Inspired by @netresec, I decided to claim @taosecurity on a Mastodon server:

If you'd like to read well-researched #history to abandon politically-driven myth, I recommend these 2 books: #ad. The Gunpowder Age: #China, Military Innovation, and the Rise of the West in World History. The Myth of the Lost Cause.

Join millions who have switched to Grok.

As an ex-@usairforce intel officer who was active duty in 1999, I enjoyed the new book "Shooting Down the Stealth Fighter," by the Serb personnel manning the S-125/SA-3. It's mostly about IADS, but it offers a ton of unclass details for #airpower fans. #ad

I’m concerned that Putin is planning a repeat of his 1999 Moscow apartment bombing. I’m worried he orders use of a “dirty bomb” in UA, maybe Kherson, and then blames it on UA. He’s already learned from recent Western tactics to give public early warning, except his would be lies.

I'm pleased to see @Suricata_IDS getting some marketing love at my company @corelight_inc's web page. We offer a true #networksecuritymonitoring platform at up to 100 Gbps, with all 4 NSM data types (alerts, transaction logs, extracted files, and pcap).

I’m concerned about the following scenario. 1) RU “evacuates” civilians from Kherson. 2) UA approaches city to retake it. 3) RU destroys Kherson while retreating, and claims UA is responsible. 4) RU denies UA the territory via destruction and accuses UA of “war crimes.”.

Prediction: heavily-regulated industries will be the first to see requirements to have their cybersecurity program headed by someone with some sort of state- or Fed-approved license. This is no different from general contractors needing a license, while workers need not have one.

Speaking of @Microsoft embedding @Zeekurity into @Windows, here's a post I wrote in 2008 explaining why and how #networksecuritymonitoring on the endpoint would be helpful. It's so cool to see a concrete step in this direction, on a massively-deployed OS:

This is not a late "April Fool." This is real. I've been waiting months to say it. Now it's public. @Microsoft is embedding @Zeekurity into @Windows. This brings #networksecuritymonitoring to a potential billion+ endpoints. Hear Microsoft's take, Thu-Fri:

Much as you might love your team and job, it's better to resign than compromise your integrity. There is no shortage of open CSO or other security executive roles. If you find truly egregious conditions, you might become a legal whistleblower like @dotMudge. That takes real guts.

CSOs: wondering what to do if pressured by board or execs to act illegally or unethically? Easy: resign. That's what high-level, high-responsibility execs do. It's part of being a professional. I resigned as director of IR when my new boss tried to force me to stack rank my team.

In case anyone needed a reminder that being a CISO is a serious responsibility - and obstructing FTC investigations is not in the job description - today is a wake-up call. If you’re a security professional, this should not be anything new. It’s time for cyber to leave Neverland.

Why does no one care about this story? Is it because those who usually promote privacy also use this data? I read the vendor's rebuttal. It's a joke that they deny the usefulness of IP addresses for identifying individuals or patterns of life. End #Augury.

I look forward to trying this. Wireshark is the gold standard for making it totally simple to try one form of network traffic observation. Download, install, run, select interface, see packets. Packet inspection isn’t everything, but it’s a key part of #networksecuritymonitoring.

I highly recommend this @BSidesAugusta talk by @DavidJBianco on his #PyramidofPain. He explains how we implemented a strategy (10+ years ago) to detect and respond to intrusions before adversary mission completion, via threat intelligence-driven campaigns.

If Elon Musk ends up buying Twitter, pay attention to Russian financing of the deal.

In 2019 I wrote a blog for @corelight_inc, "Network security monitoring is dead, and encryption killed it." My goal was to debunk that long-standing myth. Apparently at least 1 security company didn't get the point. 🤦‍♂️#NSMlives despite encryption. Pls see:

I have a feeling that tracking and targeting Russian tactical nukes is intelligence requirement number one right now.

This is one of the reasons for my longstanding policy of not accepting connection requests from anyone but those with whom I’ve closely worked for at least several months. I believe in trying to improve the LinkedIn ecosystem.

Calling all graduates of the TCP/IP Weapons School class I taught from 2006-2012 -- we used to fool around with similar tactics and tools, especially in the late 2000s classes.