Ryan McGeehan @Magoo
Writes "Starting Up Security" @ https://t.co/Rv0MaSThQ1, tweets horror stories @badthingsdaily scrty.io Joined March 2009-
Tweets1K
-
Followers6K
-
Following713
-
Likes314
I strongly believe there are entire companies right now under heavy AI psychosis and its impossible to have rational conversations about it with them. I can't name any specific people because they include personal friends I deeply respect, but I worry about how this plays out. I lived through the great MTBF vs MTTR (mean-time-between-failure vs. mean-time-to-recovery) reckoning of infrastructure during the transition to cloud and cloud automation. All those arguments are rearing their ugly heads again but now its... the whole software development industry (maybe the whole world, really). It's frightening, because the psychosis folks operate under an almost absolute "MTTR is all you need" mentality: "its fine to ship bugs because the agents will fix them so quickly and at a scale humans can't do!" We learned in infrastructure that MTTR is great but you can't yeet resilient systems entirely. The main issue is I don't even know how to bring this up to people I know personally, because bringing this topic up leads to immediately dismissals like "no no, it has full test coverage" or "bug reports are going down" or something, which just don't paint the whole picture. We already learned this lesson once in infrastructure: you can automate yourself into a very resilient catastrophe machine. Systems can appear healthy by local metrics while globally becoming incomprehensible. Bug reports can go down while latent risk explodes. Test coverage can rise while semantic understanding falls. Changes happens so fast that nobody notices the underlying architecture decaying. I worry.
@crtheisen @bettersafetynet Hi @bettersafetynet - Here's a good starting point to get acclimated if you're looking for one: magoo.github.io/Risk-Forecasti… Happy to DM if you run into trouble
I wish all security pros practiced a scenario-first mindset. Explanations based on risk scenarios before jumping to best practices, gaps, controls, compliance etc. I wrote an essay to coach on this: "Writing a risk scenario" medium.com/starting-up-se…
I wrote about that moment every security team faces when someone asks if they can work from China for a while, and then everyone freaks out. magoo.medium.com/the-working-fr…
Securing Customer Support: medium.com/starting-up-se…
@jeremiahg Yeah, either interpretation would have a pretty useful answer IMO, so I'm curious which it ends up being. Subscribed.
@jeremiahg Oh, I see. Said differently: An even smaller subset of of vulns that appear in KVEs actually result in claims. This is what the correct suggestion is, right? Where my mind went, was that certain CVEs caused claims that were not present in KVE, which is not what you meant
@jeremiahg Clarifying question: This suggests some amount of CVE's with observed ITW exploitation that are not also formally accounted for in KEV data?
Ramping up on bluesky 🦋: bsky.app/profile/mag00.…
In the wild exploit in Firefox, disclosed and fixed within 25 hours. blog.mozilla.org/security/2024/…
My "Starting Up Security" writing correlates to my caffeine intake which has dropped off over the last few years. Today I got tricked into an actual coffee, so drafts are open. Taking any requests, just DM ☕️
“Detection is a problem I describe as deceptively tractable.” @Magoo on 🔍 Prioritizing Detection Engineering Proposed implementation order: 1. Get logging in order, focusing on query-ability and minimum viable logs. 2. Spend time on hardening before formalizing detection. 3. Introduce high-quality detections and alerts, starting with a reference alert and focusing on invariants. 4. Address management challenges before scaling detection efforts. 5. Fully embrace an engineering approach to detection, with the ability to throttle or accelerate work as needed. medium.com/starting-up-se…
@robertgraham @lcamtuf Seems less likely that an interdiction added explosives and relied on a known vuln to trigger it. More likely, while introducing explosives, introduced a trigger at the same time so it could be triggered at a more predictable time. Was it additional hardware, or malware?
@robertgraham @lcamtuf I think it's most likely that some kind of intervention occurred to add explosives, but it would still need to be triggered. If a physical intervention is already given, shouldn't some kind of malicious software trigger also be necessary? Or were they all on a simple timer?
I will be really surprised if these were not sabotaged before delivery somehow.
Malware (!!??!!) may have been the factor in an attack that blew up hundreds of Hezbollah Operatives pagers in an attack.
