home.pearsonvue.com/privacy#…
InfraGard had a recent talk regarding paying ransoms to someone on OFAC’s SDN list.
Summary: reach out to FBI and OFAC first and fully cooperate with their investigation. That will weigh more positively when the case makes it to DOJ.
Replay on @InfraGardNatl website.
BBC News - Hackers threaten to leak plastic surgery pictures
bbc.co.uk/news/technology-55… and the group is on the USA's denied person's list so paying the ransom may be problematic
1
1
1