// principal infosec architect
// unethical hacker
// ex aws, wn, bartender
//
@redteamvillage_
&
@sec_defcon
daemon
// take sincerely at your own risk
👇
When I worked as an engineer for a major casual dining restaurant chain, I noticed 2 buttons weren’t alphabetical and fixed them on Monday morning and the CEO got complaints about wrong food being ordered and it’s IT’s fault so much that we rolled it back
It’s crazy to me that some of y’all are out here raw-dogging infosec with:
- No caffeine
- No alcohol
- No THC or CBD
- No antidepressants
- No therapy of any kind
Interviewing at small businesses:
Me: “Can you tell me more about your network infrastructure?”
Them: “Yep, we’re a Costco shop”
Me: “Ah, do you mean Cisco?”
Them: “Nope”
In case anyone is wondering, I absolutely learned my lesson and will never do this again
I’ll wait and push on Friday afternoon so I don’t have to see the CEO for at least 2 days afterwards
Ladies, if your man:
- Constantly shows up at the wrong time & looking like a mess
- Spends most of his time streaming tv and playing videogames
- Has a reputation for being “too fast” and not caring about making a connection
You might be dating a UDP packet.
As an ex-AWS sec person, security should NEVER be number 1
If security is number 1, your security leadership fucked up
The purpose of security is to prevent an identified business risk and mature security teams get ahead of business goals
I fight this dumb belief every day
Here's the blog I just mentioned on
@SquawkCNBC
from my good friend Chris Betz over at
@awscloud
on their approach to security. A good read (from another former MSFTer).
"How the unique culture of security at AWS makes a difference."
via
@awscloud
#SecurityArchitecture
Lesson Time: had a Cloud Security engineer tell me today his Azure bastion host requires RDP (3389) open to the internet so he can connect from his browser
What’s wrong here?
AWS officially broke up with me today via email.
It was a wild and fun ride and I'm looking forward to my next technology adventure. DMs are open if you need a security architect, builder, or leader with a stellar track record.
I'm happy to announce I've accepted a new role as Principal Security Architect at [redacted] starting at the end of August
Unemployment has been a lot of fun but I'm ready to get back to work making the world a more safe and secure place
If you’re working in any Cyber job and making less than 100k, your LinkedIn should be updated and set to “Open to Recruiters”
Reach out for help; your contributions are valuable and you should be fairly compensated
If you come find me at
@defcon
including on Saturday morning at
@RedTeamVillage_
, I have a limited amount of holographic stickers and Southwest Airlines drink coupons to give away
The worst part of being a security SME is you see terrible design and implementation everywhere, not just at work
Many naive people assume because a company makes lots of money, they have excellent security and that assumption is absolutely false
If you were recently (or not recently) laid off and want some help polishing your resume or practicing interviewing, it's a slow month and I want to help you
DMs are open
Do you follow the
@defcon
4-3-2-1 rule?
- 4 sushi burritos
- 3 people per bed
- 2 hours crying in the shower
- 1 alcoholic drink per hand
Ask your favorite drug dealer if SushiBurritoCon is right for you
Flight attendant: Is there a doctor on board?
Dad: *nudge* should've been you
Me: Not now Dad
Dad: Not asking for a Security Architect, are they?
Me: Dad, there's an emergency happening!
Dad: Go ask if putting padlocks on diagrams would be helpful
Cyber recruiters will reach out and say "I have an amazing entry level opportunity for you, 5 days in the office in Los Angeles" and get pissed when I say "Ok, I'll do it for $650k"
Friendly reminder that you can be a hacker and not work in PenTesting or Red Teaming
I did my tour in professional offensive security and left because there's a promotion ceiling and also more money in tech leadership
One of my favorite memories of
#defcon31
: a couple men stopped me outside
@RedTeamVillage_
to say thanks for helping run the village and gave me this hat
They're offensive security for the Ukrainian government and they picked up some new tricks in the village
Go get em, boys
Random person to
@corg_e
outside the
@sec_defcon
village: Excuse me, are you
@cybersecmeg
?
Corg_e: ……no
*person walks away*
Corg_e: “Hey everyone, it’s me renowned cybersecurity analyst Meg West, please come visit my favorite village”
Me:
“We need you back in the office for our culture”
The culture: someone cutting a donut in half and leaving it in the box knowing no one will ever touch the other half
You know what wakes you up better than coffee?
Realizing your favorite domain expired because your Credit Card number changed and the domain didn't auto-renew