Rob Dickinson

So much of “prompt engineering” is what we used to just call “being a good manager” and you might not really grok that without having managed a midsize team at some point in your career

I believe my marketing/events team would recognize this as my writing process

apidays New York 2025 - API Management for Surfing the Next Innovation Waves: GenAI and Open Banking | May 14 & 15, 2025 May 14 & 15, 2025 - API Management for Surfing the Next Innovation Waves: GenAI and Open Banking | AI's potential hinges on effective API management. Apidays NYC explores this critical connection, sho...

We're going to #apidays NYC! 🎉 Our VP of Eng.,
@robfromboulder.bsky.social, will be speaking there, as well. 🗣️

See us in NYC May 14-15 to talk #APIsecurity, #SIEM, & more. Or just to hang & get #Graylog swag! 🤝🎁

www.apidays.global/new-york/ #APIs #cybersecurity #API #APIdaysNY #Graylog

Why API Discovery Is Critical to Security API discovery is critical to an organization's security posture because shadow and deprecated APIs are unmanaged risks that attackers can take advantage of.

Unmanaged #APIs create #security blindspots. 🕶️ 😧 And, as orgs build out their application ecosystems, the number of APIs integrated into IT environments expands — which can easily overwhelm security teams. ↕️ 👀 😵

Enter... API discovery.💥 Learn more.👇

graylog.org/post/why-api... #cybersecurity

Table 1: Top 15 Routinely Exploited Vulnerabilities in 2023

- SQL injection
- Code injection
- Command injection

Fact: ORMs aren't a magic bullet for SQL injection. Misusing the API or vulnerabilities in the library itself can still cause problems.

I've seen it already with TypeORM and with Sequelize.

How To Approach API Security Amid Increasing Automated Attack Sophistication In 2025, security teams must prioritize API monitoring, threat detection, and protection against both automated and traditional attacks to safeguard sensitive data.

#APIsecurity incidents were at an all time high in 2024. 🙀

With increasing #cyberattacks driven by #AI & automation, #security teams must have a strategy that emphasizes monitoring firewalls, gateways, etc. but also works towards detecting API data exfiltration.

www.itprotoday.com/vulnerabilit...

omg 🤦🏻‍♂️

The obvious question is whether this would actually be enforced…but imho establishing a federal standard of care for privacy is worth it either way

Syslog Protocol: A Reference Guide Follow this guide Syslog Protocol: A Reference Guide and you will have enough information to understand the differences and nuances of Syslog.

Need a reference guide for the Syslog protocol? 📑 We've got you covered! 🙌

#Syslog is a logging protocol that is supported across many applications as well as hardware, and despite having been developed in the 1980s is still a very common format in use today. graylog.org/post/syslog-... #cybersec

Watch and wait and enjoy sports and hope that a national moment of realization obtains, gotcha

Just today have seen multiple phishing attempts offering “help” accessing frozen government funds and benefits

This is a really big deal about protecting critical infrastructure.

If any adversary takes down your water supply, you got a problem.

#CyberCivilDefense #take9

Everyday we're all for-real under threat of cyber attacks, that's seriously scary.

Good news is there’s something we can all do to thwart these dangers.

Here's a start: just pause and #Take9 seconds before you click, download, or share.

Follow @pausetake9 for more!

#CyberCivilDefense

Using Data Pipelines for Security Telemetry Data pipelines automate the collection, transformation, and delivery processes to make data usable for analytics and visualization.

Not all orgs need heavy-hitting data pipeline management tools.🏋‍ Complex tools create extra work & require more skills. Simple ones won't give you the data you need. You need the “just right” tool.

Learn more about data pipelines & their benefits for security telemetry. graylog.org/post/using-d...

CISA director says threat hunters spotted Salt Typhoon on federal networks before telco compromises A top federal cybersecurity official said that threat hunters from CISA first discovered activity from Salt Typhoon on federal networks.

CISA director says threat hunters spotted Salt Typhoon on federal networks before telco compromises

It's been an awesome few days at the #Graylog company-wide get together in Charleston, SC. 🎉 One highlight was our awards ceremony where we honored some particularly impactful team members.👏

Congrats on some amazing achievements & TY for being such great roll models! 🏆 #cybersecurity #infosec

Biden signs 11th-hour cybersecurity executive order Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive

Is Biden's 11th-hour EO on cybersecurity DOA?

"Given the timing right before a change in the administration, I can't help but think it's a bit of a Hail Mary designed to include everything possible and just see what sticks."

Why Patching Isn’t the Ultimate Goal in Cybersecurity Patching critical systems is always the fix for eliminating vulnerabilities. Or Is it? A focus on what matters and the priorities is best.

Hi #infosec, I wrote a blog about patching prioritization. CVE scores weren't meant to be the gold standard. Context from your runtime activity is an essential ingredient. And for those systems that cant/wont be patched, you need monitoring in place. graylog.org/post/why-pat...

These are the cybersecurity stories we were jealous of in 2024 | TechCrunch The very best work from our friends at competing publications.

I love the annual tradition of @lorenzofb.bsky.social @zackwhittaker.bsky.social and @carlypage.bsky.social highlighting the best cybersecurity stories (and, in quite a few cases, thorough investigations) that other people wrote techcrunch.com/2024/12/24/t...

It's truly amazing we've reached the level of cybersecurity where China has hacked so many US telecom companies that the US government is now recommending the general public uses end-to-end encrypted messaging (something they spent the last 10+ years trying to ban "because terrorism").

What is an API attack and how does it work To protect your organization from an API attack, you should know what APIs are and how threat actors use them to steal data.

Let's talk about #APIsecurity. As orgs integrate more applications, they add more #APIs, making API #security both more important and more challenging. 👀

Do you need help with API security? We've got you covered! Learn more.👇

graylog.org/post/what-is... #cybersecurity #infosec

Due to U.S. telco networks being compromised, today CISA is recommending:
1. Use only end-to-end encrypted communications
2. Enable Fast Identity Online (FIDO) phishing-resistant authentication
3. Migrate away from SMS-based MFA
4. Use a password manager to store all passwords

YouTube video by Trino Virtual view hiearchies with Trino

The video from my Trino Summit talk on virtual views is now available: youtu.be/z8eh_3vBpvg

Runbooks need to be copy-and-paste, not read-and-interpret

This is for real, US telecom companies already working to clean up compromised systems.

The speaker is Jen Easterly, who's very much the real deal.

#CyberCivilDefense

API calls are a native tongue for bad bots. For all of the legit fear around AIs attacking online businesses and infrastructure, there isn't enough acknowledgment that APIs are an obvious entry point for those malicious AIs. #apisecurity #cybersecurity