Greetings from cold Boise, Idaho. I have a confession to make: January is one of my least favorite months of the year. The holidays are over, the density of the cold is... deeper. It's like the chill is implanted in my bones on January 2nd and I can't shake it until April 1st. The gray days are slightly warmer, but they're colorless. The sunny days are cold af. So I figured I'd channel my inner David Goggins and enjoy the pain by doing "dry January" and fast alcohol. Then my wife convinced me to do a 3-day juice fast at the end of the month. Today begins day 2. Wish me luck.
Security links and tweets
I built on my analysis of the Offensive Hacking Education landscape with a post on Monday with Hacker Education Trends for 2022.
Open season on OpenSea? Or more like dunking on NFTs in infosec week... zseano shared a vuln because PSA for all the web3 products out there, you to have web2 dependencies and vulnerabilities just like the fiat-minded folks. Joseph Cox reported on NFTs sharing your IP since OpenSea lets NFT creators add metadata to the NFT listing which leaves people asking "what could go wrong" and others like @taviso saying "meh, out of all the criticisms, this isn't a big one". Love me a good infosec debate haha.
Oh, and someone took my idea and did it (sort of): cryptocves.com. I respect it because I literally have had the same thought for a year, but I dont think the execution of the project was done the best. I still may pursue this at Lightspin, if anyone has thoughts or contributions there, let me know.
Security teams should be there to help and provide guidance, not shame people - Marco Lancini
Amen to that, Marco. A project boasting vanity stats of "919,374 careless developers" is just the type of narrative security vendors and teams should stay away from. Feeds into the "us vs them" when it's really "hey, were on the same damn rocket ship".
My colleague from Lightspin, Dana did a deep dive into EMR roles and policies. If your org is on AWS and you use EMR, you gotta check out this post. Great stuff, Dana!
Marketing story of the week
I think this is fantastic on so many levels....
Hats off to Nathan Burke and the Axonius team on sharing their approaches so other marketers can read and see, and also I think it's a great way to show your prospects what you're working on to help get the name of Axonius out in the market, drive leads and pipeline and more. Have a read to see what worked and didn't for them in 2021.
And one final note: give grace to every marketer or event planning professional right now. It's been 2 years of COVID and the new world order has just made planning, logistics and everything that was already complicated and expensive about events that much more complicated and expensive. I'm mapping out our 2022 event calendar for Lightspin and it's hard to know what's gonna happen and isn't. I know I'm not alone, however, when I feel strongly that I want to be back at conferences and meet hackers and CISOs and the entire community face to face!
Inspirational thought of the week: The tougher the conditions, the more I like my odds
Navy Seals have legendary training. Why? If you want to be the best in any condition and be ready for whatever the battle or mission throws at you: you must train your body, mind, and yes your soul. Push you and your unit to the limits.
Don't get too comfortable. Ever.
My cold January complaining turns into a thankful tempering and that's why when I throw in the double fast, I'm reminding my body it's not in charge. Removing pleasure, experiencing pain will make me uncomfortable. If you don't change yourself, you dont know yourself.
How are you challenging yourself today, this month, this year? Let me know!