@Hadess_security profile picture
HADESS @Hadess_security

Helping cybersecurity professionals navigate hidden opportunities, critical skills, and career growth with AI-powered intelligence.

Joined June 2020
  • Tweets 1,005
  • Following 1
  • Followers 3,875
354 Photos and videos
Cloud Security Engineer is not "DevOps plus a firewall." You write SCPs blocking rogue regions. You build Terraform modules with encryption guardrails. You hunt IMDS credential theft across 200 accounts. $90K to $300K . 33% growth through 2032. career.hadess.io/career-path…
1
1
3
2,856
The real daily work nobody talks about: - OPA/Rego policies for K8s admission control - IAM permission boundaries that don't break CI/CD - CSPM rules catching public RDS snapshots pre-deploy - Lambda auto-remediation on GuardDuty findings - Cross-account AssumeRole audit at scale
1
1
166
Practice cloud security hands-on: hadess.io/games/devops-city/… hadess.io/games/devops-city/… hadess.io/games/cyber-monopo… hadess.io/games/cyber-monopo… #cloudsecurity #aws #azure #iam #kubernetes #infosec
1
120
HADESS@Hadess_security
Apr 8
DevOps City Your DevOps infrastructure is a city. Everything runs smooth until an incident hits. You're the mayor. Find what broke, fix it. This round: CI/CD pipeline security. hadess.io/games/devops-city/… #game #devops #cicd #devsecops
1
8
232
HADESS@Hadess_security
Apr 1
527,840 open cybersecurity positions. $159K average salary. 25 roles tracked weekly. Full report: lnkd.in/e5xsz4Zv Launch Your Tech Career Today: career.hadess.io #cybersecurity #infosec #careerdevelopment #cybersecuritycareers
3
267
HADESS@Hadess_security
Mar 30
The 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝗻𝗮𝗹𝘆𝘀𝘁 career path requires more than 30 technical skills and more than 5 soft skills. Launch Your Tech Career Today → career.hadess.io #cybersecurity #infosec #securityanalyst #job #SOC #threatdetection #cybersecuritycareers
1
3
213
HADESS@Hadess_security
Mar 24
Stop Googling cybersecurity skills. 499 infosec skills, structured paths, career mapping; all in one place. This is how you actually learn. career.hadess.io #infosec #job #career
1:00
1
1
16
2,394
HADESS@Hadess_security
Mar 16
Senior Platform Security Engineer role in Berlin Let's mapping them to the skills, career paths, certifications, and hands-on practice that actually get you hired Platform Security Engineer Career Path: career.hadess.io/career-path… #job #hiring #interview #cloud #aws #platform
20
5,407
HADESS@Hadess_security
Mar 13
Continuous Delivery Security Labs 2026 open.substack.com/pub/devsec… 🔥 Start engineering your career → career.hadess.io #githubactions #argocd #devsecops #devops #cd #github
3
24
378
HADESS@Hadess_security
Mar 10
Cybersecurity Career Coach that Turns Rookies into Pros. After 7 years creating content and collaborating with top security engineers & researchers, we've seen the same gaps over and over: How to actually start and How to keep growing we built: career.hadess.io #job
2
1
3
184
HADESS retweeted
Hazard Lab@thehazardlab
23 Dec 2025
CVE-2025-9959: smolagents Python Sandbox Escape hazardlab.substack.com/publi… Python sandbox implementations often focus on blocking dangerous attribute access patterns like `obj.__class__` but forget that the same introspection is achievable through method invocation. #python #cve
3
7
1,100
𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 𝗥𝗲𝗮𝗹‐𝗧𝗶𝗺𝗲 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻 — 𝗔𝘁𝘁𝗮𝗰𝗸 & 𝗗𝗲𝗳𝗲𝗻𝘀𝗲 𝗣𝗹𝗮𝘆𝗯𝗼𝗼𝗸 open.substack.com/pub/devsec… Donald 👱‍♂️, a developer and chaos wrangler, watched PacketPete, our mischievous red-teamer, go wild on his real-time stack 👇
1
3
6
344
more replies
WebRTC STUN Amplification Attack
1
3
185
Blocked QUIC → insecure fallback risk
2
162
HADESS@Hadess_security
17 Sep 2025
𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 - 𝗘𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗙𝗶𝗹𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 open.substack.com/pub/devsec… Syd, a senior Spring developer, trusted her file upload service with basic extension validation. "Only .pdf and .jpg files allowed," she thought. #appsec #devsecops
3
10
417
Secure by Design Frontend Security open.substack.com/pub/devsec… Imagine Frontend used dangerouslySetInnerHTML to render user comments without sanitization. An attacker crafted malicious JavaScript that stole authentication tokens from other users' browsers. Learn more 👇
1
3
6
427
more replies
🔴 CSRF Protection Framework State-changing requests → token validation bypass → double-submit cookies → SameSite enforcement.
1
1
128
🔴 DOM Clobbering Prevention Property injection attacks → namespace pollution → input validation → prototype pollution guards.
1
125
Load more