Tinker ☀️

Looks like Corporate #infosec has made it's choice.

#RSAC is filled with talks embracing AI and making it "secure".

And they invited and encouraged the Trump regime to spread its disinformation - fully sanctioned and encouraged by the conference leadership(and by conference attendees who laughed at the regime's jokes and lies and issued no challenges or stands during the talk).

With the ostracization of #ChrisKrebs by industry and the full embrace of Kristi Noem as a speaker, this was the moment that infosec made its bed.

Y'all lie in it now.

Apr 30 at 11:29amWeb
Show threadTinker ☀️5d ago

This is damning.

Kevin Collier, journalist from NBC News states:

"I will say [Kristi Noem] has come out swinging, insisting her vision of CISA will improve [DHS] and falsely describing its previous work as being substantially devoted to policing misinfo.

The crowd has been relatively into it. Tepidly bit on her laugh lines. No boos, no heckling. This is a corporate crowd, not Def Con, but I would have not been surprised to have seen some disruption."

Source: https://bsky.app/profile/kevincollier.bsky.social/post/3lny67kekqc26

#infosec #RSAC

Kevin Collier (@kevincollier.bsky.social)

The crowd has been relatively into it. Tepidly bit on her laugh lines. No boos, no heckling. This is a corporate crowd, not Def Con, but I would have not been surprised to have seen some disruption. Still a few minutes left.

Bluesky Social
Show threadwall-e / Daniel5d ago
@tinker That is absolutely disgusting and disgraceful.
Show threadThe 500 Hats of LambdaCalculus5d ago
@tinker And people don't mock or jeer these MAGAt fuckheads!?
Show threadMichael Koerfer5d ago
@tinker holy moly
Show threadTim Hergert5d ago
@OT_MacDonald @tinker BTW I read this in Ella Purnell's voice.
Show threadmanchicken5d ago

@tinker given that the American government has abdicated the leadership role that they insisted the rest of the world should follow, I can’t imagine how anything any fed would have to say could possibly contribute to the practice of cybersecurity (or pretty much anything else, either).

The Trump administration’s message to the rest of the world is pretty clear: fuck off and find your own way without America. Their message to the American people is similar: robber-barons are here to loot; good luck.

Show threadFennix5d ago

@tinker

It'll be REAL interesting to see how front and centre all the government shit is at this years' #DEFCON.

Show threadYet another Josh 5d ago

@fennix @tinker

I'm going to go on a limb, that after this last years' badge debacle with Dmitri, that Defcon admin will also bend over to Corporate Infosec and Trump.

Defcon's already these days known as the cheap Blackhat. And most of the feds go to both anyways.

https://www.theregister.com/2024/08/13/defcon_badge_disagreement_gets_physical/

I also won't go back to Defcon, for that and toxicity reasons.

DEF CON badge disagreement gets physical as firmware dev removed from event stage

Is it not a strange fate that we should suffer so much fear and doubt for so small a thing?

The Register
Show threadJess👾4d ago
Besides. I can't imagine you'll get many or any international attendees. Especially anyone with brown skin and anyone who have ever done any vulnerability research that might potentially make the fash the slightest bit annoyed.
@crankylinuxuser @fennix @tinker
Show threadYet another Josh 4d ago

@JessTheUnstill @fennix @tinker

Wow, yeah. I wasnt even thinking about international ramifications coming up.

This whole country is a big "no--go-zone" for the foreseeable future.

Show threadJess👾4d ago
Can you imagine going through customs with even a Flipper Zero these days?@crankylinuxuser @fennix @tinker
Show threadYet another Josh 4d ago

@JessTheUnstill @fennix @tinker

Not really... Not these days.

Although back in 2019 I brought https://hackaday.com/2019/06/05/mobile-sigint-hacking-on-a-civilians-budget/ through TSA. Not an issue.

