Everyone who has worked Incident Response in real companies

Charlie knows what he's talking about in a way few people in this industry can - modern platforms have an obligation to their users to remove malicious actors who abuse the product to hurt others.

I guess the new "OTF" unnecessarily controversial stance is that platform owners and operators have a moral obligation to reduce the harm their platform does to innocent people.

They tell you about the love and pride and all the warm fuzzy stuff, but they don't tell you about how cool it is to do nerd stuff with your kids. Already anxiously awaiting Sonic 3 premiere with my kiddo.

Since we're pouring one out for OSCP, one of the least broadcast benefits of the exam is how similar it was to actual pentesting work. There's nothing quite like wasting 12 hours of time chasing a nonexploitable syntax bug only to find something real an hour before test end.

If a detection fires in a forest and there's no SOC analyst around to triage the alert, does it make a sound?

Question for the infosec twitter brain trust - what is the best "cup check" audit you can do in a single day that when remediated will block the greatest amount of potential threats? I'm talking quickest of wins, lowest of fruit here.

All the fresh college grads joining world-class IR consulting firms:

First World TTRPG Problems: A cool new dark, gritty setting comes out but all your "edgy" friends are now buttoned up IT professionals and only play 5E

People often misunderstand opportunistic targeting (baiting) employed by threat actors. You know those signs you see stapled to a pole saying you can make XXk a month only if you call this number? Yeah, they don't need to fool you - just the person desperate enough to call them.

As Brian notes, blameless does not mean without accountability. You have to be able to say "X failed because Y team made Z choice". Blameless means you don't call out individual persons and try to ruin their lives over what is typically an honest mistake.

When you have a file lock on the investigation timeline so some goober associate doesn't try to merge in their horrendously formatted system timeline into the main one while you're compiling new IOCs to track (it me, I was the goober)

Elmo loves you. ❤️

Build a career where you always bring something valuable to the table - that can be depth, breadth, or even just unbridled tenacity and grit. If you do this, you'll find there's a seat for you more places than not.