Lea Kissner
@leak.bsky.social
Security, privacy, respect. Was the Twitter CISO until it was terrible. Now LinkedIn CISO. they/them
I considered adding a picture of my study but the piles of books are sprouting piles of books.
And I just ordered some more books.
And I just ordered some more books.
Twitter accounts are based in Russia. BlueSky accounts are based in homes with, frankly, too many books, plants, obsolete cables, and pieces of rustic pottery, that could do with a bit of a tidying up, to be honest.
November 25, 2025 at 6:35 AM
I considered adding a picture of my study but the piles of books are sprouting piles of books.
And I just ordered some more books.
And I just ordered some more books.
The comment thread here is the embodiment of :lolsob:
There is legitimate promise to LLM-assisted coding, but there are also legitimate risks. Like this. And no one here is malicious!
There is legitimate promise to LLM-assisted coding, but there are also legitimate risks. Like this. And no one here is malicious!
One of the many joys of using AI for programming is the creation of huge PRs on complex topics that the authors barely understand, but still suggest "because they work". Here's a great example from #OCaml github.com/ocaml/ocaml/...
Kudos to OCaml's maintainers for handling this so gracefully.
Kudos to OCaml's maintainers for handling this so gracefully.
DWARF support for macOS and Linux by joelreymont · Pull Request #14369 · ocaml/ocaml
DWARF v5 Debugging Support for OCaml Native Compiler
This PR adds DWARF v5 debug information to the OCaml native compiler, allowing proper source-level debugging in GDB and LLDB.
What's Impleme...
github.com
November 24, 2025 at 9:25 PM
The comment thread here is the embodiment of :lolsob:
There is legitimate promise to LLM-assisted coding, but there are also legitimate risks. Like this. And no one here is malicious!
There is legitimate promise to LLM-assisted coding, but there are also legitimate risks. Like this. And no one here is malicious!
Reposted by Lea Kissner
now everyone together quote @leak.bsky.social
November 22, 2025 at 3:38 AM
now everyone together quote @leak.bsky.social
The "Gear" series on the Articles of Interest podcast has convinced me that if for some reason I was in the armed forces (and I wasn't doing the obvious things for me to do) I would want to be in the quartermaster corps. The complexity in clothing alone 🤯
www.articlesofinterest.co/podcast
www.articlesofinterest.co/podcast
EPISODES | Articles Of Interest
www.articlesofinterest.co
November 21, 2025 at 2:40 AM
The "Gear" series on the Articles of Interest podcast has convinced me that if for some reason I was in the armed forces (and I wasn't doing the obvious things for me to do) I would want to be in the quartermaster corps. The complexity in clothing alone 🤯
www.articlesofinterest.co/podcast
www.articlesofinterest.co/podcast
If my emails ever get leaked, just know that I'm not sub-literate, I'm lazy.
November 13, 2025 at 3:43 AM
If my emails ever get leaked, just know that I'm not sub-literate, I'm lazy.
A performance plan (PIP) is incredibly hard on everyone involved. The person going through it, the manager, and *the entire team*.
When I'm running one, I deeply want to help the person going through it find whatever's missing so that they do an awesome job and we can keep working together.
1/🧵
When I'm running one, I deeply want to help the person going through it find whatever's missing so that they do an awesome job and we can keep working together.
1/🧵
November 10, 2025 at 7:25 PM
A performance plan (PIP) is incredibly hard on everyone involved. The person going through it, the manager, and *the entire team*.
When I'm running one, I deeply want to help the person going through it find whatever's missing so that they do an awesome job and we can keep working together.
1/🧵
When I'm running one, I deeply want to help the person going through it find whatever's missing so that they do an awesome job and we can keep working together.
1/🧵
Up until a few weeks ago, the conversation virtually always went like this:
Them: "why are you wearing a mask?"
Me: "because I don't want to accidentally kill my mom. Plus I hear COVID is no fun."
Them: *vivid story of how terrible COVID is*
It sounds less fun than wearing a mask, y'all 🤷
Them: "why are you wearing a mask?"
Me: "because I don't want to accidentally kill my mom. Plus I hear COVID is no fun."
Them: *vivid story of how terrible COVID is*
It sounds less fun than wearing a mask, y'all 🤷
Sometimes when people ask me why I’m wearing a mask I say I’m traveling or have some important thing soon and can’t afford to get sick and miss it and that’s pretty much always true but I think it would be nice if it were more normalized to just say “I don’t want to get sick” and leave it at that
November 9, 2025 at 4:53 PM
Up until a few weeks ago, the conversation virtually always went like this:
Them: "why are you wearing a mask?"
Me: "because I don't want to accidentally kill my mom. Plus I hear COVID is no fun."
Them: *vivid story of how terrible COVID is*
It sounds less fun than wearing a mask, y'all 🤷
Them: "why are you wearing a mask?"
Me: "because I don't want to accidentally kill my mom. Plus I hear COVID is no fun."