I wrote about how detection engineering should be prioritized in a security program. Feedback and discussion welcome! magoo.medium.com/prioritizing-d…
The boring security management stuff. 🤣 Managing a quarterly security review: Feedback welcome as usual. medium.com/starting-up-se…
Alex Stamos @alexstamos
90K Followers 2K Following You can find me at: https://t.co/Enct5hx8bS https://t.co/CuE5u72rhW
Thomas H. Ptacek @tqbf
35K Followers 610 Following Don't look at me sideways. Don't even look me straight on. bsky:@sockpuppet.org
Clint Gibler @clintgibler
23K Followers 573 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Halvar Flake @halvarflake
45K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
Justin Elze @HackingLZ
70K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
haroon meer @haroonmeer
17K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6b
Dr. Anton Chuvakin @anton_chuvakin
42K Followers 9K Following Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXG
Marco Lancini @lancinimarco
7K Followers 382 Following 💼 Director of Security 📬 @CloudSecList 📚 https://t.co/TrQKzxfnYg 💬 I write about security strategy, technical leadership, and cloud security.
Kim Zetter @KimZetter
94K Followers 3K Following Journalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. https://t.co/334DzfSL1f
Phil Venables @philvenables
14K Followers 590 Following All about cyber, resilience, risk, AI - at scale. Partner - Ballistic Ventures / 4 x CISO / Board Director / Chief Risk Officer
Kelly Shortridge @swagitda_
29K Followers 275 Following Senior Director @Fastly | software resilience + modern infosec | [email protected] | https://t.co/68itNjq8tL | aka &void;
Chris Sanders 🔎 �... @chrissanders88
35K Followers 487 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSM
Jobert Abma @jobertabma
43K Followers 707 Following I tweet about security and my experience as a hacker. Co-founder of HackerOne (@Hacker0x01).
shubs @infosec_au
58K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Leif Dreizler @leifdreizler
2K Followers 2K Following Eng Manager at @semgrep 💻 co-host of @404pod 🎙
Matt Johansen @mattjay
46K Followers 2K Following Founder of @vuln_u | Long Island elder emo surviving in ATX | AI and Cybersecurity news from an 18yr industry vet
Runa Sandvik @runasand
75K Followers 373 Following Founder of @GranittHQ, securing journalists and at-risk people around the world.
Travis McPeak @travismcpeak
3K Followers 1K Following Security, mgmt, startups, investing, 🏋️♂️, 🚵. making AI dev secure @cursor, prev: Founder @Resourcely, @databricks, @netflix
Deirdre Connolly¹ @durumcrustulum
6K Followers 3K Following • 🜗 🝒 🝲 crypto as in 'cryptography' 🝳 🝡 🜖 • ¹ isogenist, co-host @SCWpod, @durumcrustulum.com on 🦋
Jtcne @jtcne
62 Followers 155 Following Any tweets or comments are my personal opinions and observations and should not be considered financial and/or investing advice.
Ann Jaskiw @annjaskiw
520 Followers 360 Following IT guy @eladgil | prev CEO/founder @choose_tactic (acq by @TaxBit) | Ohioan 🇺🇲 | Українка 🇺🇦
ArgusEye @ArgusEyex
4 Followers 86 Following Smart contract auditor & bug bounty hunter. EVM, Solidity, Foundry.
Wright @Wright21OO
71 Followers 1K Following
Mahmoud Sherif @Mahmoudp90
338 Followers 2K Following Penetration Tester💻 | Don’t tell people your plans. Show them your results.
rgsec @originalrgsec
36 Followers 1K Following
Michael Beer @michaelbeer01
14K Followers 2K Following Head of crypto @whop, Prev $175m exit (founding eng)
Kobus Liebenberg @proximasynth
0 Followers 100 Following
Mahmud🎭 @cybershaykh
938 Followers 3K Following Application Security | CS | books and poetry , tech lead @gdgoc_unilorin
Mohammad Hossein Baha... @mhmdhbhadr
1 Followers 66 Following
Armando L.Davis @davis_arma79011
1 Followers 81 Following
Tony L. He @tonyhe_lipeng
44 Followers 1K Following Trustworthy ML Research @UWaterloo / Software Engineer / Startup Founder
skmossey @skmossey
20 Followers 147 Following
Simon @_SimonOliver
88 Followers 897 Following
Andrei @AndreiA61847
51 Followers 175 Following AI-first Software Leader | I give insights on leadership transformation and great software
Prathiba @ShahPrathiba
4 Followers 41 Following
Anas Benmoussa @anasbenmoussa
3K Followers 5K Following IT Strategy Interested in Leadership, Economics & Politics
Justin D'Souza @jqdsouza
361 Followers 1K Following Co-founder & CEO @asymptotelabs. Founder Fellow @southpkcommons. Prev led ML Eng @DoppelHQ & Data Science @joinlevel. Eng alum @waterlooeng.
tuckner @tuckner
3K Followers 851 Following Finding bad software extensions at @SocketSecurity (acquired @secureannex). #️⃣ https://t.co/KGANHVF6BP
m0π9r37 @JeremiahGuest4
241 Followers 3K Following Father, Security researcher, 3D🔫 lover, Hardware Hacking, 2nd Amendment Supporter & living sober since 2019 w/ 3D 🔫 being my NEW drugs of choice 😅🤑😁😮💨
たぴおか @19900810misaki
20 Followers 1K Following
Sameer Bhatt (Debugge... @sameer_bhatt5
903 Followers 603 Following Debugger 🐞 • Hacker 👾 🐱💻 • Security enthusiast 🤓 • Senior Security Analyst 💻 • Speaker🎙️• Occasional Blogger 📝 & CTFs 🚩 • Poet ✍🏻
ちぃ @chippu5760
15 Followers 1K Following
Davinzzi La Bestia @Davinzzilabest
112 Followers 3K Following New Music Available soon in iTunes [email protected]
عبدالله الم... @AbdullahMoai
17K Followers 2K Following Building @Bitwadi, ex co-founder @Rain (exited), chairman @DemaEnergy, #Bitcoin class of 2013
Max Pollard @maxpollard415
333 Followers 292 Following Co-founder & CEO @cotoolai | San Francisco native
gohbi_eth @gohbi_eth
2K Followers 7K Following Integrating DeFi mechanics into NFTs for additional staking and yield benefits. #NFTFinance #DeFi #StakingRewards
JGSW @JGSW_ai
1 Followers 21 Following
Luca @lucavauda
147 Followers 658 Following BS in CS, MS in Cybersecurity. Currently lost in the latent space. Send help
Hassan Zaher @Dragonhunt88
8 Followers 78 Following
André Eleuterio @eleuterio_
256 Followers 646 Following security @sourcegraph. ex-@npmjs & @github *beware of the occasional soccer-related tweets in portuguese 🇧🇷. he/him
AISecHub @AISecHub
9K Followers 7K Following 🚀 AISecHub | AI & Cybersecurity | Securing AI systems, and sharing insights on emerging challenges | https://t.co/YeYtqq5tJC
EdRowe @EdRowe
38 Followers 234 Following
Cortez @cortezoverride
2 Followers 73 Following
waterr @waterr1337
61 Followers 1K Following
Caleb Parikh @caleb_parikh
470 Followers 694 Following Trying to make the future go well by funding impactful projects.
Sam Curry @samwcyo
101K Followers 1K Following
Adriana Porter Felt @__apf__
66K Followers 955 Following I like writing silly Tweets, but that doesn't pay so I build things at @googledeepmind. Principal Engineer. ex-@googlechrome. volunteer @2ndharvest. 🇺🇸🇨🇷
Alex Stamos @alexstamos
90K Followers 2K Following You can find me at: https://t.co/Enct5hx8bS https://t.co/CuE5u72rhW
Thomas H. Ptacek @tqbf
35K Followers 610 Following Don't look at me sideways. Don't even look me straight on. bsky:@sockpuppet.org
Clint Gibler @clintgibler
23K Followers 573 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Halvar Flake @halvarflake
45K Followers 3K Following Choose disfavour where obedience does not bring honour. I do math. And was once asked by R. Morris Sr. : "For whom?" @[email protected]
Robert Graham @robertgraham
68K Followers 2K Following Created (BlackICE,IPS,sidejacking,masscan). Doing (blog,code,cyber-rights,Internet-scanning). Macrodata refiner.
haroon meer @haroonmeer
17K Followers 3K Following Security Geek at Thinkst. We build https://t.co/Sv6Gp3sG6b
lcamtuf @lcamtuf
40K Followers 499 Following Substack: https://t.co/yFvmNisGW3 Homepage: https://t.co/iFAXZxCO5H
Dr. Anton Chuvakin @anton_chuvakin
42K Followers 9K Following Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXG
Dino A. Dai Zovi @dinodaizovi
39K Followers 1 Following Dino is human and can make mistakes. Please double-check responses.