Mobile SIGINT Hacking On A Civilian’s Budget

Signals Intelligence (SIGINT) refers to performing electronic reconnaissance by eavesdropping on communications, and used to be the kind of thing that was only within the purview of the military or…

Hackaday
Show threadFennix4d ago
@JessTheUnstill @crankylinuxuser @tinker
Yeah I already canceled all my plans once Trump was inaugurated and the first week was the shitshow it was. I typically book hotel/flights/etc. a full year in advance.
Show threadatom_skillz3d ago
@crankylinuxuser @fennix @tinker They were in the gov's pocket ever since "spot the fed" got too easy,
Show threadI Voted for McGovern5d ago
@tinker
Lolz, Dakota State “University” is a university in a bad dream ffs. It’s a cow college people, chaos and cows and small mindedness
Show threadRachel5d ago
@tinker godamn.

I am...... Not even a little surprised.
Show threadboB Rudis 🇺🇦 🇬🇱 🇨🇦5d ago
Good overview of her "talk" @ cyberscoop: https://cyberscoop.com/kristi-noem-rsac-2025-cisa-mission/
DHS Secretary Noem: CISA needs to get back to ‘core mission’

At the 2025 RSAC Conference, DHS Secretary Kristi Noem vowed to refocus CISA on its core mission of critical infrastructure protection.

CyberScoop
Show threadDataline5d ago
@tinker Hosed
Show threadBill5d ago
@tinker I has a disappoint
Show threadCasey5d ago
@Sempf @tinker Not surprised at all.
Show threadLesley Carhart 4d ago
@Caseydunham @Sempf @tinker not surprised, but disappointed.
Show threadBill4d ago
@hacks4pancakes @Caseydunham @tinker Yeah, there isn't much we can do about people that don't want to change. It's ugly. Long as the $$$ keeps flowing amirite?
Show threadrobert daniel pickard5d ago

@tinker i don't know if defcon would react differently

last year was so full of feds and cops giving presentations that i broke my brain and i decided i won't be going back

i really think 2010 black hat having Michael Hayden was a turning point. I remember the room being pretty evenly split between boos and fanboys. i think the fed fanboys have gained ground at blackhat and defcon now

Show threadThe 500 Hats of LambdaCalculus5d ago
@rdp @tinker DEF CON needs to be brought back to pure hacker energy and a serious #ACAB attitude.
Show threadViolet Madder4d ago

@lambdacalculus @rdp @tinker

They'll probably need to hold it outside the US for that. And I'm wondering how many hackers are still free at all.

Show threadfeld3d ago
@lambdacalculus @dsp @rdp @tinker It's been dead long before pool2girl happened, so how far back do we really have to go
Show threaddsp3d ago
@feld
I have faith in the DEFCON crew honestly. During all these years, mistakes happen(ed) for sure, but this group is, in a sense, all of us here. We can reclaim a hope for a future filled with hacking, truth and ethics.
Show threadfeld3d ago
@dsp I think most of the problem is that it's too big now. It needs to be significantly reduced in size -- maybe not even normal public ticket sales
Show threadJeff Moss5d ago
@rdp @tinker We would. #DEFCON != RSAC
Show threadThe 500 Hats of LambdaCalculus4d ago
@thedarktangent @rdp @tinker That may be true but I do have to agree that the fed stink is getting a little too strong. We need more pure hacker/punk/goth energy.
Show threadKluthulhu' XOR 1=1--4d ago
@thedarktangent @rdp @tinker This you?
https://forum.defcon.org/node/246116
forum.defcon.org

Secretary of the Department of Homeland Security Alejandro Mayorkas Alejandro Mayorkas, Secretary of the Department of Homeland Security 45 Minutes The Secretary of US Homeland Security, Alejandro Mayorkas, joins DEF CON for a fireside chat. Secretary Mayorkas will lay some foundational groundwork on some of DHS' priorities in

DEF CON Forums
Show threadJeff Moss4d ago
@kluthulhu @rdp @tinker If you think they are equivalent then 🤷‍♂️ You'll have to wait for the speakers to be announced.
Show threadKluthulhu' XOR 1=1--3d ago
@thedarktangent @rdp @tinker Both were invited in their function as Secretary of the DHS.
Show threadYou S Blues4d ago

@rdp @tinker What I’m curious about, if anyone is there, is, are the Feds there (besides Kristy Noem)?

Elon has put the kibosh on Fed travel so I’m curious if it is reflected in the attendees. I heard the Appian conference in Denver was missing many representatives of the software maker’s largest customer, the US gov.

