JohnsNotHere @JohnsNotHere@infosec.exchange

So if someone made a podcast about security that's aimed at the C-Level, would you listen to it? Not the usual deep, technical, jargon but rather aimed at executives. No news, just best practices.

Please boost for maximum coverage.

#infosec #podcast

Hey everybody. In the interest of giving back to the community (and the fact that I *really* need to start advertising more), my company (EliteSec) has created a simple project for setting up Sonarqube to test against your own codebase.

Sonarqube is an open source static code analysis tool. I've created a simple Vagrant script that will:

1. Download an Ubuntu 18.04 VM
2. Install Docker
3. Install Sonarqube
4. Setup all routing for your local machine.

Check it out:

https://github.com/EliteSec-io/vagrant-sonarqube

Incorporation is complete, I can start making noise about https://elitesec.io

For those who are looking for #pentesting #vulnerabilityassessments or just #infosec help, make sure to consider us. We're based in Canada, but happy to help whomever we can reach. Many thanks!

Repeat after me - Use of biometrics alone does not replace a password and another factor. Biometrics alone is still single-factor, and while arguably stronger than just a password, swapping a single factor of authentication for another does not trump proper multi-factor authentication.

To anyone in #infosec, it's a known fact that we need to constantly read up on the latest TTPs that attackers use to protect against them, but it's equally important to offensive-focused folks (pentesters, red teamers, etc.) to do the same. I have been lazy and lost my relatively good ranking on TryHackMe because I wasn't keeping up. I will now find the time to rectify this issue. Remember, #infosec is a field where everything moves quick, so best to try to keep up.

I'm spending the weekend cleaning out my garage and one of the spare rooms. Any concerns about filling a 14-yard container were thrown out the window. Now the question turns into whether or not I have enough room left in it for the last few items. 😛

But I will say, taking a break from technology and everything has been a nice break. Very therapeutic to toss crap I haven't touched in 10+ years.

Oh, and spending 3 days moving a bunch of content and re-writing parts of a website while watching Netflix and YouTube videos is one hell of an endorsement for Hugo, my static site generator of choice. Aside from some VERY basic metadata updates and some CSP rule cleanup, it was nigh painless. I'm truly amazed, and I love how easy it is to maintain.

Time to break the silence. I've spent the weekend updating my theme for EliteSec to a new one, and I also re-wrote some services pages to make them a bit more "marketable". I've only done some basic spell checks, no grammar checks yet, but I'd appreciate any feedback if someone has time:

https://elitesec.io/

TIA!

tl;dr - was invited to a "business cult" a second time, but I declined. Damn people are persistent.

Also, business networking cults are a thing, and they're insane.

Needless to say, I said no the first time. Today's invitation was much more "persistent", to the point that I'm not responding any further. I'm sorry, but any "networking" group that charges you a membership fee and requires =you to be on the lookout for new members is not a business networking group, it's a cult. Now go do a search for "BNI cult". Enjoy the readings!

I joined my local chamber of commerce's networking event today. Again I was approached to join BNI, another networking group. Have you never heard of BNI? Neither did I until I was asked the first time, then I looked them up. Go do it now, I'll wait.

The best part of finishing an engagement is preparing for the next one. And by preparing, I mean figuring out what I let slide while I was working on this engagement.

Hello Fediverse, anything interesting happening? Tell me of your weekly exploits.

It's Friday night. Guess it'll be a weekend of report writing as I consider marketing the business again. Sigh.

This pandemic has definitely shown the true colours of a lot of nations. The geopolitical sphere is going to be a lot different moving forward, especially with nations hoarding vaccines and not allowing existing contracts to be fulfilled.

It's also showing a lot of true colours for "friends" who reach out to appease their own conscious, but don't actually care about how your doing. Once they reach out, they feel better about themselves, and ghost you from there.

Very enlightening.

I realize in these troublesome times that this isn't something that everyone can afford to do, but for the sake of my own sanity, I'd rather take the hit and spend more time and energy finding another client instead.

My philosophy is simple; do the best you can, but don't take advantage of people. I know that this org is bad at communications, from completely ignoring emails, missing details in the emails, and just being a PITA in general. I'm not interested in giving my services away for free either, and if you're being difficult, you're going to be more expensive to me in the long run. Now I wait, but the longer I wait the more likely I am to tell them to find someone else.

I'm very much at the point of turning them away for a few reasons:

1. It's clear from our conversation that they don't actually read the emails I send to them, outlining what I have.

2. They clearly have money on the mind, which is fine - that's what drives a business, but I have mouths to feed too.

3. I have no hope that they'll actually heed any advice I give, based on past interactions.

They told me the name of the other competitor, and I have respect for them, but something wasn't adding up properly. I later found out that the quote was for a completely different application that they had, and not nearly as complex. Now they're trying to figure out if they want me to come in and help with some other work that they want done.

Never be afraid to turn down a job and/or let a customer go. I had a rather interesting conversation with a client who asked why my price for a pentest was over 2x the cost of someone else. I simply said "I don't know, because I don't see the quote in front of you in terms of what they offer. Here's what I offer, which is the same service I provided last year, but at a lower cost since I have more experience with your platform."

One thing I always appreciate is being able to jump back into a conversation with a friend or acquaintance and just pick up where we left off, regardless of how long it's been.

I suck at staying in touch with people, it's just who I am. Am I antisocial? No, just lazy. 😛

Just got a message from someone I haven't spoken to in nearly 18 months. I love that I can just continue the conversation. Distance and time are meaningless if the respect is still there.

I love Twitter friends. They DM you once a year, ask how your doing, and when you tell them exactly how you're doing and then ask how they are, they ghost you for another year.