It’s Friday the 13th, so you know what that means?

Nothing special. The weekend is nearly here. Almost #parkrun.

Anyway, no superstitious nonsense. It’s just a day and a date.

🎥 Missed one of my past conference talks? Let’s fix that.

I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.

"Shift Left Doesn't Mean Anything Anymore"
📽️ https://twp.ai/4in9oU

#CyberSecurity #SecurityAwareness #appsec

What makes LLMs work isn't deep neural networks or attention mechanisms or vector databases or anything like that.

What makes LLMs work is our tendency to see faces on toast.

@edmonds yeah, I guess you are right. Also, they might be getting their Internet link from the venue through an internal network.

Still found it funny when I saw it. 😀

Funny moment looking at the RSAC SOC dashboard on full display at the expo and realizing they need an RFC1918 refresher.

@SheHacksPurple clearly not as fabulous as yours, but I guess that’s not exactly surprising. Hope you have a great time!

as is tradition, I just published my commentary on this year's Verizon Data Breach Investigations Report (aka #DBIR): https://kellyshortridge.com/blog/posts/shortridge-makes-sense-of-verizon-dbir-2025/

In the post, I include the following sections covering what I felt were the most notable insights and facets in the report:

🌍 So, what?

💃 Espionage: fast fashion or couture?

👻 APTs go BWAA-haha >:3

💸 How do the money crimes generate money?

🤖 Attackers are still not really using GenAI

👩‍🍳 If you can’t make your own 0day, store-bought creds are fine

🔓 #Security was the real supply chain threat all along

🍄 Things Rot Apart

🕵‍ Scooby Doo's Spooky Kooky Corporate IT Caper

🌈 At least some things are improving somewhere

Go forth and enjoy my commentary, and then make sure to find me at #RSAC to tell me what you loved or hated Tuesday 14:30 at the @fastlydevs booth (where you'll also get a free copy of my book ✨)

thanks @alexcpsec for the early copy <3

@Tarah @wendynather @catsalad please tell me this was being recorded! 🙏

Listen up. It’s Wendy Fucking Nather preaching what we need to hear about the security poverty line.

@wendynather here at #BsidesSEA lighting it up at 9AM for the keynote.

Just boosted, but I also want to share this personally. @catbailey is great, and she needs our help.

If anyone I’m connected with is able to help by financially, please do, but also, please share. If you can help on the job front too, let’s #GetFediHired but recognize that takes time, and Cat’s about out of runway.

https://www.gofundme.com/f/aid-for-cat-and-her-kids-in-crisis?lang=en_US

#mutualaid

If you are not publishing a date with
your online articles you are going to a special kind of hell where time is just a sloppy swamp and everything that happened is also happening right now but everything that is happening now happened 20 years ago.

I don't make the rules,
and I don't wish you ill,
but put a freakin date on your articles 😭

@codinghorror

In light of recent events, I want to remind everyone that end-to-end encryption doesn't prevent you from adding the editor of the Atlantic to your private group chats.

This is Theo. He helps me edit my free, weekly cybersecurity newsletter ~ this week in security ~ (so you know who to blame for any typos). It's out every Sunday, and has all the cyber news that you need to know, plus the happy corner, and a featured weekly cyber cat.

Sign up/RSS: https://this.weekinsecurity.com

Job alert!

Spanish language required, North America-based, depending on location fully remote

Are you interested in cyber insurance? Want to be part of creating financial incentives to improve security? Come join my team!

(Boost for reach appreciated)

https://careers-libertymutual.icims.com/jobs/69103/cyber-risk-engineer-%28bilingual-spanish%29/job?mode=view&mobile=false&width=734&height=500&bga=true&needsRedirect=false&jan1offset=-420&jun1offset=-420

I don’t like to butt in on the moderation happenings on another instance, but since people on my instances are now getting involved, I feel I have to. Hachyderm’s mod team removed a post from one of their members, believing it to be incorrect information after it was reported to them as being incorrect information. The person whose post was removed got upset and that has caused a bit of a firestorm response. @quintessence has been trying to answer questions but I want to add some context as a fellow admin/moderator.

The first thing to know is that moderators are not perfect. We make mistakes. I make them all the time, as some of you will no doubt recognize. Like Quintessence with Hachyderm, when anything goes awry, moderation-wise, it is my job as admin to stand in front and take the heat from whatever went wrong. We DO. NOT. throw the mod team under the bus, assuming the moderators are acting in good faith.

The next thing to understand is that this is a thankless job. People get mad at us for taking action, for not taking action, for being too fast, for being too slow, for permitting something someone thinks should be blocked, and for blocking things someone thinks should be permitted. We see some awful shit. We get threats of harm. We get doxed. We get angry letters from lawyers.

We also don’t have a team of fact checkers at the ready. We generally process dozens of reports per day. We have to apply a reasonableness test to incoming reports and respond based on the rules and guidelines we’ve set for our community and then move on, and if we made a mistake, we go and fix it.

I would ask that y’all afford some grace and understanding to the Hachyderm team and to the admins and moderators of fediverse instances generally. We aren’t the enemy. We are trying our best to manage a community at a time of unprecedented levels of tornadic bullshit, fear, anger, and hate.

Peace.

well he did his best

Cyberattacks targeting IT vendors intensify, causing bigger losses https://buff.ly/1lZ65c3

Why Rigid RTO Mandates Cost More Than They Save

Atlassian, a 10,000-person organization reduced office space by 50%, making office visits optional but intentional. The result? An increase in productivity of approximately 40 min per employee per day, along with cost savings from reduced office expenses.
https://www.forbes.com/sites/solangecharas/2025/03/01/why-rigid-rto-mandates-cost-more-than-they-save/