Those of you hitting security awareness training & culture - how do they respond to phishing reports that are real? As far as I know they aren't incident response. And how are they going to be able to triage reports? Again, they aren't threat detection or incident response. 🤔

Please note, respond here means 'deals with the report' so if it is a real phish or turns out to not be a real phish, both covered under responds. Also not a joke post 😂

What team triages and responds to phishing reports?

Come join my team and hang out with Angus!
Hiring for an e-learning specialist/developer to help us make engaging and effective training that people learn from and remember because it's fun (and actionable). Wonderful global team with excellent work life balance, good benefits and best of all, lots of Angus time.
If you're interested please apply and feel free to message with any questions you might have. Security experience a nice to have not a requirement, and an opportunity to be really creative.
https://insulet.wd5.myworkdayjobs.com/en-US/insuletcareers/job/GB---United-Kingdom/E-Learning-Specialist---Security--Remote-Flexible-_REQ-2024-8690

#learning #security #infosec #infobex #education #training

Hey friends! My talk from BSides Basingstoke is available to watch! https://infobex.co.uk/speaking/ go check it out. As always, calling the industry out to do better and with pretty graphics

#criticalthinking #infosec #infobex #education #pschologicalsafety #speaker #conference #bsides

@coleens_ yessss soon you shall come to love the front loaders!

So managers are starting to spew the whole "well I didn't do anything wrong, it affected everyone else, so we're not liable" bullshit.

Did you allow a third party vendor to have the highest privilege access to all of your systems AND let them run Remote Code Execution on your systems whenever they want?

You didn't have a test environment set up to test each update or patch that is applied to your systems before you push them to prod? No? Just let it auto-update?

Yeah, that "Risk Transference" didn't work so well as your GRC policy seemed to think it would, huh? I know they're a security company and they SHOULD have tested it, but they didn't, did they?

I know everyone else does it, but if everyone else jumped off a bridge, would you?

Just because everyone else fucked up, doesn't mean you didn't fuck up.

There's gonna be a lot of deep discussions in this post-mortem and hopefully orgs will change. Those that don't will just be hit again... and again... and again.

#crowdstrike

@deviantollam enjoy! Let me know what you think 😊

@coleens_ thanks so much! 💙

@hacks4pancakes I know @deviantollam and @coleens_ wanted a heads up when it went live 😊

Psychological Safety: Why Security is Digging a Hole

Looking forward to giving a brand new talk at BSides Basingstoke today on Psychological Safety: Why Security is Digging a Hole. Because it is. Security professionals frequently fail to make 'security' something that isn't scary and out to yell at you or blame you or call you nasty words. No one wants to connect or work with an area like that.

http://infobex.co.uk/2024/07/19/psychological-safety-why-security-is-digging-a-hole/

#Pancakescon talks are up!

Go check out my talk on Semiotics:Judging a book by its cover, security edition!

I had so much fun giving this talk, and was so glad that is resonated so much with everyone watching.

PancakesCon is one of my favourite cons and I was thrilled to have this talk accepted. Thanks to @hacks4pancakes for putting on an amazing con with the whole team 💙

https://m.youtube.com/watch?v=J3uBO6FQWAo&list=PLe93Pz9B0NKMAnDRBOMBNWNyBFiDx9iC5&index=3&pp=iAQB

#semiotics #securitysemiotics #infosec

@ljrk @TheDarkHorse @some_natalie @hacks4pancakes so good you enjoyed the talk!

The awesome #PancakesCon 5 recordings have been edited and are now available! Here are my top picks 0:-)

Rebecca ‘Bex’ Markwick (@infobex) - Semiotics: Judging a book by its cover, security edition
DarkHorse (@TheDarkHorse) - The Craft of Threat Intelligence
Natalie Somersall (@some_natalie) - A Gentle Intro to Container Escapes and No-Clump Gravy

I especially loved it when speakers blended both topics rather than a "split topic" talk, an amazing feat! :3

Playlist: https://www.youtube.com/playlist?list=PLe93Pz9B0NKMAnDRBOMBNWNyBFiDx9iC5

Also thanks to @hacks4pancakes for hosting!

You may be in a position where leaders in your company are hot to turn on Microsoft Copilot Recall.

Your best counterargument isn't threat actors stealing company data.

It's that opposing counsel will request the recall data and demand it not be disabled as part of e-discovery proceedings.

The threat that keeps your executives up at night are lawyers, not hackers.

The UK’s ICO have opened an investigation into Copilot+ Recall. https://www.bbc.co.uk/news/articles/cpwwqp6nx14o

@coleens_ goes in waves I think

Did I just hear Ollie Whitehouse, CTO of NCSC, quote @infobex on stage at CyberUK? "Humans only have a certain amount of security budget which they will spend on cyber and we need to spend that very wisely". To hear that coming from such a senior level and to a national audience is really encouraging! Pity he didn't follow that to its logical conclusion and say that the majority of our training methods, including phishing sims, are not meeting that standard.

Just casually trying to video some fresh tiktok stuff on why the security awareness industry needs to take a long hard look at itself and Sméagol is repeatedly bombing into me. I have no use able takes and have decided that Sméagol cuddles are way more important. Especially as I had a nice LinkedIn comment battle about how public WiFi is fine and people who can't do risk assessments and only want to do 'awareness' are the problem.
Smaug has decided that ekekeking the pigeon is more important than anything and Gimli wants cuddles but keeps being bapped by Sméagol

#LOTRcats #gimli #Sméagol #Smaug #securityawareness

@Halcyon I'm gonna name drop myself lol 😂 I'm everywhere and have opinions, so I'm certainly a few people's favourites lol