Shiny Sentry
@shinysentry1137.bsky.social
Info assurance and security consultant // Democratizing security through open education and mutual aid 💙📑 // Founder @ shinysec.org
Why don't we like working with multiple databases at once? I recently organized three lists of users and found one person duplicated seven times. I fixed it. Somehow, overnight, that became fourteen accounts and two of them are admins.
November 8, 2025 at 9:20 PM
Why don't we like working with multiple databases at once? I recently organized three lists of users and found one person duplicated seven times. I fixed it. Somehow, overnight, that became fourteen accounts and two of them are admins.
Most risk never actually gets defeated, it just changes departments
November 8, 2025 at 9:17 PM
Most risk never actually gets defeated, it just changes departments
Due to GRC saying "we can automate this" I am currently watching an AI send itself phishing emails. Yes, we were told to use another AI to stop it from interacting with them.
November 8, 2025 at 9:10 PM
Due to GRC saying "we can automate this" I am currently watching an AI send itself phishing emails. Yes, we were told to use another AI to stop it from interacting with them.
We call it "defense in depth" because "panic layered with wishful thinking" didn’t go over well with marketing
November 8, 2025 at 3:07 AM
We call it "defense in depth" because "panic layered with wishful thinking" didn’t go over well with marketing
Your biggest insider threat right now probably has an executive title and edit access to the policy document
November 8, 2025 at 3:07 AM
Your biggest insider threat right now probably has an executive title and edit access to the policy document
Every control you write tells a story about who you think the user is, so make sure your policies assume humanity. That's what makes the difference between protection and punishment.
November 8, 2025 at 3:04 AM
Every control you write tells a story about who you think the user is, so make sure your policies assume humanity. That's what makes the difference between protection and punishment.
Every one of your "temporary exceptions" will become permanent after the first incident
November 8, 2025 at 3:00 AM
Every one of your "temporary exceptions" will become permanent after the first incident
The loudest person in the postmortem isn’t always the most correct. Every insider threat once felt excluded from something important.
November 8, 2025 at 2:58 AM
The loudest person in the postmortem isn’t always the most correct. Every insider threat once felt excluded from something important.
Information wants to be free, but context wants to be expensive. Security culture improves when people feel safe asking "why" without fear of retaliation (or sometimes simply nonsensical costs)
November 8, 2025 at 2:45 AM
Information wants to be free, but context wants to be expensive. Security culture improves when people feel safe asking "why" without fear of retaliation (or sometimes simply nonsensical costs)
One difference between paranoia and pattern recognition is how you word it on a resume
November 8, 2025 at 2:32 AM
One difference between paranoia and pattern recognition is how you word it on a resume
Every company calls itself data-driven until the data starts disagreeing with them
November 8, 2025 at 2:30 AM
Every company calls itself data-driven until the data starts disagreeing with them
A risk register without emotion is really just a spreadsheet... risks usually relate back to human aspects but it's the *implications* that matter most for communication.
November 8, 2025 at 2:29 AM
A risk register without emotion is really just a spreadsheet... risks usually relate back to human aspects but it's the *implications* that matter most for communication.
A lot of security instructing involves teaching empathy disguised as threat modeling. Always remember that your students are watching how you react to chaos.
November 8, 2025 at 2:28 AM
A lot of security instructing involves teaching empathy disguised as threat modeling. Always remember that your students are watching how you react to chaos.
You (as one person) don’t need to fix everything, just keep improving the direction of trust. A lot of change can start with someone deciding not to look away.
November 8, 2025 at 2:28 AM
You (as one person) don’t need to fix everything, just keep improving the direction of trust. A lot of change can start with someone deciding not to look away.
Nothing says "mature process" like a flood of notifications across different platforms all titled some variation of URGENT - PROD DOWN
November 8, 2025 at 2:26 AM
Nothing says "mature process" like a flood of notifications across different platforms all titled some variation of URGENT - PROD DOWN
Your incident response plan shouldn’t be an unverifiable (and nearly inaccessible) file named final_v3_really_final.pdf
November 8, 2025 at 2:24 AM
Your incident response plan shouldn’t be an unverifiable (and nearly inaccessible) file named final_v3_really_final.pdf
Defense in depth only works when your layers actually know how and when to talk to each other
November 8, 2025 at 2:15 AM
Defense in depth only works when your layers actually know how and when to talk to each other
Adversaries love bad automation as much as you do (whatever you think you're doing for convenience, they're thanking you for it)
November 8, 2025 at 2:06 AM
Adversaries love bad automation as much as you do (whatever you think you're doing for convenience, they're thanking you for it)
Classified cover sheet prop for a security convention. On scanning, it pulls up resources for watchdogs and whistleblowers.
May 16, 2025 at 1:56 PM
Classified cover sheet prop for a security convention. On scanning, it pulls up resources for watchdogs and whistleblowers.
Update: After some modification, it works. If you're on my home line with me, I may be on this.
May 9, 2025 at 3:39 PM
Update: After some modification, it works. If you're on my home line with me, I may be on this.
Rotary phone repair and cleaning. I now have a functional phone to practice analog security tasks with again.
May 9, 2025 at 3:11 PM
Rotary phone repair and cleaning. I now have a functional phone to practice analog security tasks with again.