Gabriel N

@[email protected]
105 Followers
171 Following
1.2K Posts
Founder ofhttps://kilpi.tech
Personal websitehttps://nyman.re
Gabriel N5d ago
Brian Honan6d ago

Many thanks to Mirko Zorz and the team at @helpnetsecurity magazine for allowing me to rant about my dislike for the phrase "Human are the weakest link" when it comes to #Cybersecurity

In fact humans are our "last line of defence" when all our tech has failed or been bypassed

https://www.helpnetsecurity.com/2026/03/31/cybersecurity-design-failures-not-human-error/

Why I'm done calling humans the weakest link - Help Net Security

Cybersecurity failures often stem from poor system design, not human error. Rethinking security means building safer, user-friendly systems.

Help Net Security
Show threadGabriel NMar 28

@hamatti in case you aren't familiar, it's not for everyone but I found https://gobeyondgoals.com/ useful to help me focus more on doing more of what I want and less other things.

I don't know you but I just from following you I have a feeling you might like it, somehow you remind me of the nice people who run it.

I also don't know when the next workshop is happening but sign up if to the newsletter if it sounds interesting, best part is that it's pay what you want so you decide afterwards how much it was worth, might have been a small sign up fee also but I don't remember

Beyond Goals Intensives - Life Clarity Workshops!

Make time to make the most of life. 5 hours of learning, coworking & coaching to go from stuck to flow Beyond Goals Intensive Stay tuned for our next workshops! Buy someone else the gift of BGI Or…

Beyond Goals
Show threadGabriel NMar 28
@wendynather @1password if I was there I'd attend just because of the great design on the poster
Show threadGabriel NMar 27
@bjis @krisu @kepano I assume this is a general comment about state of things, one just need to take one look at Show HN or GitHub to know 99% of those projects were done in a few evenings and the author will loose interest and/or notice it's impossible to maintain with a week
Gabriel NMar 21
Lenny ZeltserMar 19

Love them or hate them, SOC 2 reports have become table stakes for SaaS deals. But the framework leaves the vendor in control of the system boundary and auditor selection, which means the reports vary drastically in rigor.

I wrote about what that structural gap means for vendors trying to build credible programs and buyers trying to evaluate them:

https://zeltser.com/soc2-checkbox-reality/

#cybersecurity #infosec #SOC2 #riskmanagement #TPRM

Understand the Reality of the SOC 2 Checkbox

SOC 2 standardized security reporting, but it left the vendor in control of the system boundary and auditor selection. Understanding that structural gap helps vendors and buyers get the most value from the framework.

Lenny Zeltser
Gabriel NMar 18
Scott JensonMar 17

#Baltic Friends!

I'm going to be travelling starting in #Helsinki and then working my way through #Estonia, #Latvia, and #Lithuania mid-June through mid-July this summer. While I expect most schools will be on vacation, I'm still looking for any interesting #UX groups/teams that I could visit. Please feel free to pass my name along to anyone.

Show threadGabriel NMar 16

@claushoumann @codinghorror one company realised this early and tried hard to not become evil that they even made it their motto, but inevitably they failed

It's interesting to think about it on a higher level, our current capitalistic system leaves it up to the company to decide if they are evil or not, the laws for public companies say that you must do what's best for the shareholders, why don't the laws say "don't do evil"?

Gabriel NMar 15

I have a persistent little botnet that has been hammering my non-standard ssh-port on my personal VPS for a while since it found it some weeks ago. For a long time I just ignored it, but today I decided to fight back a little.

First, I had claude write me a little script to fetch abuseipdb and turn it into a ipset rule to block everything before it even hits the server. But turns out the free level of abuseipdb only includes the top 10k ones. So I included a otx one also, but still did not catch all of them. Now I added blocklist.de which had the last ones. Let's see where that takes us.

Why am I doing this you might wonder? Is getting your ssh brute forced not part of life on the internet?

Probably, but I like making life hard for attackers even if it's mostly symbolic. First I had a ssh-tarpit with the hopes that it would tie up the scanners, but I think most scanners nowadays written in vibed in golang and it handles concurrency without trouble.

So next I thought I'd impose some cost on their botnet, by reporting them to abuseipdb. If that "burns" their IP and forces them to find a new one, then it's a win. But I was still getting too many connections that was already on the list, so me saying +1 it's bad was not adding much value.

So I thought, what if I block "all" the "known" ones. That means that if someone gets through and reported to abuseipdb, maybe that was a clean address that is now marked bad and might not work against others.

I guess it's like trying to put out a forest fire with a bucket of water, but it's at least something. And at least it cuts down on the noise on my server 10x.

Show threadGabriel NMar 9
@hamatti
Do you think the people at Salesforce understand what No means?
Yes
0%
Ask me again tomorrow
100%
Poll ended at .
Gabriel NMar 8
Jan PenfratMar 7

European #DigitalRights is looking for interested candidates to become a member of the @edri Board. As Board Member, you will help shape the future of the organisation and the network and advance its mission to promote and protect #HumanRights in the digital environment.

https://edri.org/take-action/careers/call-for-nomination-edri-board-elections-2026/

Call for Nomination – EDRi Board elections 2026 - European Digital Rights (EDRi)

EDRi GA will this year elect two Board members to replace two outgoing Board members to help shape the future of the organisatation.

European Digital Rights (EDRi)