Tanya Janca | SheHacksPurple :verified: :verified:<p>🎥 Missed one of my past conference talks? Let’s fix that.</p><p>I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.</p><p>“DevSecOps: More Than Just Pipelines”<br>📽️ <a href="https://twp.ai/4ioig2" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">twp.ai/4ioig2</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/SecurityAwareness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityAwareness</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a></p>
#securityawareness
2 posts2 participants0 posts today
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Shifting Security Everywhere” - Not just LEFT anymore!
https://twp.ai/4ioasq
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“XSS Deep Dive” https://twp.ai/4in9ro
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Security is Everybody’s Job” https://twp.ai/4in9rk
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Security Learns to Sprint” https://twp.ai/4in9ri
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Top Ten Security Tips for APIs” https://twp.ai/4in9ou
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Incident Response for Devs” - And #DevOps folks too! https://twp.ai/4in9ow
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
OWASP Ottawa June 2025 Meetup
Join us in person at the University of Ottawa for our next OWASP Ottawa meetup on June 18, 2025, as we explore the human side of cybersecurity.
Date: June 18, 2025
Time: 6:00 PM EST – Arrival, setup & pizza 
6:30 PM EST – Technical Talks
Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117
Talk: “Hacking the Human Firewall: Insights from Social Engineering Corporations”
Speakers: Kyle Falcon, PhD, Ahmed Shah, Mathieu Quirion, and Kevin Tremblay – Security & GRC Analysts at Malleum
Despite all the advanced tech, humans remain the weakest link in cybersecurity. This talk will dive into real-world social engineering campaigns and will discuss:
• OSINT - Determining Targets and Entry Points
• NIST Phish Scale - Evaluating the Content of a Phishing Email
• Email Phishing - How Attackers Get SPAM Into the Corporate Inbox
• Phone Social Engineering - Experiences in Impersonation and Taking Over Accounts
• Physical Security - Outcomes from Just Hanging Around the Office
You'll leave with:
• A deeper understanding of attacker psychology & methods
• Practical tips to strengthen your organization’s human defenses
Can’t join in person? We’ll livestream on YouTube: https://www.youtube.com/@OWASP_Ottawa
RSVP now: https://www.meetup.com/owasp-ottawa/events/308219237/
Come learn, network, and grab some pizza with Ottawa’s cybersecurity community!
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
"Shift Left Doesn't Mean Anything Anymore" https://twp.ai/4in9oU
twp.ai- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Replied in thread
@dalai @ip6li wenn das kein unangekündigtes "#SecurityAwareness"-#Training ist bin ich erschrocken.
- €30k p.m.? Wirklich?? Kompetenztechnisch wäre hier selbst €30k p.a. zuviel...
Allein die Nutzung von #Govware wie #Outlook welche #Passwörter (und generell Logins zu Postfächerm) im #Klartext an #Microsoft schickt sollte Grund genug sein diesen wegen gröblicher Pflichtverletzung zu feuern und in Regress zu nehmen!
Why Take9 Won’t Improve Cybersecurity
There’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to downlo... https://www.schneier.com/blog/archives/2025/05/why-take9-wont-improve-cybersecurity.html
Schneier on Security · Why Take9 Won't Improve Cybersecurity - Schneier on SecurityThere’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share. There’s a website—of course—and a video, well-produced and scary. But the campaign won’t do much to improve cybersecurity. The advice isn’t reasonable, it won’t make either individuals or nations appreciably safer, and it deflects blame from the real causes of our cyberspace insecurities...
200M X (Twitter) user records leaked in a 34GB free-for-all—again.
Data enthusiast “ThinkingOne” released the files after allegedly failing to get a response from X. The breach combines:
・Data from a 2022 vulnerability X previously downplayed
・January 2025 breach data
・A total of 2.8 billion records spanning X user IDs, emails, bios, locations & more
X continues to deny its systems were the direct source of the leak. But researchers confirm much of the data is real—and the scale is unmatched.
The kicker? ThinkingOne believes this might’ve required internal access, or an attack of unprecedented sophistication.
Even without passwords, this treasure trove fuels phishing, impersonation, and targeted disinformation.
Forbes200 Million X User Records Released — 2.8 Billion Twitter IDs LeakedMore than 200 million claimed leaked and stolen data records relating to X users have been posted on a popular hacker forum. What you need to know.
