Rob Dickinson
@robfromboulder.bsky.social
Software philosopher, security & big-data nerd, enthusiastically bad drummer. Based in Boulder CO 🏔️ 🇺🇸 #api #apisecurity #cybersecurity #infosec
On the long road to agentic systems, MCP tools are a well-lit highway rest stop, almost universally needed but still maybe not where you wanna linger too long
September 23, 2025 at 12:42 AM
On the long road to agentic systems, MCP tools are a well-lit highway rest stop, almost universally needed but still maybe not where you wanna linger too long
It’s funny to me that LLMs can perform better when given better English, when the reason many folks use LLMs is to minimize or eliminate the exercise of good writing
September 6, 2025 at 9:55 PM
It’s funny to me that LLMs can perform better when given better English, when the reason many folks use LLMs is to minimize or eliminate the exercise of good writing
Agentic AI = nobody uses your web/mobile apps except when there is no other choice, which puts those UI assets in the same category as fax machines and paper contracts
August 25, 2025 at 6:00 PM
Agentic AI = nobody uses your web/mobile apps except when there is no other choice, which puts those UI assets in the same category as fax machines and paper contracts
Hard to admit but my #1 superpower is actually having failed so much, in so many different ways, and at different levels of scale, that I can sense failure in teams in real time as a physical sensation, the way dogs start barking before an earthquake
August 24, 2025 at 7:50 PM
Hard to admit but my #1 superpower is actually having failed so much, in so many different ways, and at different levels of scale, that I can sense failure in teams in real time as a physical sensation, the way dogs start barking before an earthquake
So much of “prompt engineering” is what we used to just call “being a good manager” and you might not really grok that without having managed a midsize team at some point in your career
August 5, 2025 at 8:48 PM
So much of “prompt engineering” is what we used to just call “being a good manager” and you might not really grok that without having managed a midsize team at some point in your career
I believe my marketing/events team would recognize this as my writing process
This is my favorite poorly drawn cartoon so far 😎
The 5 stages of preparing for a conference talk 🫠
You can probably replace that with basically any other major event you have to do something for. What else do you think it applies to?
The 5 stages of preparing for a conference talk 🫠
You can probably replace that with basically any other major event you have to do something for. What else do you think it applies to?
April 9, 2025 at 2:36 AM
I believe my marketing/events team would recognize this as my writing process
Reposted by Rob Dickinson
We're going to #apidays NYC! 🎉 Our VP of Eng.,
@robfromboulder.bsky.social, will be speaking there, as well. 🗣️
See us in NYC May 14-15 to talk #APIsecurity, #SIEM, & more. Or just to hang & get #Graylog swag! 🤝🎁
www.apidays.global/new-york/ #APIs #cybersecurity #API #APIdaysNY #Graylog
@robfromboulder.bsky.social, will be speaking there, as well. 🗣️
See us in NYC May 14-15 to talk #APIsecurity, #SIEM, & more. Or just to hang & get #Graylog swag! 🤝🎁
www.apidays.global/new-york/ #APIs #cybersecurity #API #APIdaysNY #Graylog
apidays New York 2025 - API Management for Surfing the Next Innovation Waves: GenAI and Open Banking | May 14 & 15, 2025
May 14 & 15, 2025 - API Management for Surfing the Next Innovation Waves: GenAI and Open Banking | AI's potential hinges on effective API management. Apidays NYC explores this critical connection, sho...
