Greetings from Boise!
Welcome to issue 002 of HACK, my newsletter where I talk about and curate news about security, marketing, community, hackers, and leadership.
I'm going to be experimenting with the format and content a bit, so do let me know any feedback you have, I would love to hear it.
What I've written this week:
It was a busier week for me life wise (started a new job!) and also on the blog. Here's what I posted this week:
- Why I joined Lightspin: Some big personal news! Joined an exciting young startup with a unique product. It's a multi-layered cloud native application platform with a unique graph
- The 7 stages of DevSecOps 0-day grief. Had some fun, thanks d0nut for the inspiration
- Marketing and PR Case Study: The Peleton Sex and The City PR Fiasco. I mentioned this last week and it got better/worse so I wrote about it.
- Product Led Growth Correlated Webinar Notes. Product led growth is a big rage in startupland. We at Lightspin are committed to building a product led growth engine and focus on our users (many of you readers!). I've been reading a lot on this and you'll likely hear more from me on this topic. This document was my detailed notes from a webinar talking about building a marketing tech stack for PLG companies.
From Security Twitter
Log4J is bad. Inescapably bad. Not surprisingly, most of the links this week center around that.
This made me laugh. Bug bounty is a great way to discover these issues, it's unfortunate the hacker experience is so inconsistent - something I know the HackerOne team thinks about often.
Asset management and SBOM ... you can’t protect what you don’t know you own and then you can’t improve configuration risks if you don’t see them. So attack surface management + cloud security posture management are the grail of securing the public endpoints.
Cool cool cool - Log4J is not protocol specific says Justin Kennedy.
John Hammond has got a TryHackMe module on Log4j. Impressive, quick work John!
This tweet by Kevin is perfection
Marketing and Community corner
I mentioned last week how I tweeted a simple tweet off the cuff and it was the most engaged tweet I've had. Well I did it again, and this time it blew up even more. Didn't gain a ton of followers from it but fascinating again how and why things get picked up. I loved this one thought because it speaks to the power of a simple visual - yay designers!
Replit CEO on how to announce your funding round vs not how to announce your funding round:
I haven't gotten into F1 but I've been considering it from a sponsorship side for Lightspin. Was fascinated to see this data: check out that growth! Huge market.
Lightspin advisor and Head of Cloud Infra Security at Netflix, Srinath Kuruvadi, who I recently got to meet at a dinner in San Francisco with Lightspin CEO, Vladi Sandler, was recently on Panther security's podcast talking about Detection at Scale. The podcast is definitely worth a listen, but Srinath mentioned a Nelson Mandela quote that stuck with me:
I never lose. I either win, or I learn. - Nelson Mandela
May you never lose this week and every week.