👥 20 years of impact. One unforgettable event. The 20th Annual ICS Security Summit brings together the best minds in OT security for an event like no other. Don't miss it! 📍 Orlando, FL 📆 Summit: June 15–17 | Training: June 18-23 🔗 Learn more here: sans.org/u/1AX0

My presentation in San Diego tonight will be streamed online: sans.org/webcasts/devel… Developers, Developers, Developers: Three Ways How Your Software Supply Chain is Attacked

Thx @delta for reaffirming my desire to travel less

19 students. 15 countries. 1 global mission. Please join us in welcoming the 2025 Paller Cybersecurity Scholars to the #SANS_EDU community! 🎉 sans.edu/pcs

Looking to expand your reading list? 📚 Volume 5 of Research Review Journal is here — featuring 45 practitioner-written papers on the toughest challenges in #cybersecurity today.

🔥 Just announced: Our 2025 BSidesAugusta Keynote is Dr. Johannes Ullrich (Johannes Ullrich) — Dean of Research SANS Institute, founder of @ISCStormcast, and host of the Daily Stormcast. Don’t miss it. 📍 Augusta, GA 📅 Oct 25, 2025 🔗 bsidesaugusta.org #BSidesAugusta 💙💙

Be the one who knows what to do when everything’s on fire. 🔥 The @SANS_EDU Incident Response Certificate program helps you earn GIAC certs while building the advanced skills needed to hunt threats and stop attacks: bit.ly/3FLHNDT

Looking to pivot into cybersecurity? 🛡️ Eunice Park knew she wanted a career with impact. The @SANS_EDU Applied Cybersecurity Certificate gave her the skills to defend critical systems—and the confidence to do it: bit.ly/4dt1H1I

New minor bug release to SRUM-DUMP v3 today. github.com/MarkBaggett/sr… It addresses a bug that manifests itself when you do not have a SOFTWARE hive associated with the SRUM and the first 32 characters of two table GUIDs are the same. If you are not sure how to use the tool

Over these past two days, June 3-4, 1989, 36 years ago, the Chinese Communist Party launched one of the most significant military crackdowns in history against a student-led pro-democracy and anti-corruption demonstration at Tiananmen Square in Beijing. Tanks, armored personnel

SSNs haven’t been sensitive data since at least Aug 6 last year if not earlier Tell your GRC team they should consider SSNs public data

The energy, the insights, the community—SANSFIRE 2024 had it all. Watch the official recap video and see why this event is a must-attend. Then get ready… because #SANSFIRE 2025 is going to be even bigger. Learn more & register today: sans.org/u/1B3i #SANSLiveTraining

good point. Are SSNs really more sensitive than an e-mail address or a phone number?

Oh, you had me for this Executive Summary! Security Response Congrats Michael.Gorelik and team for the discovery.:) msrc.microsoft.com/update-guide/v…

🚨 3 in 5 organizations have suffered software supply chain attacks. Are you ready? The @SANS_EDU Graduate Certificate in Software Supply Chain Security arms you with the skills to defend every phase—from code to deployment: bit.ly/3SCwBh1

Another Fortinet CVE, let’s see what the market thinks… oh, right,

What does it take to secure industrial control systems? Faculty expert Dean Parsons Dean Parsons walks through the key controls, career paths, and #ICSSecurity curriculum at SANS ICS—all in one video.

Join SANS Fellow Johannes Ullrich at #CloudSecNextSummit to take SEC522: Application Security: Securing Web Applications, APIs, and Microservices™! Save $600 on your course with code "SUMMIT*600" - Offer ends July 11. 🎯Secure your spot today buff.ly/5uvxcZl

Was just reading some (old) Marcus Ranum slides today, and came across this line: "A couple of years ago, when I was implementing some code that had to interface with syslog, I decided to read RFC 3164. This was the moment when I stopped believing in the “standards process” and

Here's a GREAT article by Joshua Wright about attackers shifting their tactics, exploiting "authorization sprawl." Very insightful! A must-read. techtarget.com/searchsecurity…