www.apidays.global
March 12, 2025 at 9:48 PM
We're going to #apidays NYC! 🎉 Our VP of Eng.,
@robfromboulder.bsky.social, will be speaking there, as well. 🗣️
See us in NYC May 14-15 to talk #APIsecurity, #SIEM, & more. Or just to hang & get #Graylog swag! 🤝🎁
www.apidays.global/new-york/ #APIs #cybersecurity #API #APIdaysNY #Graylog
@robfromboulder.bsky.social, will be speaking there, as well. 🗣️
See us in NYC May 14-15 to talk #APIsecurity, #SIEM, & more. Or just to hang & get #Graylog swag! 🤝🎁
www.apidays.global/new-york/ #APIs #cybersecurity #API #APIdaysNY #Graylog
Reposted by Rob Dickinson
Unmanaged #APIs create #security blindspots. 🕶️ 😧 And, as orgs build out their application ecosystems, the number of APIs integrated into IT environments expands — which can easily overwhelm security teams. ↕️ 👀 😵
Enter... API discovery.💥 Learn more.👇
graylog.org/post/why-api... #cybersecurity
Enter... API discovery.💥 Learn more.👇
graylog.org/post/why-api... #cybersecurity
Why API Discovery Is Critical to Security
API discovery is critical to an organization's security posture because shadow and deprecated APIs are unmanaged risks that attackers can take advantage of.
graylog.org
March 4, 2025 at 10:39 PM
Unmanaged #APIs create #security blindspots. 🕶️ 😧 And, as orgs build out their application ecosystems, the number of APIs integrated into IT environments expands — which can easily overwhelm security teams. ↕️ 👀 😵
Enter... API discovery.💥 Learn more.👇
graylog.org/post/why-api... #cybersecurity
Enter... API discovery.💥 Learn more.👇
graylog.org/post/why-api... #cybersecurity
Reposted by Rob Dickinson
Table 1: Top 15 Routinely Exploited Vulnerabilities in 2023
- SQL injection
- Code injection
- Command injection
- SQL injection
- Code injection
- Command injection
February 19, 2025 at 4:01 PM
Table 1: Top 15 Routinely Exploited Vulnerabilities in 2023
- SQL injection
- Code injection
- Command injection
- SQL injection
- Code injection
- Command injection
Reposted by Rob Dickinson
Fact: ORMs aren't a magic bullet for SQL injection. Misusing the API or vulnerabilities in the library itself can still cause problems.
I've seen it already with TypeORM and with Sequelize.
I've seen it already with TypeORM and with Sequelize.
February 11, 2025 at 10:01 AM
Fact: ORMs aren't a magic bullet for SQL injection. Misusing the API or vulnerabilities in the library itself can still cause problems.
I've seen it already with TypeORM and with Sequelize.
I've seen it already with TypeORM and with Sequelize.
Reposted by Rob Dickinson
#APIsecurity incidents were at an all time high in 2024. 🙀
With increasing #cyberattacks driven by #AI & automation, #security teams must have a strategy that emphasizes monitoring firewalls, gateways, etc. but also works towards detecting API data exfiltration.
www.itprotoday.com/vulnerabilit...
With increasing #cyberattacks driven by #AI & automation, #security teams must have a strategy that emphasizes monitoring firewalls, gateways, etc. but also works towards detecting API data exfiltration.
www.itprotoday.com/vulnerabilit...
How To Approach API Security Amid Increasing Automated Attack Sophistication
In 2025, security teams must prioritize API monitoring, threat detection, and protection against both automated and traditional attacks to safeguard sensitive data.
www.itprotoday.com
February 11, 2025 at 9:17 PM
#APIsecurity incidents were at an all time high in 2024. 🙀
With increasing #cyberattacks driven by #AI & automation, #security teams must have a strategy that emphasizes monitoring firewalls, gateways, etc. but also works towards detecting API data exfiltration.
www.itprotoday.com/vulnerabilit...
With increasing #cyberattacks driven by #AI & automation, #security teams must have a strategy that emphasizes monitoring firewalls, gateways, etc. but also works towards detecting API data exfiltration.
www.itprotoday.com/vulnerabilit...
omg 🤦🏻♂️
Oh my god, they just unintentionally wrecked a ton of red team playbooks at the NSA popular.info/p/the-nsas-b...