Filippo Valsorda @fil... @FiloSottile
45K Followers 1 Following Cryptogopher / Go crypto maintainer / @kateconger-knower / RC F'13, F2'17 / #BlackLivesMatter / he+him https://t.co/ZE4RtJ1xqD / https://t.co/qfth7zr00W / https://t.co/j1grpEm8uR
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Scott Piper @0xdabbad00
20K Followers 253 Following Cloud security historian Developed https://t.co/ZXFwkuyseC, CloudMapper, and Parliament Organizer for @fwdcloudsec Researcher at @wiz_io
thaddeus e. grugq @thegrugq
128K Followers 420 Following Hacker :: PhD researcher @warstudies @KingsCollegeLon :: [email protected] :: PGP https://t.co/dYipV8y3bo
Kim Zetter @KimZetter
94K Followers 3K Following Journalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. https://t.co/334DzfSL1f
Tabletop Scenarios @badthingsdaily
17K Followers 1 Following THESE 👏 TWEETS 👏 ARE 👏 FICTION👏 This account tweets fictional or headline inspired breach scenarios. To play: Share opinions on prevention or response steps.
Phil Venables @philvenables
14K Followers 590 Following All about cyber, resilience, risk, AI - at scale. Partner - Ballistic Ventures / 4 x CISO / Board Director / Chief Risk Officer
mdowd @mdowd
33K Followers 754 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
Kelly Shortridge @swagitda_
29K Followers 275 Following Senior Director @Fastly | software resilience + modern infosec | [email protected] | https://t.co/68itNjq8tL | aka &void;
Calif @calif_io
5K Followers 30 Following We're https://t.co/KTEDnC2VUV. Join us to make the Internet safer for your mum and everyone else: https://t.co/eUFMLkW9t2.
Heavy Pulp @heavypulp
43K Followers 1K Following Freshly Squeezed Visual Amalgamations. Custom work: [email protected] EVERYTHING IS COMPUTER. BUT COMPUTER ISN'T EVERYTHING.
AndrewMohawk⁽ⁿᵘ... @AndrewMohawk
5K Followers 3K Following Sec/Madness @privy_io principal security , @_seal_org technical council prev: HoS @uniswap, D&R/IR @RobinhoodApp, IR @BitMEX, Built @Paterva Maltego with RT
Andrea Barisani @AndreaBarisani
7K Followers 1K Following hacker | tamagopher | https://t.co/3S3EARrfoc
Skild AI @SkildAI
15K Followers 0 Following Any robot. Any task. One brain. Help build general-purpose robotic intelligence at https://t.co/UKh2kQYSqt
Joe Weisenthal @TheStalwart
442K Followers 7K Following One half of Bloomberg's Odd Lots Podcast. One quarter of Light Sweet Crude.
Tracy Alloway @tracyalloway
210K Followers 5K Following Co-host of the Odd Lots podcast. I like financial crisis hindsight, spurious correlation and puppies. London ➡️ New York ➡️ Abu Dhabi ➡️ Hong Kong ➡️ New York
Andrew D. Bishop @Andrew_D_Bishop
2K Followers 856 Following Senior Partner & Global Head of Policy Research at @SignumGlobal. Fmr Deputy Head of Research & Director, Global Macro @EurasiaGroup
KneeOverToesGuy @kneeovertoesguy
222K Followers 270 Following I teach everything I know for free here, and for those who want further help ($19 to $99/month) & the custom equipment I make: https://t.co/hTLLgOMSrh
Protector @bookprotectors
10K Followers 5 Following We provide high-level protection for those facing elevated risk. We assess threats, monitor digital exposure & ensure medical readiness. CALIFORNIA PPO122688
hal2001.hl @hal2001
18K Followers 3K Following DeFi + web3 + financial engineering. Cofounder @AcrossProtocol @UMAprotocol; prev @GoldmanSachs, CS @Columbia, 🇨🇦
Will Harris @parityzero
4K Followers 801 Following Chrome Security gnome. I work on the sandbox and local data protection on Windows. @parityzero.99 on signal. Opinions here are my own!
greg @greg16676935420
1.7M Followers 535 Following im greg I like football and stocks and my birthday im from kentuckey. I'm a investor. I like to golf at the golf course. subscribe for just 10¢ a day ⤴️
Ariel Herbert-Voss @adversariel
9K Followers 943 Following Founder @RunSybil. likes: offsec, LLMs, and dumb memes. prev: research scientist @OpenAI / CS PhD @Harvard / @defcon AI Village
Palo Alto Animal Cont... @paloaltoAC
1K Followers 245 Following We're the Animal Control Unit of the Palo Alto Police Dept. In a past life (1973-2019) we were also an open-door Animal Shelter with a 95% save rate.
