shortridge

shortridge, 10 months ago to random

This Barbie wrote a book on resilience.

I saw #BarbieTheMovie last night (won't spoil anything, promise) and, like most, dressed full #Barbiecore for the occasion.

A core theme is that Barbie can be anything and honestly that vibes super well with the philosophy underlying resilience: we need to adapt as the conditions around us evolve and we should stay forever curious.

But also, the movie is peak absurd and fun af, so even without the nerdy analysis it's worth the watch.

bcantrill, 10 months ago to random

"Moby Dick" is, as it turns out, a really good book.

shortridge, 10 months ago to random

sometimes my brain generates truly cursed ideas; usually I keep them to myself but today I will share one with you all:

cap and trade, but for vulnerabilities to solve supply chain security

shortridge, 10 months ago to random

When PagerDuty tells me that junior devs have been ignoring low urgency alerts for weeks

Jennifer Lawrence Laughing GIF by Sony Pictures

shortridge, 10 months ago to random

some days I write pretty thoughts and other days I message friends like @bea things such as:

> like “can do we have detect for all the attackery things”

please feel free to use this turn of phrase to describe your security controls from now on

shortridge, 10 months ago to random

Mastodon cyber nerds, I am need of your aid: can anyone endorse me on Arxiv for cs.CR?

I want to post a preprint paper that appeared in IEEE SecDev so the community can enjoy but I am too plebeian for arxiv’s moderation system, it seems.

If you’ve submitted >=3 papers to cs.* within the past five years that probably makes you an endorser.

shortridge, 10 months ago to random

Mark your calendars, I’ll be speaking at #BlackHatUSA on Wednesday, August 9 at 11:20 local in Oceanside A https://www.blackhat.com/us-23/briefings/schedule/index.html#fast-ever-evolving-defenders-the-resilience-revolution-32751

Cannot wait for you all to experience this talk and the resilience revolution. The progress-haters may walk out in a huff like last time, too (true story) 👀

P.S. find me roaming the con and I’ll give you Chaos Kitty stickers and sign my book if you bring/buy a copy. I’ll be dressed as Thought Leader Barbie so you can’t miss me.

shortridge, 11 months ago to random

there’s an essay about crypto in this month’s New York Review of Books and the writer woke up and chose violence against crypto bros

“Even Charles Ponzi’s postage reply stamps really could be used for postal services, and he was a single, central, responsible entity.”

it’s ferocious, it’s informed, it’s everything I ever wanted in a crypto takedown. bless you, Trevor Jackson

Read here: https://www.nybooks.com/articles/2023/06/08/the-price-of-crypto-the-cryptopians-laura-shin/

shortridge, 11 months ago to random

I received an early copy of this year’s Verizon Data Breach Investigations Report (#DBIR) because I'm such a thot leader so I wrote a post with my thots and hot takes about it: https://kellyshortridge.com/blog/posts/kellys-kommentary-on-verizon-dbir-2023/

read it to sound smart to your colleagues or if you actually enjoy empirical data rather than performing the crude rituals of traditional infosec where risks are divined from the musty ether...

thread incoming with tl;dr snippets for mortals with no attention span:

shortridge, 11 months ago to random

I wrote this blog post because I’m so fed up with ppl being like “but where’s my regex” 🥺🥺🥺

It’s nowhere because we are living in 2023 and we have hot girl shit to do instead of flinging our lives away on regex-based #cybersecurity detection rules.

Read, weep, rejoice, whatever other verb suits your vibe after reading this:
https://www.fastly.com/blog/regex-in-retrograde

codinghorror, 11 months ago to random

First of all, how dare you sir. https://www.fastly.com/blog/regex-in-retrograde

shortridge, 11 months ago to random

The FSB’s Snake malware is noted for its sophistication in part due to its architecture that “allows for easy incorporation of new or replacement components.”

Yet that characteristic is often what cybersecurity traditionalists try to impede in their own org’s software…

People marvel at how I wrote the new book in ~9 months and the reason is basically the above — more productive than screaming into the void and maybe changes things.

Source (pdf report): https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a

danderson, 1 year ago to random

Framework is so cool.

"To fix power efficiency, we're shipping a new rev of our DisplayPort module..."

(me: aww, I'll have to buy a new module)

"... but if you have an older module already, click here for instructions on how to update its firmware!"

"Sadly the HDMI module did need some electrical changes in addition to firmware..."

(me: aww, oh well)

"... but if you're handy with an iron, here's the rework instructions to upgrade your v1 module!"

🤯 Amazing amount of giving a shit.

shortridge, 1 year ago to infosec

cybersecurity loves Sun Tzu quotes so I’m reverse uno carding with this post on why he would actually be disappointed in the #cybersecurity industry: https://kellyshortridge.com/blog/posts/sun-tzu-wouldnt-like-the-cybersecurity-industry/

I am NOT saying we should bring Sun Tzu quotes back! I AM suggesting we “where is your god now” as much harmful #infosec folk wisdom as we can — fighting fire with fire, if fire was appeal to authority

anyway enjoy the spice xx

shortridge, 1 year ago to random

The video of my #SREcon talk is live: https://youtu.be/DGdtfB1eY98

It's all about how SREs can align their mental models of a system with reality to sustain software #resilience -- because SREs are a critical mechanism of adaptation in our systems.

If you're an #SRE you're probably not like, waking up thinking, "How will I be the mechanism of adaptation today?" so I wanted to provide some scaffolding around the concept in the talk.

This will be a 🧵of five key takeaways: