FirstCon14, As Seen from Twitter

Andrew Cormack ‏@Janet_LegReg  1h

"Detect/respond" capability is as important as "prevent". Badguys *will* get in to your network: find & remove them #FIRSTcon14

Andrew Cormack ‏@Janet_LegReg  2h

Ozment: Information sharing doesn't help unless recipients have a baseline capability to use the shared info. #FIRSTcon14

Andrea H Armstrong ‏@AnAHAmoment  1h

Yesterday at #AWSWWPS and it seemed like male to female 25 to 1. At #FIRSTCon14 now and seems like a 30 to 1 ratio. We need women in #STEM

David J. Bianco ‏@DavidJBianco  29s

"SOC culture is closed and suspicious by necessity" Not at all! Observe a better SOC. #firstcon14

Andrea H Armstrong ‏@AnAHAmoment  1m

"You have to do the work and live the life to understand the SOC." Using Anthropology to Study Security #FIRSTCon14

Andrew Cormack ‏@Janet_LegReg  21s

Analysts know more than they can tell: tacit knowledge, held in the community. Need to incentivise sharing #FIRSTcon14

Andrew Cormack ‏@Janet_LegReg  2m

Need to be an analyst to learn what analysts do - participant observation, not flies on the wall #FIRSTcon14

Mark ‏@mark_s0  26s

Sochi network: ~4billion flows per day recorded by lancope #firstcon14

BT_Americas ‏@BT_Americas  20m

"Emerging Trading System Attacks" presented by BT ethical #hacker Konstantinos Karagiannis. #firstcon14 http://ow.ly/yr0ws  #security

David J. Bianco ‏@DavidJBianco  20m

Number of #firstcon14 sessions saying we don't know how CIRTs work. Really wish they could have observed GE-CIRT a few years ago.

Richard Bejtlich ‏@taosecurity  2m

Hi @DavidJBianco & #firstcon14 I tried to capture the operational processes we applied to CIRT ops in ch 9 of my book http://nostarch.com/nsm 

David J. Bianco ‏@DavidJBianco  41s

@taosecurity #firstcon14 great point! More of these researchers need to read that.

Andrew Cormack ‏@Janet_LegReg  6m

CERTs are a foreign country: to study them, need to be an anthropologist, not a tourist #FIRSTcon14

Mark ‏@mark_s0  3m

NBC Universal spent $65m on technology for Sochi Olympics #firstcon14

Andrea H Armstrong ‏@AnAHAmoment  1h

Cyber exercise to stay fit! Ozment: "to be really good at incident response you must practice" #FIRSTCon14

CRN ‏@CRN  16h

Security Expert: Industry Is Failing Miserably At Fixing Underlying Dangers: http://go.crn.com/1lnTm2q  #cybersecurity #firstcon14

Doug Wilson ‏@dallendoug  22h

"STIX & CybOX are really complex." Need to build tools that guide user data needs into specific use cases. <-- VERY MUCH THIS! #firstcon14

Doug Wilson ‏@dallendoug  23h

All props to DHS, but I'm going to be annoyed if every automating/sharing threat Intel preso is "look, we discovered STIX." #firstcon14

Martin McKeay ‏@mckeay  Jun 24

"The whole idea that we can patch it later, fix it after publication is simply wrong" @TheRealSpaf #FIRSTCon14 

ChrisJohnRiley ✪ ‏@ChrisJohnRiley  Jun 24

Unless security is baked in at the foundation, it will always be a secondary concern and therefore the weak link in the chain #firstcon14

ChrisJohnRiley ✪ ‏@ChrisJohnRiley  Jun 24

Here... I patched your patch so you can patch while you're patching your patches #firstcon14

S&T initial CSIRT finding: Non-routine #cyber incidents usually trigger complex collaboration #FIRSTCON14