HackerTrans
TopNewTrendsCommentsPastAskShowJobs

secfirstmd

no profile record

comments

secfirstmd
·7 months ago·discuss
Yep totally. It's something I've incorporated. Especially where the main incident commander gets overwhelmed with decisions, tunnel vision or distraction. For example getting trapped into threat hunting rather than commanding.

I actually think most cyber incident responder training for the commander is pretty weak because it doesn't do a great job of instituting the stress element. Physical security training does it in a much better way. The result is the need to create custom stuff. Because some shitty off the shelf big vendor table top or similar ain't gonna do it.
secfirstmd
·7 months ago·discuss
So as someone who runs and trains cyber incident response teams. Where a big focus is on MMTx and reducing chance for adversary breakout times. Which are gonna get worse thanks to AI. This paper was actually part of me calling the approach Formula One IR.

Specifically about getting people joining the IR to already have their assigned speciality and first moves ready to go and to begun, as a way to support the incident handler. There's really big benefits to studying the metrics of specific incidents you have to the minute by minute level. So much time saving to be made, accuracy to be enforced and duplication to be reduced.

You can find there's less time wasted in an incident dividing out jobs or lost go inevitable context switching to join the incident. There's already searches, people and clarity about what should mostly likely be done in the first few mins, even though the plan will change and details initially are probably scare. It's really effective and cuts MMTx down a huge amount.

Obviously then the handover itself is a vital part in IR to get done accurately and with speed. So that flows into all of the above. It's a really good paper for thinking through workflows

I must get around to writing it up some day.
secfirstmd
·10 months ago·discuss
ARC always feels like a feature not a product. Don't see how Atlassian connection is really gonna make either better.
secfirstmd
·last year·discuss
MCP? I find the name MCP over used but not offensive.
secfirstmd
·last year·discuss
Eh I got news for ya.

The file size problem is still an issue for many big name EDRs.
secfirstmd
·last year·discuss
I think there is an argument that currently Google Gemini is best place to tie everything together. Assuming Google executes on it well.

Most people use Gmail, Docs, Google Maps, Google Calendar above Apples alternatives. Gemini could really tie them up well.
secfirstmd
·2 years ago·discuss
Lol, pretty sure you can. See Afghanistan withdrawal, Iraq, Vietnam etc etc
secfirstmd
·2 years ago·discuss
Failed country? By what measure? One of the highest GNPs per person, one of the most democratic, one of the highest winners of novel prizes for literature per population, one of the safest countries in the world, one of the most food secure countries in the world, overall very good and mostly free health and education, a high redistributive tax system, friendly people, easy place to work...
secfirstmd
·2 years ago·discuss
I worked at the MIT Media Lab Europe and in the army for my transition yeah.

Oh and drank a lot of beer. Great times!
secfirstmd
·2 years ago·discuss
Intersting. Pidgin and variations are used by some gov orgs.
secfirstmd
·2 years ago·discuss
At secfirst.org over the past 10+ years we've probably trained hundreds of journalists on this exact scenario and how to detect/mitigate it.
secfirstmd
·5 years ago·discuss
Yeh me too! I head pro doesn't allows proper mirroring either
secfirstmd
·6 years ago·discuss
They also have made a big push into the data of NGOs and the UN. Many of which collect very sensitive data in some countries with some very complex political, economic and social issues. Palantir was often doing this for free. Maybe it's the cynic in me but in the same way I'd guess NSO Group does in the Middle East, somewhere something would be phoning home to Palantir's bigger customers (CIA, NSA) etc
secfirstmd
·8 years ago·discuss
Can confirm. You are kinda forced into using their ROM.

I just want a good Android phone with at least some level of enhanced privacy. Its such a pity Copperhead went kinda weird.
secfirstmd
·9 years ago·discuss
I wonder what the value of this chip flaw would be to the NSA?