shortridge

shortridge, 2 days ago to Cybersecurity

my new post covers how to get started with chaos experiments without having to larp as sysadmin, disrupt your users, or piss off your execs ✨ https://www.fastly.com/blog/chaotic-good-resilience-stress-tests-at-the-edge

it includes a js code example that verifies super basic #cybersecurity assumptions about your org’s website, like:

🍪 my site requires cookies or auth headers
⚔️ my site does not allow cross-origin requests

so, it’s a great starter experiment to get familiar with the practice — and it clones requests to avoid fucking with prod ✨

wingo, 2 days ago to random

graphviz is a tool to convert graphs to unintelligible spaghetti

shortridge, 6 days ago to random

a confession: I’ve battled mourning doves for months, ever since I bought a bird feeder for my garden and they kept draining it in less than a day.

they are allegedly stupid creatures, but that’s just what they want us to think.

I am plausibly an expert in cyber defense, having written a book and academic papers, lectured at federal agencies and F500s alike — yet the doves thwart my every mitigation.

I planned to write a blog post once I won, but my hope for victory further desiccates daily…

shortridge, 6 days ago to random

tired: too many browser tabs

wired: the system is struggling to absorb and regenerate from anthropogenic stresses

shortridge, 15 days ago to random

anyone know the best place around Moscone to get a chai latte? #rsac

shortridge, 17 days ago to security

went down to the hotel lobby to retrieve my dinner delivery in a yoga outfit + snuggly cardigan + face mask.

some men with #RSAC2024 lanyards exited the elevator as I re-entered; they turned back to look at me and one said (very loudly, very pointedly staring at me) to the other, “I was like, did you hire me a hooker?”

if you are a man attending #rsac, please shut that kind of shit down when your peers do it. let’s not let insecurity rule our #security industry.

shortridge, 22 days ago to Cybersecurity

The 2024 Verizon Data Breach Investigations Report (#DBIR) is out this morning, and I make sense of it in my new post: https://kellyshortridge.com/blog/posts/shortridge-makes-sense-of-verizon-dbir-2024/

I focused on what felt like the most notable points, from #ransomware to MOVEit to web app pwnage to #GenAI and more.

I have insights, quibbles, and hot takes as always — but the fact remains it’s our best source of empirical data on cyberattack impacts. If you’re a #cybersecurity vendor, please consider contributing data to it.

shortridge, 23 days ago to Bulgaria

To my #EU friends, followers, and future allies: I’m keynoting #CraftConf in exactly one month (May 30).

I will bring #cybersecurity heresy — and custom #ChaosKitty stickers — with me to Budapest.

You still have spacetime to buy tickets and bask in software craftship: https://craft-conf.com/2024/talk/disputation-on-the-power-and-efficacy-of-cybersecurity

Let me know if you’ll be attending, speaking, or otherwise proximate xx

shortridge, 26 days ago to random

Me: “I’m lowkey bullish on inexact supercomputing.”

Them: “Intel’s been doing that since the 90s!”

(historical context for the joke: https://en.wikipedia.org/wiki/Pentium_FDIV_bug)