Read on Twitter
Patching vulnerabilities is for servers not for people
It's okay to feel and express vulnerability
It's okay to feel and express vulnerability
Threat detection is for malicious attackers not for colleagues
It's okay to feel that your core needs aren't being met...unless your colleague is genuinely a malicious insider attack or--okay this metaphor is getting complicated
It's okay to feel that your core needs aren't being met...unless your colleague is genuinely a malicious insider attack or--okay this metaphor is getting complicated
Cryptography is for hiding information from attackers, not from colleagues.
It's okay not to know everything. Share what you know. Don't cover what you don't know by being cryptic.
It's okay not to know everything. Share what you know. Don't cover what you don't know by being cryptic.
Pentesting is...uh maybe not this one 
"Your compliance will be rewarded"
Frameworks and standards are for security teams...and also for people
Standards are good. Plan, do, act, check! Continuous improvement of your insecurity management system is in the best interests of your entire polycule---I mean server fleet
Standards are good. Plan, do, act, check! Continuous improvement of your insecurity management system is in the best interests of your entire polycule---I mean server fleet
Disaster recovery and incident response are for everyone.
And don't forget self-care.
And don't forget self-care.
System hardening is for servers, not for people.
Servers need firewalls. People are like systems: allow reasonable, consensual input and build resilience.
Servers need firewalls. People are like systems: allow reasonable, consensual input and build resilience.
Access controls are for everyone! Your assets are yours, and your stated access definitions should be honored!
For security teams as corgis, see this thread! https://twitter.com/itsC0rg1/status/1298130651439230977?s=19
