What It Takes to Defend a Cybersecurity Company from Today's Adversaries
22 comments
·April 30, 2025mikewarot
You just can't secure something like Windows, Linux, MacOS, because it's faulty by design. Any business that claims to be able to do so is selling snake oil.
Capability based operating systems can be made secure. Data diodes are a proven strategy to allow remote monitoring without the possibility of ingress of control. Between those two tools, you have a chance of useable and secure computing in the modern age, even against advanced threats.
Yeah... I feel like Cassandra, but here we are. You've been warned, yet again.
CyberMacGyver
It’s RSA time so expect lot of cybersecurity posts
saagarjha
Ah, that’s why all the people in business attire are swarming around
owyn
I haven't heard of that one. What is RSA time?
mandevil
2025 RSA Conference USA in San Francisco. So lots of papers are going to be presented and talks given on new clever ways researchers have figured out to beat different layers of security, tracking APT's, etc.
keyle
That sounds like the oracle version of defcon.
ash-ali
RSA conference in the city
looperhacks
Is there any way to recognize adversary IT workers? Not many companies have the capabilities of cybersecurity experts
recursivecaveat
Biggest thing you can do is just ensure you conduct at least 1 on-site interview, and make sure that interviewer is in a position to realize if the person they met is not the same one who shows up for other interviews and/or the work. Cost of a flight is nothing really compared to recruiting and hiring (and if you really are fully-remote and geographically distributed, you probably already have somebody in their metro area), on-sites used to be standard.
khafra
I mean, it's not the biggest thing you can do; you could start selling to the government, become a cleared contractor, and then you could require a USG security clearance for job applicants.
I would call the on-site interview and/or minimal background check "the most pareto frontier thing you can do."
Mountain_Skies
How much of that would you get from just using e-verify? That doesn't find criminal issues like a security clearance does but seems like it would at least reduce the pool of nefarious applicants by a significant margin.
bigfatkitten
Just make them show up in person at least once for onboarding. They're not going to fly out from China or Russia (where they tend to be based) to do this; especially not to the US.
Verify their ID in person, issue their laptop etc in person, make sure someone who interviewed them is there to meet and greet them (and attest that it's the same person they talked to.)
If you can at least do a final interview in person also, then that's even better.
CyberMacGyver
Yes there are lot of identifiers. They are improving a lot, so things are changing daily. There are certain steps to take pre hiring and post hiring. If you need help share your email and I can provide details.
smolder
The reality is a bunch of people trying to secure their insurance relationship. Useless money absorbers are running things.
Animats
Start with a fingerprint check before you even talk to them.[1] Then ask for a REAL ID at the interview, take fingerprints again, and match with the ones from the pre-screen fingerprint check. You need to be signed up with a driver's license verification service to validate the ID.[2]
It takes that level of verification to become a security guard or a school bus driver. Anybody in computer security should be doing this.
[1] https://www.sterlingcheck.com/services/fingerprinting/
[2] https://www.aamva.org/technology/systems/verification-system...
Gathering6678
Are you serious about this?
I live in China, a supposedly autocratic country and one with universal ID, and even companies here don't take fingerprints. ID will be shown when you are officially onboard. I can't say for all, but for most companies (at least the ones without the need for a security clearance), requiring ID at interview will be seen as a red flag, and requiring fingerprint would probably be put on social media and name shamed, if not straight up reported to the authorities.
mixmastamyk
Not a typical job but one in a high security environment, seems somewhat understandable.
Not that I’d do it. The paradox that security for a firm means zero privacy for me is too much to bear these days.
hulitu
> Recent adversaries have included: DPRK IT workers posing as job applicants ransomware operators probing for ways to access/abuse our platform Chinese state-sponsored actors targeting organizations aligned with our business and customer base
Thank god there were no Russians or Iranians. /s
bigfatkitten
Iranians have been doing it too, on an individual, sanctions-evading level. Many of the DPRK workers operate out of Russia (and China.)
computerthings
[dead]
Heh, given the title I initially thought SentinelOne was addressing the Chris Krebs situation, and the adversary would be the current administration. But it's about different nation state actors.
(context: https://www.cnbc.com/2025/04/16/former-cisa-chief-krebs-leav... )