Sean Cassidy's Avatar

Sean Cassidy

@seancassidy.me

Head of Security at Asana

522
Followers 239
Following 68
Posts 13.04.2023
Joined
Posts Following

Latest posts by Sean Cassidy @seancassidy.me

Paranoia Agent is the best Kon imo

02.08.2025 02:02 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

Illustrative example of using Asana AI Studio to improve security *and* productivity.

I reporting a phishing attack from gmail - this resulted in a task being created in Asana.

AI automatically triaged the nature of the attack and escalated it based on specifics (like targeting the CEO). 1/2

05.06.2025 15:21 πŸ‘ 14 πŸ” 2 πŸ’¬ 2 πŸ“Œ 0
Preview
Deafening Silence From The Cybersecurity Industry Chris Krebs affirmed the 2020 election was secure. Now he's the target of an Executive Orderβ€”and the cybersecurity industry’s silence is enabling a dangerous precedent.

Deafening Silence From The Cybersecurity Industry by Forbes senior contributor Tony Bradley; links to Luta Security CEO's recent blog post @k8em0.bsky.social @lutasecurity.bsky.social
www.forbes.com/sites/tonybr...

16.04.2025 16:57 πŸ‘ 75 πŸ” 35 πŸ’¬ 1 πŸ“Œ 3
Preview
I am speaking up in support of Chris Krebs We all need to

Here's my blogpost in support of Krebs. It's different enough from those by @stamos.org or @k8em0.bsky.social that it's worth writing, though the conclusion is much the same.
cybersect.substack.com/p/i-am-speak...

17.04.2025 00:47 πŸ‘ 98 πŸ” 38 πŸ’¬ 4 πŸ“Œ 2
Preview
Exclusive | Former Trump Official Targeted With Government Probe Vows to… | Alex Stamos *The following is a message from Alex and Katie Stamos and does not represent any company or organization* Working with Chris Krebs and getting to know his wife Emily and their five children has been...

Working with Chris Krebs and getting to know his wife Emily and their family has been one of the great honors of my life. The attack against their family should be condemned by all.

I have written a post about what is happening to them here: www.linkedin.com/posts/alexst...

16.04.2025 20:45 πŸ‘ 269 πŸ” 62 πŸ’¬ 2 πŸ“Œ 2

one of my favorite parts of vibe coding is that it brings one of the core parts of programming - randomly changing things until it's fixed - to everyone

02.04.2025 20:54 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

preferably not self hosted

30.03.2025 19:43 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

an ulterior motive i had for this post was hoping someone would read it and offer a recommendation!

30.03.2025 17:10 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

the huge collection of blogs and substacks i read once, really enjoy, and then forget about instantly

30.03.2025 15:11 πŸ‘ 1 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0

if someone wrote a really high quality rss reader right now it would do so well

30.03.2025 05:09 πŸ‘ 5 πŸ” 1 πŸ’¬ 2 πŸ“Œ 0

at least we have bashforever.com as a backup

21.03.2025 15:09 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

sad that bash.org is gone

21.03.2025 15:07 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

β€œThErE Is nO EvIdEnCe oF AnY ThReAt aCtOr aCtIvItY” said the clowns at @lastpass.bsky.social in their many, many updates trying to downplay the severity of this breach.

If you’re using LastPass in 2025, you’re being grossly negligent.

08.03.2025 02:50 πŸ‘ 108 πŸ” 26 πŸ’¬ 8 πŸ“Œ 1

how was the burger?

07.03.2025 18:40 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

ever pull a scsi drive out while it was running? that was a fun feeling

06.03.2025 04:42 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
Jasmine Sun on Substack for the first timeβ€” and it brings me no joy to admit thisβ€” an LLM has produced writing I think is actually good DeepSeek’s new r1 model was able to take some extremely rough bullet points and generat...

This example of writing from DeepSeek's r1 model is incredible. It actually persuaded me that the chat interface is more than just a rough first draft of a UI.

Also, "the demon stirs"? I could read this all day.

substack.com/@jasmine/not...

28.01.2025 14:54 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Getting silly with C, part (void*)2 They won't be able to find bugs in your code if they can't figure out how it works.

TIL that C function definitions have an implicit semicolon after them, which enables you to put a function declaration in the for loop control block.

lcamtuf.substack.com/p/getting-si...

10.01.2025 17:05 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

Find yourself fixing the family printer today?πŸŽ„
We get hit with tech requests & our folks don’t realize they are most at risk bc they reuse their password everywhere!
Thanks @techcrunch.com @zackwhittaker.bsky.social for chatting about how to help our fam at home πŸ’»
techcrunch.com/2024/12/25/h...

25.12.2024 17:08 πŸ‘ 75 πŸ” 29 πŸ’¬ 2 πŸ“Œ 4
Preview
The Quiet HTTPS Revolution In a recent post, I explained that the websites I visit on my Chromebook are almost all delivered over HTTPS. Better still, 100% of the…

Reporters, this is a story worth covering. It might not be as glamorous as high-profile hacks, and it might not attract as many clicks, but it’s important. The quiet adoption of HTTPS has improved online security for billions of people, and it deserves attention.

medium.com/@boblord/the...

20.12.2024 04:09 πŸ‘ 71 πŸ” 16 πŸ’¬ 0 πŸ“Œ 2

i saw a drone show last night and it was so good i never want to see fireworks ever again. 10/10 no notes

15.12.2024 17:33 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

For anyone interested in detection and prevention methods against Salt Typhoon intrusions targeting communication providers, here is a comprehensive guide:

media.defense.gov/2024/Dec/03/...

04.12.2024 14:37 πŸ‘ 53 πŸ” 36 πŸ’¬ 2 πŸ“Œ 1
sean cassidy : Plural gTLDs are evil

And plural gTLDs make this even worse: www.seancassidy.me/plural-gtlds...

04.12.2024 00:29 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

The problem here is that humans want human-readable and unique names to disambiguate entities, but there are too many entities to do that all in one TLD. Having all of these gTLDs makes that easier, but identifying the correct website much harder.

04.12.2024 00:29 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

A few days ago I almost got bit by a .shop fake website impersonating a website I wanted to use.

krebsonsecurity.com/2024/12/why-...

04.12.2024 00:29 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

why do onions tell you to wash them before use. who is eating the onion skins

28.11.2024 16:28 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

yeah it will be more like a rotation than a diminishing, but there are categories of jobs that will be closer to non-existent in 2026 like tier 1 SOC analysts

27.11.2024 00:50 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

LLMs are going to take a lot of security industry jobs. We're already starting to see it, and in 2025, and especially 2026, it'll be all we're talking about.

27.11.2024 00:05 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

If you're using Telegram? Don't.

At the moment, Signal (signal.org) is the most secure fully mature messaging app that's out there. It's what CULT OF THE DEAD COW uses for our intra-herd conversations, as well as being pretty much the Gold Standard in the information security community right now.

22.11.2024 00:15 πŸ‘ 90 πŸ” 50 πŸ’¬ 2 πŸ“Œ 1

CISO starter pack? Yes please. go.bsky.app/D3emUbj

26.11.2024 12:44 πŸ‘ 0 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

i will never forget the time, i, a newly minted freshman in college, was in the supermarket and asked if a guy was on line (for checkout). and he said, "you mean, like, on the internet? oh here in rochester we actually say in line rather than on line."

25.11.2024 23:55 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0