Aaron de Montmorency

@[email protected]
120 Followers
63 Following
314 Posts
US Army Veteran and Security Practitioner. Director of IT, Security, and Compliance at Elevate Health. Thoughts and opinions are my own.
Show threadAaron de MontmorencyMar 2, 2024
Also, I'm on linkedin now after getting bullied. Add me if you want. https://www.linkedin.com/in/aaron-de-montmorency
Aaron de MontmorencyMar 2, 2024

Something shocking to me happened today at the Seattle/Bellevue Cybersecurity Summit during one of the panel discussions. The speaker asked, by show of hands, how many in the room had an incident response plan. About half the room raised their hands. They then asked by show of hands how many people have tested that plan. About 50% lowered their hands. (Myself included, I will admit. But I have a 3rd Party IR tabletop scheduled for this year.)

What this ultimately means is that only half of large and small companies have a response plan for a security incident. And half of those don't know if their plan will work or not.

So WHEN a cyber attack happens, there is a fair to good chance that the victim organization won't be able to contain or remediate the threat, which can ultimately lead to a data brea- I mean... decentralized surprise backup.

Let that sink in...

Show threadAaron de MontmorencyAug 22, 2023
@DanielReich Even then you can't as a megacorp. Change management. It takes a week for a dev to write one line of code and 2 weeks to restart a server.
Show threadAaron de MontmorencyAug 21, 2023

@DanielReich Orgs like that are the reason why we have perpetuated attacks from US infrastructure. We need to hold these organizations accountable legislatively to prevent these things from happening.

I have logs, I have proof. Why wouldn't you, as a credible and reputable organization stop threat actors from using your infrastructure and services?

Aaron de MontmorencyAug 21, 2023
Show threadDaniel Reich πŸ‡ΊπŸ‡¦Aug 21, 2023
@AaronTalksSec not just Akamai. Amazon, Google, others all behave similarly.
Aaron de MontmorencyAug 21, 2023

This morning I noticed a #passwordspray #attack coming from [50].[116].[36].[236] (tiprnet[.]net) which resolves to #godaddy and #akamai. GoDaddy was more than happy to work with me.

Akamai on the other hand only advises that I block the IP. The tech on the phone confirmed that they will NOT take action against the threat actor because we are not a customer. Are you kidding me? So, I repeated, and asked them: "so you are telling me that because I am not an akamai customer, akamai refuses to take action against a threat actor using their infrastructure?" The tech chose his words carefully but confirmed by stating that the security team is restricted on what they can do if we are not a customer.

Come on akamai... Really?!?!?

Aaron de MontmorencyJul 29, 2023
The Cavern 101.5 FM PDXJul 17, 2023

Hello world!

We're the Cavern, 101.5 FM KVRN-LP and KYQT-LP, broadcasting from Portland, Oregon! We are an all volunteer, non profit community radio station dedicated to playing underheard rock music from around the world.

We feature DJs from both Portland and around the world. If you're interested in having a show, volunteering or just having a listen, head on over to https://www.cavern.fm/

#introduction

#music #vinyl #radio #communityradio #nonprofit #rocknroll

Show threadAaron de MontmorencyJul 25, 2023
Conclusion: Nothing has happened past update 4. I am pretty sure they didn't send a single notice, and they didn't give (me at least) and licensing extensions, or NFR gear, nothing. However, when it's time for renewal, I am going to bring it up again to my territory rep. I will update the thread if something happened, but I am going to leave it at this anticlimactic ending. Sorry everyone.
Aaron de MontmorencyJul 22, 2023
@cvwise Despite the recent issue, which is the only one I have had in the last 6 years, I haven't had an issue with Fortinet. I actually find them quite reasonable and cost effective. Some of the other vendors are quite costly year over year. (Looking at you #Cisco) At least with Fortinet, if you don't renew, or forget to renew, it's doesn't stop working. Even the licensed features. You just can't change them, or if you turn them off, you can't turn it back on.
Aaron de MontmorencyJul 21, 2023

@PogoWasRight That I don't know. Some of the email addresses don't look like they are monitored very heavily based on the email address itself, but I hope at least a few of them reached out.

And thank you kindly! I gladly carry the guidon.

I have 2 pillars in business, honesty and transparency. And I at least TRY to force those pillars on my vendors too. Hence why I'm pressuring them to both reach out to all of the SMB clients and fix their mistake. I am also hustling too, but haven't said anything about that in the thread. I am trying to get everyone involved a free license extension or something as a token of good faith from Fortinet. I don't think they will end up doing that... but we will see.