Them: *vivid story of how terrible COVID is*
It sounds less fun than wearing a mask, y'all 🤷
New life goal unlocked
Loving today's news that the mysterious "fedora man" outside the Louvre heist was actually a 15-year-old museum visitor who dresses like a 1940s French detective all the time, just because. apnews.com/article/louv...
Fedora man unmasked: Meet the teen behind the Louvre mystery photo
Fifteen-year-old Pedro Elias Garzon Delvaux has become an internet sensation after an Associated Press photo captured him outside the Louvre on the day of a crown jewels heist.
apnews.com
November 9, 2025 at 4:40 PM
New life goal unlocked
I hired a director recently and this was my screening question: can you please explain the difference between public-key and symmetric-key cryptography.
Virtually all the candidates, who universally claimed security engineering expertise of some kind (some cryptography-related) could not. At all.
Virtually all the candidates, who universally claimed security engineering expertise of some kind (some cryptography-related) could not. At all.
November 7, 2025 at 4:57 PM
I hired a director recently and this was my screening question: can you please explain the difference between public-key and symmetric-key cryptography.
Virtually all the candidates, who universally claimed security engineering expertise of some kind (some cryptography-related) could not. At all.
Virtually all the candidates, who universally claimed security engineering expertise of some kind (some cryptography-related) could not. At all.
"Betteridge's law of headlines is an adage that states: "Any headline that ends in a question mark can be answered by the word no.""
en.wikipedia.org/wiki/Betteri...
en.wikipedia.org/wiki/Betteri...
November 6, 2025 at 5:30 PM
"Betteridge's law of headlines is an adage that states: "Any headline that ends in a question mark can be answered by the word no.""
en.wikipedia.org/wiki/Betteri...
en.wikipedia.org/wiki/Betteri...
"Worked for" is an exaggeration here -- while there may be actual staff in this group, these scan centers are mostly operated by victims of human trafficking.
This is one of the many reasons we need stronger online security across the board: to break the incentives behind this horror.
This is one of the many reasons we need stronger online security across the board: to break the incentives behind this horror.
India is repatriating on Thursday the first batch of hundreds of its nationals who last month fled to Thailand from Myanmar, where most had been working at a notorious center for online scams.
Indians who fled a Myanmar cyberscam center are being flown home from Thailand
India is repatriating the first batch of hundreds of its nationals who last month fled to Thailand from Myanmar, where most had been working at a notorious center for online scams.
bit.ly
November 6, 2025 at 1:33 PM
"Worked for" is an exaggeration here -- while there may be actual staff in this group, these scan centers are mostly operated by victims of human trafficking.
This is one of the many reasons we need stronger online security across the board: to break the incentives behind this horror.
This is one of the many reasons we need stronger online security across the board: to break the incentives behind this horror.
Would you like to work on LinkedIn? InfoSec is hiring! We have both manager and IC roles -- and more coming.
I'm here because I want to help protect people and not work with jerks. If that's what you like, then I hope you'll join us.
Jobs in 🧵
I'm here because I want to help protect people and not work with jerks. If that's what you like, then I hope you'll join us.
Jobs in 🧵
November 5, 2025 at 11:27 PM
Would you like to work on LinkedIn? InfoSec is hiring! We have both manager and IC roles -- and more coming.
I'm here because I want to help protect people and not work with jerks. If that's what you like, then I hope you'll join us.
Jobs in 🧵
I'm here because I want to help protect people and not work with jerks. If that's what you like, then I hope you'll join us.
Jobs in 🧵
Encryption without key rotation is just sparkling obfuscation
October 23, 2025 at 7:11 PM
Encryption without key rotation is just sparkling obfuscation
Not being a jerk is a shockingly underrated hiring strategy.
look, one reason workplaces started making us all go to HR's "be polite to others" class is because you alienate people when you're a bigoted asshole, and that can lose you both talent and business www.ft.com/content/8e6d...
Sequoia COO quit over Shaun Maguire’s comments about Islamism
Sumaiya Balbale left the venture firm after it decided not to discipline outspoken investor for posts about Zohran Mamdani
www.ft.com
October 22, 2025 at 1:11 PM
Not being a jerk is a shockingly underrated hiring strategy.
Reposted by Lea Kissner
pleasures of the flesh fade, other people however much you love each other will sometimes let you down, the world is filled with sorrows. but from today until the last day of your life, wherever you are if you pay attention there is something new to learn. it's a great comfort.
October 13, 2025 at 6:30 PM
pleasures of the flesh fade, other people however much you love each other will sometimes let you down, the world is filled with sorrows. but from today until the last day of your life, wherever you are if you pay attention there is something new to learn. it's a great comfort.
The number of people who don't seem to realize that people in the same field, even in the same team, talk to each other is astonishing.
A security vendor invited me to a dinner with featured guest the "VP of IAM at LinkedIn". There is no such person. I'm so curious who; the vendor wouldn't answer.
A security vendor invited me to a dinner with featured guest the "VP of IAM at LinkedIn". There is no such person. I'm so curious who; the vendor wouldn't answer.
