For anyone guessing at my late night post, it hit "credible" news a few hours ago. If anyone needs some really wonderful, really talented IR folks, post your jobs in this thread. I can vouch for the people they laid off -- they cut some heavy hitters. https://t.co/jXAwa7Y1HB

I would go into the fight with any of them again anytime. These people work on cases big & small, complex & straightforward, with passion, empathy, dedication & incredible technical expertise. They deserve your attention and consideration, and have my utmost recommendation ❤️

days of their business lives. I am humbled and proud to have worked alongside all of you. As a leader, I could ask no more of your contributions each day. Thank you! For orgs who are looking for spectacular talent, look no further than these folks.

Today is a really rough day. My heart is pretty broken. I want to say a huge thank you to my friends & teammates that were impacted by our RIF today. You are amazing, talented, driven & dedicated humans! The work we do makes a huge difference to our customers on the worst

Me: It’s Canadian Turkey long weekend!! The Universe: haha! Not this year!

I received these three texts tonight. I did not order pizza, this is not my area code… but secretly I hoped for pizza to arrive. None did. @DominosCanada and Dilawar, I’m hurt and disappointed.

Two monsters ❤️

So many more things could be added here. Would love to hear more if people have them. What do you think orgs should be asking managed SIEM providers for? 5/5

Then test them. Do a RTBT or Purple team. ⁃Are they really alerting on the things they’re collecting or if a log flow stops? ⁃How long does it take for you to get an alert? ⁃Are there multiple paths of alerting for critical alerts? 4/n

You need to ask for: ⁃Monitoring and alerts on log flows ⁃Regular meetings to update any new alerting needs ⁃The ability to get more than (eg) 10,000 entries or 1 hr of your data if you need it for an investigation. It’s YOUR data. 3/n

You need to know: ⁃What you need for regulatory purposes ⁃What you need to investigate your worst case IR ⁃How long you need all those things 2/n

Let me be clear: Orgs who have managed SIEM providers also have responsibilities. If you don’t tell them what you want alerts on, they will give you their default. That may not address what you actually need. 1/n

If your managed SIEM provider doesn’t let you know they aren’t getting ANY of your log sources for hours, let alone days, this is a red flag…

Me: I have an incredibly busy day of meetings and staffing after a crazy on-call weekend. The universe: Here’s a power outage

This is the best way to end the day!! You’re amazing, @LitMoose!! ❤️❤️❤️❤️

Hats off to the @BSidesVI team for an epic 2023 con👏! Twas time well spent hearing from fantastic speakers, and meeting and chatting with so many fine folk! I'm bringing back invaluable learnings, and am hearing exciting things about next year ✊! Well done @BSidesVI🤩!

Super excited to be a part of @BSidesVI in my first year back on the Island! Thank you for letting me be a part of it! #homegrown #DFIR

A massive thank you to @BSidesVancouver for having @cybersyrupblog and I speak today. Always a great event with amazing people!!

Excited to be presenting with @cybersyrupblog at @BSidesVancouver this weekend! #bsidesvancouver

"Logs Out: An IR Mystery," by our keynote conference presenter @LitMoose https://t.co/EEuWKJ6fRc Join us June 23-25 at #CircleCityCon10 the #WhoDunIt.