Google, it's been real.

5.5 years. Started as a Security Engineering Manager in 2020, built Team Flamingo from scratch during COVID (because "EIP-Cloud-PMA" is not a team name, it's an acronym crying for help), and turned it into something special. When I stepped down in 2022 to go back to being a Staff Security Engineer, multiple people told me I was the best manager they'd ever had. I'll take that over any performance review!!

Became Tech Lead for revamping the third-party assessment program - got to work with exceptional FTEs and a ridiculously talented XWF team called Prime. Built things that actually worked. Left with my dignity intact and my head held high.

Now Sasha and I are headed to Porto at the end of the month, and honestly? I'm ready. New country, new challenges, and the freedom to do consulting work without someone questioning why my vendor questionnaire has 30 questions instead of 300.

If you need someone who can transform broken TPRM programs, speak at your conference, or tell you the truth about your security theater - you know where to find me!!

Cheers to what's next. 🦩
Kat & @sashatheflamingo

Yesterday was fun.

I'm ok. It was my treadmill that tried to kill me.

Both hands got stuck between the track and the base which is hydraulic. Hard to explain. Was trapped for almost 30 mins. Was moving it to sell it.

Biggest issue was I was scared. I was in my basement and trapped stuck with a 150 lbs treadmill and could not move. I finally got one hand free after 10 mins. Then dragged it over to where I could reach a drumstick which I finally used to pry it apart before the drumstick snapped from the hydraulic pressure.

I have soft tissue and nerve damage on 3 fingers and I broke the tip of another finger - it crushed the bone and fractured it. I never knew that was a thing? 🤷‍♀️

Made new friends at the ER that were almost as frightened as me when I told them how I was trapped. Oh and yes, I sold it later that afternoon.

New story drop! “Terms and Conditions” is live!!
Come for Harvestide, stay for the part where everyone realizes they probably should’ve read page 37...

https://docs.google.com/document/d/1voXtGy74ZBHt50_X7YdaPdB2vHx3fmp3YJQ47v8mIRg/edit?usp=sharing

#Noir #CyberSecurity #EULA #PopTarts @sashatheflamingo

Sasha insisted we co-author this, and honestly, after the weekend she had, I didn’t have the authority to say no. 🦩

- We arrived at @bsidesroc as first-timers
- We left with a suspicious number of new friends, at least three inside jokes, and what I can only assume is the beginning of Sasha’s unofficial “Flamingo Ambassador Program.”

Sasha, for her part, would like it formally noted that:
- She achieved a 100% success rate in attracting delightful humans
- She was questioned about her honeypots approximately 47 times (conservative estimate)
- She may now have more friends in Rochester than I do

Post-conference, we migrated to Bitter Honey, which Sasha has classified as “Tequila Research HQ.”

Extensive… research… was conducted. 👍

Findings include:
- The tequila selection is both impressive and slightly dangerous
- The food is absolutely worth writing home about
- “Quick dinner” is a fictional concept when you’re surrounded by great people

Somewhere between the laughter, the stories, and the “just one more” moments, the night quietly turned into one of those you wish you could bottle. 💃

The flight home added a touch of airborne chaos, with turbulence strong enough to keep everyone seated, including the FAs. Sasha remained calm, mostly because she does not believe in gravity. 🛩️

And now it’s Monday. 🤷‍♀️

Sasha is back to monitoring global flamingo #honeypot operations.
I’m back to working on my Portugal move.

But we’re both still carrying that post-conference glow, the kind powered by community, connection, and just the right amount of tequila-fueled storytelling!!

Rochester, we’ll be back!!!

While a good chunk of the security world is migrating en masse to RSA Conference and BSidesSF like packets following the loudest broadcast signal…

Sasha and I have chosen a different route. 🦩

No mega-lines.
No vendor badge bingo.
No fighting for oxygen near the espresso machine (which I will not be drinking anyway).

Instead, we’re heading to BSides Rochester — a con we’ve never been to, which makes it immediately more interesting.

New hallways.
New humans.
New stories waiting to happen.

These are the places where conversations aren’t rushed, where ideas don’t have to compete with a 40-foot LED wall, and where you can actually hear someone say, “wait, show me that again” and mean it.

Sasha is already flapping at operational readiness, prepared to charm, observe, and possibly recruit new flamingo agents into the ever-expanding network.

As for me?
I’m looking forward to the kind of hallway track that turns into three hours of “how did we even get onto this topic” and ends with something genuinely useful.

To everyone heading to the big shows, have fun, stay hydrated, and may your badge scans be swift.

We’ll be over here… discovering something new. 😼

I love that this is a very popular password on my honeypots - everywhere - "8675309" 🦩

#CyberSecurity #Infosec #Honeypot #DeceptionTech @sashatheflamingo

The SSH Key Breadcrumb Trap 🦩

Most honeypots have one fatal flaw: they're too clean.
Empty bash history. Pristine directories. No evidence of actual use. Attackers notice.

So I plant breadcrumbs. 🤷‍♀️

Realistic bash history. A private SSH key in .ssh/. History showing SSH connections to "other servers" using that key.

Those "other servers"? Also honeypots!

When bots hit my honeypots, they brute force and move on. Boring.
But when a HUMAN does post-compromise recon, finds that key, and tries to pivot to those other servers?

Critical Wazuh alert, because only humans do this!!

Bots don't read history files. They don't hunt for lateral movement opportunities. They don't use found SSH keys.

Standard attacker tradecraft requires checking for keys and using them. If they skip it, they might miss real opportunities. If they follow it, I know I'm dealing with an actual human threat actor.

It's a catch-22. And it works beautifully. (And "@sashatheflamingo Approved")
Full writeup coming to sashatheflamingo.xyz soon!!

#Cybersecurity #HoneyPot #ThreatIntel #Deception