February 10, 2025 at 6:13 PM
omg 🤦🏻♂️
The obvious question is whether this would actually be enforced…but imho establishing a federal standard of care for privacy is worth it either way
Industry groups call on Congress to enact federal data privacy law
Industry groups call on Congress to enact federal data privacy law
In a letter, the groups pushed congressional leaders to pass a national standard for data privacy that will override a patchwork of disparate state privacy laws.
buff.ly
February 6, 2025 at 6:04 PM
The obvious question is whether this would actually be enforced…but imho establishing a federal standard of care for privacy is worth it either way
Reposted by Rob Dickinson
Need a reference guide for the Syslog protocol? 📑 We've got you covered! 🙌
#Syslog is a logging protocol that is supported across many applications as well as hardware, and despite having been developed in the 1980s is still a very common format in use today. graylog.org/post/syslog-... #cybersec
#Syslog is a logging protocol that is supported across many applications as well as hardware, and despite having been developed in the 1980s is still a very common format in use today. graylog.org/post/syslog-... #cybersec
Syslog Protocol: A Reference Guide
Follow this guide Syslog Protocol: A Reference Guide and you will have enough information to understand the differences and nuances of Syslog.
graylog.org
February 4, 2025 at 1:52 AM
Need a reference guide for the Syslog protocol? 📑 We've got you covered! 🙌
#Syslog is a logging protocol that is supported across many applications as well as hardware, and despite having been developed in the 1980s is still a very common format in use today. graylog.org/post/syslog-... #cybersec
#Syslog is a logging protocol that is supported across many applications as well as hardware, and despite having been developed in the 1980s is still a very common format in use today. graylog.org/post/syslog-... #cybersec
Just today have seen multiple phishing attempts offering “help” accessing frozen government funds and benefits
February 3, 2025 at 7:48 PM
Just today have seen multiple phishing attempts offering “help” accessing frozen government funds and benefits
Reposted by Rob Dickinson
This is a really big deal about protecting critical infrastructure.
If any adversary takes down your water supply, you got a problem.
#CyberCivilDefense #take9
If any adversary takes down your water supply, you got a problem.
#CyberCivilDefense #take9
New from WaterISAC: Reflecting on 2024 and Building a Stronger 2025 Together
-Strengthening Our Community
-Enhancing #Security Awareness
-Fostering Collaboration
Learn more: www.waterisac.org #water #cybersecurity cc @gate15.bsky.social @craignewmark.bsky.social @ransomwaresommelier.com
January 27, 2025 at 8:03 PM
This is a really big deal about protecting critical infrastructure.
If any adversary takes down your water supply, you got a problem.
#CyberCivilDefense #take9
If any adversary takes down your water supply, you got a problem.
#CyberCivilDefense #take9
Reposted by Rob Dickinson
Everyday we're all for-real under threat of cyber attacks, that's seriously scary.
Good news is there’s something we can all do to thwart these dangers.
Here's a start: just pause and #Take9 seconds before you click, download, or share.
Follow @pausetake9 for more!
#CyberCivilDefense
Good news is there’s something we can all do to thwart these dangers.
Here's a start: just pause and #Take9 seconds before you click, download, or share.
Follow @pausetake9 for more!
#CyberCivilDefense
January 27, 2025 at 4:32 PM
Everyday we're all for-real under threat of cyber attacks, that's seriously scary.
Good news is there’s something we can all do to thwart these dangers.
Here's a start: just pause and #Take9 seconds before you click, download, or share.
Follow @pausetake9 for more!
#CyberCivilDefense
Good news is there’s something we can all do to thwart these dangers.
Here's a start: just pause and #Take9 seconds before you click, download, or share.
Follow @pausetake9 for more!
#CyberCivilDefense
Reposted by Rob Dickinson
Not all orgs need heavy-hitting data pipeline management tools.🏋 Complex tools create extra work & require more skills. Simple ones won't give you the data you need. You need the “just right” tool.
Learn more about data pipelines & their benefits for security telemetry. graylog.org/post/using-d...
Learn more about data pipelines & their benefits for security telemetry. graylog.org/post/using-d...
