Alexandre Dulaunoy1d ago

If someone comes to me today preaching about “post-quantum” security issues, I’ll remind them of the current state of security: the npm ecosystem gets abused daily, CI pipelines run left and right with full access to cloud services, so-called security devices like F5 and Ivanti are exposed (and compromised) to the internet, mailboxes get compromised just to change an IBAN in a PDF, and a simple phone call is still enough to get someone to hand over an MFA code.

But yes, by all means, let’s focus on post-quantum threats while handing AI tools SSH access like it’s a feature, not a confession.

#cybersecurity #stateoftheworld

Show threadPseudo Nym

@adulau

Thank you.

I've been advocating for spend on the basics of security hygiene.

Get all your employees an enterprise license for a password manager, spring for hardware 2FA keys if your workflows support them. Audit external attack surfaces, like exposed AWS buckets. Drop a secret scanner into your CI/CD pipeline. Have an accurate asset inventory.

All of these are cheaper than the new shiny whatever, and have real world, measurable impact.

Thanks for coming to my talk.

#infosec

Mar 31 at 5:58pmWeb