Managing initiatives through NIST CSF seems to be good/best practice. What are you all using to track the maturity of your cyber program?

Sunday morning is a great time to post an

Hi! I’m a professional, who has been into and for 25y. To give back to the community I run and .
I live in the San Francisco Bay Area with my wife and two kids. I came here 11y ago from , which is my hometown. My alma mater is , where I studied computer science. I was born in East Berlin, behind the iron curtain.

Be kind and hack the planet!

fellas who ended up on the overloaded and instances!

Give them a break and migrate to one of the infosec focused instances:

If you are looking for a great reference about CSOC/SOC operations, check out Carson Zimmerman's "Ten Strategies of a world-class Cyber Security Operations Center"

fediverse! What's the best paper/book you have read on zero trust?


Any tips on how to better communicate that system maintenance (incl. patching) needs to cover ALL devices on the network?

Browsing the this morning. A lot of German speaking victims lately, seems like they have learned how to navigate German Windows Server versions.

Desktop Linux Security Review for Elementary OS - The new Leader in this Review Series! Elementary OS collected 13 out of 18 points and looks great along the way.

Should we start suing web hosting companies, when they don’t patch their servers and as a result the websites get compromised and used for malware operations, which then creates a bad reputation for my domains?

Finished my security review on Garuda Linux - Such a beautiful distro! It received 10 out of 18 points - An average score.

Desktop security review for :ubuntu: is in!
Interesting that it downloads updates during install but not actually installs them.

Pop!_OS security review done. They missed out on a lot of points because of two ignored vulnerabilities 😞

Third security review for desktop distros done:

(Given the stuff I saw when testing and read online, I'm bracing for impact...)

is showing us that the current state of vulnerability scanning technology is insufficient. Who has ideas on how to improve in a way that would make it possible to properly handle a event?

Show older

InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

We have a Getting Started Guide here: