Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

News Insights: Does X Mark a Target? with Trevin Edgeworth, Director of Red Team

In light of the recent security breaches involving Bitcoin and SEC’s X account, our Red Team Practice Director, Trevin Edgeworth, analyzes the role of fluctuating security programs in these incidents. He discusses how attackers exploit confusion, communication gaps, and vague policies, and identifies weak points in shared security responsibility.

No stranger to volatility, Bitcoin lost $50B in market cap last week because of a false message from the SEC’s X (formerly Twitter) account that had been compromised. It followed closely on the heels of the compromise of Mandiant’s X account by cryptocurrency thieves. Following investigations, Both X and Mandiant issued statements that in both cases, the recommendation of two factor authentication (2FA) was not being followed at the time of compromise.

The situation would seem cut and dry, except for a number of factors regarding the security dynamics at X – from whistleblower accusations to changes in security options and policies – since its acquisition by Elon Musk. Even Mandiant’s statement includes a vague reference that, “...due to some team transitions and a change in X's 2FA policy, we were not adequately protected…"

While many are debating the imperative for, and implementation of 2FA we thought we’d take a step back and ask our Red Team Practice Director Trevin Edgeworth how Red Teamers view security programs in flux. Whether intentional changes such as M&A or leadership transition, to general uncertainty and confusion brought on by technology failures or adjacent breaches, how could an attacker prey on the confusion, miscommunication, or general lack of clarity. Additionally, where are the weakest points in the shared security responsibility between service providers and customers that need to be addressed?

Trevin Edgeworth

About the author, Trevin Edgeworth

Red Team Practice Director

Trevin Edgeworth is the Red Team Practice Director at Bishop Fox, where he focuses on building and leading best-in-class adversary emulation services to help customers of all sizes and industries strengthen their defenses against current and emerging threats.

Trevin has over 20 years of security experience; he has built and overseen red team programs for several Fortune 500 companies, including American Express, Capital One Financial, and Symantec Corporation. Other accomplishments include leading a security organization as Chief Security Officer (CSO) for a major security company. Trevin has led a variety of security functions in his career, including cyber threat intelligence, hunt, deception, insider threat, and others.

Trevin is an active member of the security community. He has presented at several industry conferences and been interviewed by leading publications on topics such as red teaming and threat intelligence.

More by Trevin

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.