Show threadYou S Blues4d ago
@rdp @tinker - I just confirmed that no one from the government was at the Appian conference.
Show threadAriaflame3d ago
@rdp @tinker So it's Fedcon now?
Show threadMarko Vujnovic4d ago

@tinker I think most people are aware of that point in your employment when doing things to keep your job are different from doing things to do your job well.

This is a crowd trying to remain employed.

Show threadWeird Socks4d ago

@dawngreeter @tinker
Agreed. I've never heard tell of flying to the conference on the company dime and then heckling the speakers.

I posit that the tell is who attended. There are many conferences. Who voted with their feet? Which firms had, y'know, unfortunate scheduling conflicts?

Show threadNathan Weil4d ago
@tinker @hacks4pancakes My company CISO just responded to me that her speech “…was pretty good.” Ugh…but really I expect no less anymore.
Show threadspiegelmama4d ago
@weiln @tinker @hacks4pancakes 🤢
Show threadAAKL4d ago
@tinker Disgraceful.
Show threadFuturistic Robert [KJ5ELX] 4d ago
@tinker so a room full of fascists.
Show threadtlariv3d ago
@0xF21D
With names and addresses.
@tinker
Show threadwinter4d ago

@tinker Corporate is gonna have to learn a lesson about what happens when you lie down with dogs.

(You wake up with major security vulnerabilities and infrastructure built on PR and vibes.)

Show threadGlyph4d ago
@winterayars @tinker @btanderson well I mean not if Noem is around, if you lie down with dogs in that context you just get covered in dog blood
Show threadGlyph4d ago
@winterayars @tinker @btanderson I really hope I don’t know anyone at RSAC this year, to be a party to this and not absolutely lose your shit in the audience would be a lifelong embarrassment
Show threadAsta [AMP]4d ago
@glyph @winterayars @tinker @btanderson Here's a woman who murders dogs and considers parading in front of people she enslaved to be a 'photo op'. Like. You can't make up that level of fucking awfulness. Boo her ass.
Show threadAsta [AMP]4d ago
@glyph @winterayars @tinker @btanderson But, you know, this is what "respectability" is. It's what it always has been. "You have to be nice", at all costs, to live in society. To a woman who brags about killing dogs and enslaving random Hispanic people in a fucking foreign labor camp.

And no one there says "hm, maybe I shouldn't laugh at the dog killing slaver's joke?" mann
Show threadVern McCandlish4d ago
@winterayars @tinker as a security practitioner I take solace in the silver lining that it means all my friends in the industry will at least have job security for decades.
Show threadPonygirl3d ago
@tinker Noam is a puta.
Show threadScott Wilson5d ago
@tinker All awful choices. I had no real opportunity to attend RSAC anyway; I’m glad of that.
Show threadThe 500 Hats of LambdaCalculus5d ago

@tinker

$ git reset --hard united-states

Show threadcanleaf08 ⌘ ✅4d ago

@lambdacalculus @tinker
and:
git switch 2024_harris_walz_inaugerated_trump_jailed

Make a PR to the master, the supervisor has to look at that.

Show threadGeneralX4d ago
@canleaf @lambdacalculus @tinker
git branch -D trump47
Show threadTroed Sångberg5d ago
@tinker Were there any actual infosec people in the crowd or just infosec-aligned managers?
Show threadTinker ☀️5d ago
@troed - No idea. But I hate to break it to you, management and policy is actual infosec. Tech folks who wield the tools do so at the behest and direction of the decision makers.
Show threadStarkRG5d ago
@tinker I would definitely not have pegged infosec as an industry rife with the kind of gullible idiot AI is marketed at. In fact, I would have assumed the exact opposite.
Show threadJ. R. DePriest    :EA DATA. SF:5d ago

@StarkRG @tinker

Our CISO is super-hyped on AI as a tool to eventually handle Tier 1 SOC, write reports, and summarize data.
* some assembly required

Show threadStarkRG5d ago
@jrdepriest @tinker I don't claim to be an expert (either in infosec or AI), however, I can certainly see that there are some situations where using AI can be a good choice and every single one of them requires a real person double-checking every result. If you don't want to pay people to hand-check everything returned by an AI algorithm, then AI algorithms aren't the solution you're looking for. It's good for producing "that feels like it could be right" matches in enormous datasets.