SwiftOnSecurityI'm bringing shitposting to Mastodon buckle up
Dave Merkel
- 9 Followers
- 74 Following
- 13 Posts
Of the cybers, against my better judgment. CEO of Expel.
David WDo you make a product that relies on the user being able to tell if a single LED is red or green? Please stop.
@chrisculling "No Mr. Bond. I expect you to die."
Chris Merkel 🐀👨🏼🍳Should your organization freak out and roll IR because #okta got their source nicked?
Rather than say yes or no, ask yourself what your organization can meaningfully do. Odds are not much. Consider the need to do performative work to keep your executives calm, which sucks but infosec theater pays the bills and keeps auditors happy. Keep in mind that the Windows OS source has been in the hands of threat actors over and over for years and no new sploits came from that so far.
Make sure you're pulling Okta logs into your SEIM and have alerting in place for things like:
- admin membership changes
- abnormal amounts of password changes
- password changes followed by MFA changes
- configuration changes to key components, such as MFA or logon restrictions.
@DarthSn3ak3rs I feel you. Also...that feeling gets nothing but worse. Happy Thanksgiving! 😜
@wendynather This is the way.
@boblord Ouch. Good luck to you sir. 
Lesley Carhart 
It drives me crazy how poorly a lot of US companies treat their people and how we are so desensitized to it that just suggesting doing things differently shocks people.