BSidesLuxembourgIts an exciting day for us here at #bsidesluxembourg as we’re now able to announce the #bsidesluxembourg2025 KEYNOTE!!!
The keynote address will be given by the formidable @d3sre !
We can’t wait!
Remember: We’re rebooting BSidesLUX on June 19th!!
Desiree Sacher-Boldewin
@d3sre@geraffel.social
- 393 Followers
- 147 Following
- 55 Posts
cyber defense architect, dc4131 alumni, FIRST BoD member, curious geek driven by the urge to understand things
This is it! Its on!
Save the date and polish your speaking or training skills-> call for papers, workshops, trainings, sponsors and volunteers open!
Submit: https://pretalx.com/bsidesluxembourg-2025/cfp
PS: sponsor package options available on info@bsides.lu!
my team and i want to get some feedback on what kind of false positives in cyber security monitoring everyone is tackling and what the strategies are. we appreciate your input and your time (~ 9 minutes to complete). https://forms.office.com/e/6NC4BqGSRd thank you 🙏🏼
FOSS Security CampusThis year at FOSS Security Campus, @d3sre will give insights in to what happens in an organization when they have to apply patches you create and what also organizational challenges the technical teams usually face. https://program.foss-security-campus.de/fossec23/talk/8ATMKV/
Why I didn't patch your patch FOSS Security Campus 2023
Only few developers have ever worked in the "Blue Team" of a security organization and know what the decisions are, that are usually made by the security responsible. There might be very legit reasons why a patch is down prioritized and the more information developers have, the better they could suit a patch to the needs of their "customers" (the security experts all over the world that need to apply the patch). This talk will go into details what happens to a patch after it is published and what are the structures (and processes) before a patch gets applied. It also highlights what challenges an engineer is usually faced with or more mature companies have already resolved to streamline patch management.
Sherri Davidoff“Brain area necessary for fluid intelligence identified.” That’s our “ability to solve problems without prior experience.” Security pros need to have high fluid intelligence just to be in this industry! https://medicalxpress.com/news/2022-12-brain-area-fluid-intelligence.html
Łukasz 
"Charlatans in InfoSec - from Kim to Jonathan" by @secresDoge@twitter.com at @BSidesVienna@twitter.com starts in a couple of minutes.
I'll be live tweeting/tooting it in this thread! 🧵
I'll be live tweeting/tooting it in this thread! 🧵
Baklava Monster
Sasha RomanoskyWe need more #cyberinsurance and #cybercrime people here! Also, those with a dose of #cvss (vuln severity) and #epss (vuln exploit prediction, https://www.first.org/epss/model).
❄️☃️Merry Jerry🎄🌲I love all of you and I want nothing but the best for each of you, particularly those on infosec.exchange. I understand that Mastodon isn't Twitter, that DMs aren’t end-to-end encrypted, that we are spread across different instances and it can be hard to find your friends, and that an instance can go away at any time, and that translating posts doesn't work correctly, and there is no native giphy support, and that some instances are overwhelmed and super slow, and that you don't think the federated model can scale to a billion users, or that it doesn't support full text search of every post and account, or that we can't comply with the GDPR, or that we don't support quote tweet style functionality, or that we shouldn't collect IP addresses, and many other things.
The fediverse is a work in progress. I've been here for going on 6 years. In that time, it's come a long, long way. That said, Mastodon is not going to appeal to everyone. The decisions I make are not going to appeal to everyone. No one is forcing you to be here. No one is forcing you to disclose your personal secrets into a network of federated servers running by volunteers and hobbyists. NB: this is not Twitter. It has some similar functionality, but it is not Twitter. Parts of it are better, IMO, and parts are not. The security community is generally among the most skilled and competent IT people the world has to offer. Mastodon is open source. Do you see where I'm going?
I set this instance up a long time ago for reasons I don't even remember. I have poured my soul into this thing because I believe in the importance of this community. I have effectively peaked in my career as a CISO and I and my family live well. I am not running this instance for fame, money, a better job, or anything other than wanting to foster a community of people that can learn from each other and make the world a better place. That's it.
As I've said in several recent interviews, I felt particularly obligated to ensure the security community had a good landing spot in the fediverse as everyone was running for the doors in Twitter. We've grown from 180 active users to about 30000 in the span of 3 weeks. I do not expect everyone to stay. Some will set up their own instances. Some will move to one of the other excellent security focused instances. Some will give up and move to on to some other social media. And that is OK. While I am super excited to see the buzz here, I don't have subscriber targets, engagement targets, retention targets, or anything else. The only metric I hold myself to is whether I think this is serving a useful purpose to the community.
I appreciate all of you, regardless of where you land. Infosec.exchange has been here for a long time and will continue to be here for you.
Arvind NarayananAlgorithms aren't the enemy. Chronological feeds don't scale and the signal-to-noise ratio will plummet if this ever gets popular. The real problems with today's algorithmic feeds are non-transparency, lack of choice, and optimizing for engagement instead of healthy discourse.
Open-source is a perfect opportunity to fix all this. Have there been any efforts to create a Mastodon instance with a (community governed) ranking algorithm? Is that technically feasible? Or is the idea simply anathema?