" (Ace Tomato Company)
"
M.S., CISSP, SANS, Industrial Experience. I sometimes wonder why I don't become a welder or Service-Now consultant.
"Arise and Be Merry and Sing out while you can!"If you need to integrate secure coding practices into your Software Development Lifecycle, my friend @SheHacksPurple just released a great free Secure Coding Guideline document to help get you started. 🎉👇
Your Guide for an OT-Specific Incident Response IT incident response plans aren’t built for the realities of ICS/OT environments. This white paper provides a practical, engineering-driven framework for developing ransomware response playbooks tailored to industrial environments —emphasizing life safety, operational continuity, and realistic ICS tabletop exercises. With a focus on cross-disciplinary collaboration and sector-specific threats, the guide outlines how to detect, contain, eradicate, and recover from ransomware attacks without compromising industrial operations. It also underscores the importance of treating response plans as living documents—continually tested and refined as environments and threats evolve.
At Security’s core is trust. Trust flows from stability. Introduce instability / inconsistency you will soon lose trust. That’s why the CVE drama is important. It’s needless drama and reinforces that United States leading cybersecurity can no longer be trusted stable partner.
You follow the giant because you know in their shadow there’s an implicit bond of protection. Once you introduce the idea the giant can’t be trusted, you will cease listening to them. It doesn’t work out well for either party.
Sent an Awareness email about the risks of QR codes.
Resisted putting a QR code going to the Clip of The Breakfast Club "Detention for Life" Scene
Accidental CISO
Lesley Carhart 
Effin' Birds