Continued thread
Practical steps for secure and ethical #AI use by educators and researchers by Marlon Domingus (Erasmus University Rotterdam):
𝗩𝗲𝗿𝗶𝗳𝘆 𝗔𝗜-𝗴𝗲𝗻𝗲𝗿𝗮𝘁𝗲𝗱 𝗶𝗻𝘀𝗶𝗴𝗵𝘁𝘀
Don’t blindly trust AI outputs — always verify sources and context. “In science, it is usual to, in principle, challenge every truth claim, to test its validity. With the growing societal impact of AI, this should also become common-sense practice for daily life.”
GÉANT CONNECT Online | The leading collaboration on e-infrastructure and services for research and education · Practical steps for secure and ethical AI use by educators and researchers | GÉANT CONNECT OnlineWhat does secure and ethical use of AI look like in practice in higher education and research? Marlon Domingus, data protection officer and AI lead at Erasmus University Rotterdam, believes that a proactive and critical approach is key to ensuring the responsible use of AI. He invokes physicist Richard Feynman: “Embrace AI as much as
What does secure and ethical use of #AI look like in practice in #HigherEducation and #research?
Marlon Domingus, DPO and AI lead at Erasmus University Rotterdam, shared with us some practical steps to protect data, systems, and core ethical principles for educators and researchers looking to integrate AI into their work: https://connect.geant.org/2024/10/24/practical-steps-for-secure-and-ethical-ai-use-by-educators-and-researchers
GÉANT CONNECT Online | The leading collaboration on e-infrastructure and services for research and education · Practical steps for secure and ethical AI use by educators and researchers | GÉANT CONNECT OnlineWhat does secure and ethical use of AI look like in practice in higher education and research? Marlon Domingus, data protection officer and AI lead at Erasmus University Rotterdam, believes that a proactive and critical approach is key to ensuring the responsible use of AI. He invokes physicist Richard Feynman: “Embrace AI as much as
What does your password manager set up look like?
Replied in thread
@sans_isc : even if https://i5c.us does *not* appear to be a regular URL-shortening service, nothing in it's domain name convinces me it's not. Perhaps they're offering *you* a free service that *visitors* pay for with a loss of privacy.
I do not want to, and simply cannot (I apologize for my intelligence not being artificial) remember all possible aliases of https://isc.sans.edu - in order to prevent from being fooled or phished.
Why is this not as stupid as Microsoft (microsoft.com) asking their customers to log in to:
login.microsoftonline.com
instead of somehing like:
login.customer.microsoft.com
Mastodon has its own, IMO excellent built-in URL-shortening system for the final link you asked us to visit:
https://isc.sans.edu/diary/31136
In fact, the full link to that article is automatically shortened by Mastodon fine too:
https://isc.sans.edu/diary/Tracking%20Proxy%20Scans%20with%20IPv4.Games/31136
I juste posted additional reasons in a toot to Margarita Estévez-Abe in https://infosec.exchange/@ErikvanStraten/112887650119094186.
Let's all do our best to make the internet a safer place!
SANS Internet Storm CenterSANS.edu Internet Storm Center - SANS Internet Storm CenterSANS.edu Internet Storm Center. Today's Top Story: The Unbreakable Multi-Layer Anti-Debugging System;
Replied in thread
@libremind @GrapheneOS I'm a big believer in #FOSS and finding that balance between security and usability. Lately, I've been helping friends install #GrapheneOS. It's surprisingly easy to convince non-techies to try it! Finding the sweet spot for FOSS on older hardware (like my #Replicant days) is tougher, but the journey's important.
We need security solutions that are accessible! Even if folks react differently to obscure distros vs. familiar-looking secure ones, sparking that interest is a win. #privacy #securityawareness #usabilitymatters
So for public and published use: I prefer Graphene.
Private is quite different 
Launched new website with all my stuff on. Mostly my conference talks and a wildly long about page but will be posting stuff in the articles section more.
Go forth and watch me complain about phishing sims and be fun with data
#infosec #securityawareness #security #speaking
This week I am surfacing something from the archives — a selection of articles about privacy. The motivation is that today (January 28) is Data Privacy Day.
This date was chosen because on January 28, 1981, the Council of Europe proposed 'Convention 108'; the first internationally binding agreement to protect personal data.
#Privacy #PrivacyMatters #PrivacyProtection #DataBreach #SecurityAwareness
Dr Robert N. WinterCategory: Privacy