Satirical hot takes from non-technical position holders

The Twitter hashtag #cisotips has been greeted by derision from the hacker community after a spoof tweet mocking bad infosec advice went viral

The Twitter hashtag #cisotips has been greeted by derision from the hacker community after a spoof tweet mocking bad infosec advice went viral.

It came after @LiveOverflow, aka security researcher Fabian Faessler, who is known in the community for his educational hacking tutorial videos, posted a tweet that has quickly gained traction online.

Faessler told The Daily Swig that he wanted to share some “terrible” security advice, spoofing that of a non-technical CISO – chief information security officer – as a joke.


Read more of the latest infosec industry news


“As you probably know, there is the hashtag #bugbountytips and #pwntips to share technical tips,” Faessler said.

“And sometimes people would share very funny – and wrong – tips as a joke. Then I just had an idea for a funny terrible security advice that I wanted to tweet. But it was not bug bounty related, so I thought of something else.”


The tweet that sparked the meme
The tweet that sparked the meme


He added: “Because sometimes we more technical people have this stereotype of non-technical executives with a position like CISO, I thought it would be funny to tweet some more general bad security advice and use #cisotips.”

Bad advice

The original tweet, which has had more than 330 likes and 23 retweets, drew inspiration from a whole host of questionable infosec advice that Faessler has seen over the years.

It later inspired a flurry of other parody posts using the #cisotips hashtag from members of the infosec community.





>

Muddying the waters

Faessler told The Daily Swig that he had to clarify that some of his tweets were a joke, since many of them “blurred the lines” between a spoof and a genuine post.

“Some of the tweets were intentionally on a blurry line and are probably worth discussing,” he said.

“For example, the tweet about ‘95% of vulnerabilities can be found by scanning’. The number is made up, but I think it’s a very interesting debate about the ‘best effort’ and ‘cost-benefit’ ratio.”

He concluded: “I can totally see this being an actual discussion a company might have.”


Got something funny to add to the discussion? Join us over on Twitter at @DailySwig, using the hashtag #cisotips


YOU MAY ALSO LIKE Learning curve: YouTube’s LiveOverflow brings ethical hacking to the masses