derek guy @dieworkwear
1.5M Followers 1K Following Menswear writer. Editor at @putthison. Bylines at The New York Times, The Financial Times, Politico, Esquire, and Mr. Porter
Spreek @spreekaway
36K Followers 3K Following
Vladimir S. | Officer... @officer_secret
51K Followers 227 Following Threat Researcher • OpSec Guru • Chief Security Officer @legalblock_ • Admin @10b57e6da0 • Former @immunefi
Karthik Rangarajan @krangarajan
1K Followers 698 Following Engineering things securely @openai. Fomerly Security @robinhoodapp and @addepar. I tweet about startups, security and dogs. Tweets/opinions are my dog's.
Charlie McCowan @CharlieMc0
185 Followers 112 Following CTO building at the AI × blockchain intersection. Security background. Launched and scaled @ZetaChain. Now building @AnumaAI
U.S. Securities and E... @SECGov
807K Followers 16 Following The SEC protects investors, maintains fair, orderly, and efficient markets, and facilitates capital formation. Disclaimer: https://t.co/kQaurNTXAI
Brett Adcock @adcock_brett
508K Followers 21 Following @figure_robot (AI robots) @hark_labs (personal AGI) @cover_thz (weapon detection) @flyArcher (flying cars)
Andrew Blaich @ablaich
751 Followers 885 Following Athlete, Security Researcher, and Threat Hunter. Views are my own.
Nathan 🔎 @NathanpmYoung
30K Followers 4K Following Director, Goodheart Labs. AI-written Community Notes (world first). Part time forecaster @swift_centre. Capital case tweets are literal, others less.
Chelsea Komlo @chelseakomlo
7K Followers 626 Following (Real world) cryptographer. Also at https://t.co/wLuY5u3XNo
Arena Decklists @ArenaDecklists
27K Followers 241 Following Your source for Magic Arena decklists! We also have the best competitive Magic: The Gathering podcast.
ChessDojo @chessdojo
8K Followers 281 Following Run by IM Kavutskiy, IM Pruess, & GM Kraai https://t.co/7yVRGMPkug https://t.co/w132glKlQs https://t.co/l72KlgRgQC https://t.co/k5RRvMS4lZ
Dina Belenkaya @DinaBelenkaya
96K Followers 808 Following Woman Chess Grandmaster & Content Creator♟️| Learn HOW TO USE YOUR BRAIN with my Chess School 📚 Business inquiries: [email protected]
John Bartholomew @fins0905
29K Followers 259 Following Chess Master, Entrepreneur, YouTuber, ex Chessable Co-Founder. Now building @chessiversegame 🤖 https://t.co/cIPpf7wyPZ
MrDodgy is on ChessFa... @ChessProblem
40K Followers 316 Following Organizer of prestigious chess tournaments. Influencer? RTs are always endorsements, otherwise QT, silly.
International Chess F... @FIDE_chess
335K Followers 1K Following
Magnus Carlsen @MagnusCarlsen
1.1M Followers 138 Following World Chess Champion. Playing for @TeamLiquid.
Nate Solon @natesolon
14K Followers 460 Following Chess master, former poker pro, current dad. Takes are spicy yet true.
Chess.com @chesscom
703K Followers 816 Following The world's largest chess community. 250 million members. Join today! Live coverage: @chess24com ♟️ Support: @chesscomsupport 💚 Community: @GreenPawns 👪
chess24 @chess24com
220K Followers 776 Following Norway Chess♟️Carlsen, Gukesh, Firouzja, Pragg, So, Keymer, Anna Muzychuk, Ju, Zhu, Humpy, Divya, Assaubayeva. 📺 May 25-June 5, 11am ET/17:00 CEST/8:30pm IST.
Kostya Kavutskiy @hellokostya
11K Followers 918 Following Professional chess player with a rating of about 2400 at the age of 29. Sensei @ChessDojo - https://t.co/MOKHrnNGPi GM journey - https://t.co/TfmNqai8Zb
Martín Obiols @olemoudi
2K Followers 766 Following Escribo sobre Ciberdefensa Personal y OpSec. Sólo opiniones personales.
Josephine Wolff @josephinecwolff
3K Followers 639 Following cybersecurity policy prof @FletcherSchool, writing about the Internet @Slate, @nytimes, and other placesYou might like
