Good day everyone. It is a new month and that is my cue to remind you to support your fediverse instance. Operating fediverse instances is not free, and nearly all instances are run by volunteers and funded by donations. If you do not already do so and are in a financial position to do so, please consider it. You can generally find information on how to support your instance on it's about page (for example https://infosec.exchange/about for people who use infosec.exchange)

I am super fortunate to have supportive members, but not all instances are so lucky and so I am asking on their behalf, so please, if you get value from this service, consider supporting your instance.

Thank you all and I hope you have a great week!

I am counting down the 100 days left till my term as a CISO comes to an end with some humor and wisdom I've picked up over the past 4 years.

100 days left...

It can be intimidating to deal with external security researchers that have identified security defects in your products and are looking to gain some PR exposure. The initial response of many companies is to trot out the lawyers with threats of legal action. For the most part, security researchers are reaching out because they want partner with you. They ARE going to write about problems with your products, but you can be seen as embracing the process and using it as an opportunity to improve, or you can be viewed as obstinate and trying to hide your flaws. I've had the opportunity to work with many researchers over the years, and I've found in every single instance, kindness, responsiveness, and just taking their feedback seriously goes a long way.

I am going to start moving Infosec.exchange behind Fastly. If it goes well, no one will notice. If I screw up, you’ll notice.

My money is on screwing up.

Upgraded my kid's run-down secondhand power wheels from its original 12v battery to the 20v lithium ion out my my weedwacker.

It may now be slightly dangerous. ​