Using Data Pipelines for Security Telemetry
Data pipelines automate the collection, transformation, and delivery processes to make data usable for analytics and visualization.
graylog.org
January 24, 2025 at 9:21 PM
Not all orgs need heavy-hitting data pipeline management tools.🏋 Complex tools create extra work & require more skills. Simple ones won't give you the data you need. You need the “just right” tool.
Learn more about data pipelines & their benefits for security telemetry. graylog.org/post/using-d...
Learn more about data pipelines & their benefits for security telemetry. graylog.org/post/using-d...
Reposted by Rob Dickinson
CISA director says threat hunters spotted Salt Typhoon on federal networks before telco compromises
CISA director says threat hunters spotted Salt Typhoon on federal networks before telco compromises
A top federal cybersecurity official said that threat hunters from CISA first discovered activity from Salt Typhoon on federal networks.
buff.ly
January 19, 2025 at 9:42 PM
CISA director says threat hunters spotted Salt Typhoon on federal networks before telco compromises
Reposted by Rob Dickinson
Reposted by Rob Dickinson
It's been an awesome few days at the #Graylog company-wide get together in Charleston, SC. 🎉 One highlight was our awards ceremony where we honored some particularly impactful team members.👏
Congrats on some amazing achievements & TY for being such great roll models! 🏆 #cybersecurity #infosec
Congrats on some amazing achievements & TY for being such great roll models! 🏆 #cybersecurity #infosec
January 17, 2025 at 3:14 AM
It's been an awesome few days at the #Graylog company-wide get together in Charleston, SC. 🎉 One highlight was our awards ceremony where we honored some particularly impactful team members.👏
Congrats on some amazing achievements & TY for being such great roll models! 🏆 #cybersecurity #infosec
Congrats on some amazing achievements & TY for being such great roll models! 🏆 #cybersecurity #infosec
Reposted by Rob Dickinson
Is Biden's 11th-hour EO on cybersecurity DOA?
"Given the timing right before a change in the administration, I can't help but think it's a bit of a Hail Mary designed to include everything possible and just see what sticks."
"Given the timing right before a change in the administration, I can't help but think it's a bit of a Hail Mary designed to include everything possible and just see what sticks."
Biden signs 11th-hour cybersecurity executive order
Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive
www.theregister.com
January 17, 2025 at 8:34 PM
Is Biden's 11th-hour EO on cybersecurity DOA?
"Given the timing right before a change in the administration, I can't help but think it's a bit of a Hail Mary designed to include everything possible and just see what sticks."
"Given the timing right before a change in the administration, I can't help but think it's a bit of a Hail Mary designed to include everything possible and just see what sticks."
Reposted by Rob Dickinson
Hi #infosec, I wrote a blog about patching prioritization. CVE scores weren't meant to be the gold standard. Context from your runtime activity is an essential ingredient. And for those systems that cant/wont be patched, you need monitoring in place. graylog.org/post/why-pat...
Why Patching Isn’t the Ultimate Goal in Cybersecurity
Patching critical systems is always the fix for eliminating vulnerabilities. Or Is it? A focus on what matters and the priorities is best.
graylog.org
January 8, 2025 at 6:03 PM
Hi #infosec, I wrote a blog about patching prioritization. CVE scores weren't meant to be the gold standard. Context from your runtime activity is an essential ingredient. And for those systems that cant/wont be patched, you need monitoring in place. graylog.org/post/why-pat...
Reposted by Rob Dickinson
I love the annual tradition of @lorenzofb.bsky.social @zackwhittaker.bsky.social and @carlypage.bsky.social highlighting the best cybersecurity stories (and, in quite a few cases, thorough investigations) that other people wrote techcrunch.com/2024/12/24/t...
These are the cybersecurity stories we were jealous of in 2024 | TechCrunch
The very best work from our friends at competing publications.
techcrunch.com
December 24, 2024 at 6:59 PM
I love the annual tradition of @lorenzofb.bsky.social @zackwhittaker.bsky.social and @carlypage.bsky.social highlighting the best cybersecurity stories (and, in quite a few cases, thorough investigations) that other people wrote techcrunch.com/2024/12/24/t...