joe lopes
@lopes.id
Infosec Engineer | Where others see logs, I see stories.
✇ https://lopes.id
✇ https://lopes.id
These technologies accelerate learning, but they also make it easier to lose touch with people. The process becomes faster and less stressful, but it’s up to us to make an effort to connect with others and make it more enjoyable.
April 28, 2025 at 7:18 PM
These technologies accelerate learning, but they also make it easier to lose touch with people. The process becomes faster and less stressful, but it’s up to us to make an effort to connect with others and make it more enjoyable.
blindly following convention. The key is ensuring these debates lead to actionable outcomes rather than becoming blockers. ✌🏻
6/6
6/6
March 31, 2025 at 11:33 AM
blindly following convention. The key is ensuring these debates lead to actionable outcomes rather than becoming blockers. ✌🏻
6/6
6/6
Each team must define its own criteria based on its environment and risk appetite--possibly involving other dimensions, like impact. 💡 And while these discussions might feel like unnecessary overthinking, they're actually a sign of a strong team--one that questions assumptions rather than
5/6
5/6
March 31, 2025 at 11:33 AM
Each team must define its own criteria based on its environment and risk appetite--possibly involving other dimensions, like impact. 💡 And while these discussions might feel like unnecessary overthinking, they're actually a sign of a strong team--one that questions assumptions rather than
5/6
5/6
But if we follow that logic, wouldn't a user-report of a phishing email (where nothing was clicked) also be a false positive? No impact, no incident. ⚠️
I don't have a definitive answer yet, but I've come to believe that incident classification carries an inherent level of subjectivity.
4/6
I don't have a definitive answer yet, but I've come to believe that incident classification carries an inherent level of subjectivity.
4/6
March 31, 2025 at 11:33 AM
But if we follow that logic, wouldn't a user-report of a phishing email (where nothing was clicked) also be a false positive? No impact, no incident. ⚠️
I don't have a definitive answer yet, but I've come to believe that incident classification carries an inherent level of subjectivity.
4/6
I don't have a definitive answer yet, but I've come to believe that incident classification carries an inherent level of subjectivity.
4/6
But when you dig deeper, subjectivity emerges. For example, if a known adversary-controlled IP scans your network (using fresh, internally curated IOCs with an appropriate TTL) is that an incident? 👀 Many would dismiss it as a false positive, arguing that there's no impact.
3/6
3/6
March 31, 2025 at 11:33 AM
But when you dig deeper, subjectivity emerges. For example, if a known adversary-controlled IP scans your network (using fresh, internally curated IOCs with an appropriate TTL) is that an incident? 👀 Many would dismiss it as a false positive, arguing that there's no impact.
3/6
3/6
The reality, however, was that alongside this exciting work, I found myself engaged in philosophical debates over topics that less-experienced teams might take for granted--like the fundamental question: What is an incident? 🤔
At first glance, the answer seems obvious.
2/6
At first glance, the answer seems obvious.
2/6
March 31, 2025 at 11:33 AM
The reality, however, was that alongside this exciting work, I found myself engaged in philosophical debates over topics that less-experienced teams might take for granted--like the fundamental question: What is an incident? 🤔
At first glance, the answer seems obvious.
2/6
At first glance, the answer seems obvious.
2/6