@jaythvv It's important to find ways of listening. When I started at Microsoft in 1997, nobody listened much to the support organization -- the wins that we had were hard fought and always at a remove or two.

By 2001, that had started to shift and we were having regular meetings with PMs and engineering leaders. I owned supportability for NetBIOS browing at Microsoft, which was a technology that MSFT had publicly said it was deprecating in 1999. (I'm still not sure which sin I was being punished for...)

I was sitting in a meeting when a VP of engineering expressed a desire to just rip it out of Windows and be done with it. I had to speak up and point out that every enterprise backup solution in the market at the time relied on NetBIOS browsing and that killing the feature would break everybody's backups, everywhere.

Thankfully, the feature lived on long enough that nothing significant broke when it finally was killed.

As a result, the higher you get up in an organization, the further you get from the customer, the problem you've solving, and any of the actual work, and the higher up you get, the more power you have to change the conditions of the business.

On some level, modern corporate power structures are a giant game of telephone where vibes beget further vibes, where managers only kind-of-sort-of understand what's going on, and the more vague one's understanding is, the more likely you are to lean toward what's good, or easy, or makes you feel warm and fuzzy inside.

https://www.wheresyoured.at/the-era-of-the-business-idiot/

@LeslieBurns "You don't know who you stole from?"

Spotted on 4th Ave. in Brooklyn

If you access corporate email on a personal device that can be unlocked with FaceID, you must change your face at least once every sixty days.

You may not reuse any of your most recent 12 faces.

Please contact the technical support desk if you have forgotten your face and need help resetting it.

@zak Also, if your company pays for 1Password, they give away personal accounts for all your employees, too.

@SheHacksPurple Whenever I ask security leaders for the ideas they've implemented that have been really successful, security champion programs is the one that always comes up as a huge win.

My friends over at Katilyst are doing a survey about security champion Programs. If you run one, please consider answering the survey so they can make some helpful content.

https://docs.google.com/forms/d/e/1FAIpQLSdpTwRMuk9Wh3uwM-5fgaYeSwcxWrGeUUM0YBD_xx2z_r_vMg/viewform

@SecurityWriter This might be the year I revert to Lynx.

@FeralRobots @cybermunchkiin @malwaretech https://krebsonsecurity.com/2025/04/trump-revenge-tour-targets-cyber-leaders-elections/

@wirepair @timb_machine @wdormann @attritionorg @joshbressers NVDpocalypse started over a year ago and we're still waiting on them to catch up with enrichment by the end of...checking notes...last fiscal year.

@percepticon And, with the rumors of DHS having "executed the option period", the situation is already different.

It's a good thing we all thrive on chaos.

@jerry Anyway, I can't get behind a Google Sheets solution when VulnerabiliNFT is a possibility.

@jerry I meant to get the GIF in there but this still image really captured the zeitgeist.

@jerry

@isilzha314 I used to work at a factory and one of the maintenance people had a sticker on his toolbox that said:

“We have been doing so much with so little for so long that we are now qualified to do anything with nothing”. I think about that a lot.

Probably the last CVE indexed before it goes dark should be CVE-2025-DOGE (critical, local privilege escalation vulnerability that leads to malicious code execution and data exfiltration).

Hear me out…now is the time to replace the old CVE standard with something modern: VulnerabiliNFT, a fully blockchain backed CVECoin where CNAs have to mine for every new vulnerability they issue.

#VulnerabiliNFT #CVE #MITRE

@masp @pluralistic @cassandrakhaw @Kadrey I just took the A train. Didn't notice anything.