Captain's Log, Stardate 2021.12.10


Captain's Log is a weekly feature highlighting cool and interesting things we've seen this week. 

Women Know Cyber: The Documentary
Cybercrime Magazine / Steve Morgan

Women represent 25 percent of the global cybersecurity workforce in 2021, up from 20 percent in 2019, and around 10 percent in 2011. We predict women will represent 30 percent of the global cybersecurity workforce by 2025, and that will reach 35 percent by 2031."WOMEN KNOW CYBER: THE DOCUMENTARY" features women in cybersecurity from across the globe who share their stories in an effort to recruit more female cybercrime fighters to our field. The documentary is derived from the book "Women Know Cyber: 100 Fascinating Females Fighting Cybercrime" by Steve Morgan and Di Freeze.



How Netflix’s Choice Engine Drives Its Business
Behavioral Scientist / Eric Johnson

Netflix’s entire existence depends on finding programs that you will want to watch from its large library of licensed content. Keeping you engaged and paying a monthly subscription is its major source of revenue.

Netflix needs to connect customers with content, so you think it will be able to find you something to watch. To do this, Netflix’s landing page uses many choice‑architecture tools. Let’s look at some of them...

How Netflix’s Choice Engine Drives Its Business

This shouldn't have happened: A vulnerability postmortem
Google Project Zero / Tavis Ormandy

This is an unusual blog post. I normally write posts to highlight some hidden attack surface or interesting complex vulnerability class. This time, I want to talk about a vulnerability that is neither of those things. The striking thing about this vulnerability is just how simple it is. This should have been caught earlier, and I want to explore why that didn’t happen.

In 2021, all good bugs need a catchy name, so I’m calling this one “BigSig”. First, let’s take a look at the bug, I’ll explain how I found it and then try to understand why we missed it for so long...

This should not have happened: A vulnerability postmortem

The Internet’s biggest players are all affected by critical Log4Shell 0-day
Ars Technica / Dan Goodin

The list of services with Internet-facing infrastructure that is vulnerable to a critical zero-day vulnerability in the open source Log4j logging utility is immense and reads like a who’s who of the biggest names on the Internet, including Apple, Amazon, Cloudflare, Steam, Tesla, Twitter, and Baidu.

The vulnerability, now going by the name Log4Shell, came to light on Thursday afternoon, when several Minecraft services and news sites warned of actively circulating attack code that exploited the vulnerability to execute malicious code on servers and clients running the world’s bestselling game. Soon, it became clear that Minecraft was only one of likely thousands of big-name services that can be felled by similar attacks...


Why I Quit Being a JupiterOne Customer...
JupiterOne / Jasmine Henry

Over the past 19 months, I was empowered to create a security and compliance function at a Seattle startup. I was a pretty successful Security Director by most measures - I helped my employer win a Series B funding round then a Series C, and cultivated many amazing customer relationships. I got to experiment at the bleeding edge of cloud-native startup security and being a JupiterOne customer was a huge part of this successful journey.

Monday, I joined the JupiterOne team as an employee in a Field Security Director role...

2021-12-07 Jasmine Hex - Featured Image


Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

Downloadable Resources


Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.


cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.