This morning's spam from a scammer claiming to be Andy Weir, asking me to send a link to my own work and maybe he'll check it out (aka the opening salvo to sending the scammer money) and I'm all, look pal, I know Andy's read my stuff already, he said so WHEN WE WERE DOING A FUCKING EVENT TOGETHER
September 22, 2025 at 1:36 PM
The number of people who don't seem to realize that people in the same field, even in the same team, talk to each other is astonishing.
A security vendor invited me to a dinner with featured guest the "VP of IAM at LinkedIn". There is no such person. I'm so curious who; the vendor wouldn't answer.
A security vendor invited me to a dinner with featured guest the "VP of IAM at LinkedIn". There is no such person. I'm so curious who; the vendor wouldn't answer.
TIL that setting LESSSECURE makes you more secure
September 15, 2025 at 9:24 PM
TIL that setting LESSSECURE makes you more secure
Fully most of what I travel with for any trip is food, which I am not willing to risk the airline losing, but speaking as someone who packs light to the point where I did a 4-day trip with only a briefcase (pre-having-to-carry-all-of-my-food situation), this is the hard way to travel light!
Personally, I'd rather just check a large bag for a long trip, than have to deal with randomly shipping stuff home and buying entirely new things at unpredictable intervals
(speaking as someone who spends a lot of time traveling internationally for extended periods myself)
(speaking as someone who spends a lot of time traveling internationally for extended periods myself)
September 8, 2025 at 4:03 PM
Fully most of what I travel with for any trip is food, which I am not willing to risk the airline losing, but speaking as someone who packs light to the point where I did a 4-day trip with only a briefcase (pre-having-to-carry-all-of-my-food situation), this is the hard way to travel light!
At one job someone decided to argue with me about whether my pronouns are grammatical.
a) yes they are I have citations
b) what an extremely odd fight to pick at work
In summary, there are so many ways not to be a jerk and not being a jerk is one of my life goals
a) yes they are I have citations
b) what an extremely odd fight to pick at work
In summary, there are so many ways not to be a jerk and not being a jerk is one of my life goals
roses are red
violets are blue
singular they
predates singular you
violets are blue
singular they
predates singular you
Another day, another whiner complaining that I use the singular "they" in my work, and of course they can go fuck themselves
(you see what I did there)
(also, gift link)
wapo.st/3JEdPUv
(you see what I did there)
(also, gift link)
wapo.st/3JEdPUv
September 3, 2025 at 10:34 PM
At one job someone decided to argue with me about whether my pronouns are grammatical.
a) yes they are I have citations
b) what an extremely odd fight to pick at work
In summary, there are so many ways not to be a jerk and not being a jerk is one of my life goals
a) yes they are I have citations
b) what an extremely odd fight to pick at work
In summary, there are so many ways not to be a jerk and not being a jerk is one of my life goals
Vibe coding is a lot easier if you don't care about breaking things
#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7
August 26, 2025 at 11:50 PM
Vibe coding is a lot easier if you don't care about breaking things
In "people are awesome" news, some UPS drivers helped me find the UPS driver driving around with my medication and he popped over and gave it to me and told me how to find him if I end up with a meds emergency again. Stand up dude and I owe him.
August 22, 2025 at 11:46 PM
In "people are awesome" news, some UPS drivers helped me find the UPS driver driving around with my medication and he popped over and gave it to me and told me how to find him if I end up with a meds emergency again. Stand up dude and I owe him.
I'm failing to remember enough to Google this, but I could swear there were cases where someone mixed corporate data into personal systems (or vice versa), personal data got dragged into legal discovery, and it was embarrassing all around. Does anyone have a pointer?
August 17, 2025 at 9:56 PM
I'm failing to remember enough to Google this, but I could swear there were cases where someone mixed corporate data into personal systems (or vice versa), personal data got dragged into legal discovery, and it was embarrassing all around. Does anyone have a pointer?
The big problem with having agreed to write a book is having to actually write the book
August 15, 2025 at 8:13 PM
The big problem with having agreed to write a book is having to actually write the book
@kendraserra.bsky.social just gave an interesting talk about strong "you will not disclose any security bugs you tell us about" NDAs on some disclosure/bounty platforms
I'd add something to that: companies have a real incentive for people to disclose closed vulns 🧵
www.usenix.org/conference/u...
I'd add something to that: companies have a real incentive for people to disclose closed vulns 🧵
www.usenix.org/conference/u...
Everything Old Is New Again: Legal Restrictions on Vulnerability Disclosure on Bug Bounty Platforms | USENIX
www.usenix.org
August 13, 2025 at 11:39 PM
@kendraserra.bsky.social just gave an interesting talk about strong "you will not disclose any security bugs you tell us about" NDAs on some disclosure/bounty platforms
I'd add something to that: companies have a real incentive for people to disclose closed vulns 🧵
www.usenix.org/conference/u...
I'd add something to that: companies have a real incentive for people to disclose closed vulns 🧵
www.usenix.org/conference/u...