My 2nd @Prometheus video is out! 🥳

For now I'm still covering the absolute basics of setting up a minimal Prometheus server before getting to the more advanced and interesting bits (best practices, interesting tips, specific integrations, and so on) on the channel.

https://www.youtube.com/watch?v=OxZmn4svOyA

I've seen enough from playing with bots like #chatgpt, #midjourney and dall-e. The future is here and it is coming at us fast.

ChatGPT for developers is like having 100 junior programmers working for you. Experienced devs will need to guide the program, but it's going to make them insanely productive in the short term. If they know how to use it.

Google and other search engines are at risk. The current search-engine process is 1) Think of what you want to do or discover, 2) Formulate a search query, 3) Review and find the best result, 4) Success. ChatGPT eliminates the need for 2 + 3. Why visit a Google when your digital assistant will get the best answer for you?

I've been feeding chatgpt snippets of insecure code and asking it to explain whether there are security vulnerabilities- in most cases it gives the correct answer. The implications for security professionals are obvious. The implications for attackers are also obvious.

Anyone who doesn't know how to use these tools is going to be left behind in the workplace. A new class of job will be created for people who know the best AI/bot to use for a particular task, and who can query and manipulate the output. It's all to play for.

2023: Predictions.
Someone just pinged me about my thoughts for 2023, and what to expect.
My answer was simple.
Same as 2022, just more painful.
☑️Here's the logic.

UNTIL y'all can actually EFFECT change on something as simple as the OWASP Top 10 then nothing's going to change.
For the last 5-6 years that basic TEN things has hardly changed.

For 20 years we've had SQL injection FFS...
So, you want predictions for '23.

More of the same until people take a step BACK, fix the basics, take care of the simple stuff, roll up the sleeves, take care of assets, patching, educating humans, and BASIC backups, etc.
Oh, and sorry, simple shit doesn't get you on the front cover of CISO magazine, or headlining conferences...
STOP chasing the easy button it does NOT exist‼️
‼️STOP with the blinky baubles and crap
‼️STOP with the vendor lunches
‼️STOP being blinded by bullshit
‼️STOP with the "it's not my area"

PICK up a bloody pencil, go count your assets and start there.
Oh, and GO TALK TO the developers, network teams, IT folks, and stop sitting in your ivory towers and quit pretending to be a “progressive, proactive cybersecurity specialist” when you ain’t about shit putting forth your 💯 into the game and actually doing it right.

It's NOT hard, y'all just don't want to do it.
That is all for now. 👩🏻‍⚖️