Twitter | Pretraživanje | |
Julian Cohen
Risk philosopher. CISO. Advisor. Mentor. Retired vulnerability researcher. Retired CTF organizer and competitor. he/him
721
Tweetovi
488
Pratim
5.487
Osobe koje vas prate
 
Prikaži više fotografija
Tweetovi
Julian Cohen 3. velj
"While $5.6M is a lot for 30 seconds, it's probably comparable on a per-view basis with a Facebook or a magazine ad."
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 30. sij
Odgovor korisniku/ci @sanitybit
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 28. sij
If you can only identify with one or two of these types of security people, you're probably leaving a significant portion of your security program on the table. A good security practitioner can apply different perspectives to a problem to find the best solution for that problem.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 28. sij
"...any change in a system, even a change intended to prevent or mitigate a potential hazardous incident, also has the potential to introduce new hazards, or new mechanisms by which existing hazards can result in an incident."
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 17. sij
Odgovor korisniku/ci @justinmberman @jasvir @swagitda_
This is 's OC:
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 17. sij
Odgovor korisniku/ci @Magoo @anthonytowry @tweetdkp
I disagree with a lot of the risk forecasting work for these same reasons, but you are one hundred percent right that we have no quant insight into so many things that would have models in any other industry. As much as I disagree with it, it's super important and useful work.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 13. sij
Odgovor korisniku/ci @campuscodi
If you don't understand your adversaries, you can't defend against them.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 9. sij
Odgovor korisniku/ci @chrisrohlf @CFR_org i 3 ostali
I am also not an expert on Iran, but I found this CISA alert surprisingly accurate based on what I know about Iran. They are not a sophisticated adversary in terms of capabilities, but they are very good at making simple, effective techniques scale well.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 24. pro
Odgovor korisniku/ci @sean_a_cassidy @dinodaizovi
You can outsource your threat intelligence gathering and analysis to a third-party. Like with anything, the better information you have, the better decisions you can make. Also, see part 1:
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 24. pro
Odgovor korisniku/ci @dinodaizovi
For systems that are being built, I think you're right. But for systems that already exist, looking at systemic and individual vulnerabilities through an adversary-based lens can help you prioritize and allocate resources. Stay tuned for part 3!
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 24. pro
Odgovor korisniku/ci @dinodaizovi
All of that is easily managed if you follow the steps and treat the model like an iterative process. :)
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 24. pro
Adversary-Based Threat Modeling
Prikaz sažetka · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 20. pro
Odgovor korisniku/ci @HockeyInJune
Sometimes that means best practices and state-of-the-art tools and technology and sometimes it doesn't. Sometimes that means a 24/7 in-house SOC and sometimes it doesn't. But it always means understanding your risks and your adversaries and meticulously defending against them.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 20. pro
Your job as a security engineer isn't to build unhackable systems or fix every security vulnerability. It's to allow the business to succeed despite hackable systems and security vulnerabilities. This means using all available resources to prioritize what's best for the business.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 20. pro
Odgovor korisniku/ci @HockeyInJune
Always remember to take a step back and make sure the control you're building or the detection you're engineering or the problem you are solving is still relevant and prudent. New information about your adversary may require you to change course. Do not ignore it.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 20. pro
Continuation bias (commonly referred to as get-there-itis) is the unconscious cognitive bias to continue with an original plan despite mounting evidence and changing conditions. This is a common problem in a lot of places, but especially in cybersecurity.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 14. pro
Odgovor korisniku/ci @0xdade @dyn___
The actor Jonny Lee Miller is a better hacker than Kevin.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 10. pro
Odgovor korisniku/ci @billiebeta
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 7. pro
Why bother try because of a chance it won't work? Why take any security advice, then? All defenses might not work. Our job as security practitioners is to make work more difficult for adversaries and that includes not publishing tools that help them complete their objectives.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Julian Cohen 6. pro
Odgovor korisniku/ci @WeldPond
"Is that a hill you're willing to die on? Because I have the murder weapon right here."
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Učitaj starije tweetove