Pinned post

I'm another Senior engineer at CrowdStrike. This role focuses on assessing the security of various on-device sensors, including threat modeling, testing, and code review. Knowledge of OS internals is a huge plus, especially macOS or Linux.

crowdstrike.wd5.myworkdayjobs.

Pinned post

I'm a Sr Engineer at CrowdStrike to threat model and assess cloud applications, and work with software engineers to improve designs and implementations. Remote-first company. North America preferred, but other locales are possible.

crowdstrike.wd5.myworkdayjobs.

In the life of the common or garden USBee, the real tragedy is their constant failure to get into the flower the right way around on the first try.

Hey remember reading books for fun? Me either. Sincerely, someone who has way too much work-related reading

Printing from macOS directly to an IPP-capable printer, using the vendor's sanctioned driver stack: works about 20% of the time.

Printing from macOS to a Linux-based CUPS server using opensource drivers for that printer (but still talking to the printer over WiFi): works 95% of the time.

Figures

I'm another Senior engineer at CrowdStrike. This role focuses on assessing the security of various on-device sensors, including threat modeling, testing, and code review. Knowledge of OS internals is a huge plus, especially macOS or Linux.

crowdstrike.wd5.myworkdayjobs.

I'm a Sr Engineer at CrowdStrike to threat model and assess cloud applications, and work with software engineers to improve designs and implementations. Remote-first company. North America preferred, but other locales are possible.

crowdstrike.wd5.myworkdayjobs.

Hey, #Fediverse, do you use (say, at least once per week) any Mozilla products?

Context: some people are claiming "nobody uses Mozilla's products anymore". I'd like to see if that's actually true.

Man, this kind of scale is cool. Event management on the scale of a *trillion events per day* is pretty amazing

I'm just glad I'm not a data systems architect for that 😬

I've very much enjoyed my 8 years at Veracode. My team has been amazingly supportive and helped me learn and grow, and I got to work on making an amazing tool that has helped fix literally millions of flaws before they got into the wild.

But it's time for a new adventure! Next week, I start with CrowdStrike, where I'll be managing a Product Security team

You say "recipe book", I say "sauce code repository"

Get fedi hired 

Adam over at Stripe is looking for Oauth/webappauth folks. If you are a good fit, and apply, let me know and I’ll drop a bug in his ear.

stripe.com/jobs/listing/staff-

Sometimes it's not DNS. Sometimes it is drivers that only partially install

Yes, it is sensible to place some kind of limit on password field length, because submitting the collected works of Shakespeare to that field can be a DoS because password hash functions/KDFs have practical limits

But that limit should be well above 50 even if you're using one of the older bcrypt implementations. Not *16*

Oh, and while you're at it, check your minimum length. If it's "8" or "9" please also check for still-running Windows NT servers

Veracode has been a Gartner MQ Leader for 8 years running

I joined Veracode 8 years ago. Coincidence?

Yes, absolutely a coincidence

sometimes the US military propaganda fails and it hits a little too close to the truth

The takeover of freenode by a hostile actor (abusing admin to ban advertising a channel's move to other places? Bad) is yet another lesson in "centralization is undesirable for communities"

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.