Oh look someone has ripped off most of my designs. They have also copied dozens of other sticker makers in the hacker community. I've reported them, but if they've stolen from you, you may want to report them too:

www.etsy.com/listing/4357...

The unbundling of Okta: are startups chipping away at Okta? A guest post from Maya Kaczorowski who breaks down Okta’s competition and how Okta is not being unbundled, but rather squeezed from all sides.

Wrote up some thoughts for how Okta is getting squeezed from all sides: squished by Rippling at the bottom, Msft at the top, and other markets and startups in the middle.
I hope you love some red string diagrams 🤣
ventureinsecurity.net/p/the-unbund...

The New Commandments of Security Teams Guest post by Maya Kaczorowski

Check out our cofounder @mayakaczorowski.com's post on @frankw.bsky.social's Frankly Speaking on how modern security teams are scaling.
Read the post for the new commandments of security teams: franklyspeaking.substack.com/p/the-new-co...

BSidesSF 2025 - Plays Incident Response (Maya Kaczorowski, Whitney Merrill) YouTube video by Security BSides San Francisco

@wbm312.bsky.social and I's talk from BSidesSF is now online: www.youtube.com/watch?v=wiq2...
Play along to learn about incident response!

What I've been up to the last few months: working on the untrendy but important problem of authorization in corporate environments. Check it out!

Yes! I find Subframe super easy to build and iterate on a reasonable prototype quickly. I also like that it’s relatively opinionated so what you’re building is consistent, not completely made up

“I’d rather eat something off Amazon than buy an SD card off Amazon”

FedRAMP by the numbers FedRAMP authorizations seem to have recently increased. Which providers benefit the most from FedRAMP, and who's buying? Let's look at the data.

I dug into the FedRAMP marketplace data and see just why FedRAMP is so hot right now 🔥: while new authorizations haven't increased much, re-uses are skyrocketing.

Take a look at who is selling the most to government, and which agencies are buying: mayakaczorowski.com/blogs/fedramp

Developer Creates Infinite Maze That Traps AI Training Bots "Nepenthes generates random links that always point back to itself - the crawler downloads those new links. Nepenthes happily just returns more and more lists of links pointing back to itself."

“Let's say you've got horsepower and bandwidth to burn, and just want to see these AI models burn. ... It's also sort of an art work, just me unleashing shear unadulterated rage at how things are going.”

love to see it

www.404media.co/developer-cr...

Dear Santa, all I want for Christmas is better security tools What CISOs want for Christmas are better security tools -- that solve problems rather than just finding them, work like modern developer tools, consolidate functionality, cover complex environments, a...

Dear Santa: please no more security dashboards this year. We've got enough tools telling us about problems and that don't work well together — how about some that help the security team scale?
My wishlist for better security tools from an imaginary CISO: mayakaczorowski.com/blogs/ciso-wishlist

The road to zero trust is paved with good intentions Where is your organization really in your zero trust journey, and how much further do you have to do? Implementing a true zero trust architecture is more aspirational than achievable.

Zero trust: everyone (was) talking about it, but how far did we get? From inventory basics to the long tail of unsolved challenges, here's a realistic look at where you are in your zero trust journey, from a talk @ericchiang.bsky.social and I gave in 2022 😅 mayakaczorowski.com/blogs/road-t...

@mayakaczorowski.com and I are publishing the write up of our 2022 NorthSec talk on the hard parts of zero trust. Which made me wonder, how's that US executive memorandum requiring agencies to adopt ZTA by 2024?

ericchiang.github.io/post/zero-tr...

What sucks in security? Research findings from 50+ security leaders I interviewed 57 security leaders and asked them "What sucks in security?" Their top pain points were inconsistent access management, vulnerability prioritization and remediation, and obtaining SaaS l...

What keeps security leaders up at night? I interviewed 57 CISOs and security leaders to find out. The answers were surprisingly consistent: access management challenges, vulnerability management complexity, and limited SaaS visibility. Read the post: mayakaczorowski.com/blogs/what-s...

him: "you have so many passwords in data dumps"
me: "wait is my neopets password in there? I want to play but if says i don't have an account"

(It’s been just over a month 🤷‍♀️)

I haven’t used the United app in so long I need to redownload it 😅

“I don’t know why, I just know champagne”

I can’t find where my paper towel is supposed to go

“Chapter 10: higher education”

I’m in a fancy restaurant in Palo Alto and there’s an audiobook playing in the bathroom

@twitchyliquid64.bsky.social hello hi

i’m too old for this