Fermin J. Serna

@fjserna

Citrix's CISO - Previously: Semmle's CSO, Google's Head of Product Security, MSFT, entrepreneur. All opinions my own.

Washington, USA
linkedin.com/in/fjserna/
Joined December 2007
23 Photos and videos Photos and videos

Tweets

You blocked @fjserna

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @fjserna

  1. Retweeted
    May 6

    "Our goal is for every CVE in OSS that gets found that could be generalized, we create a CodeQL query that will cover that. Instead of manually fixing bugs one at a time, we can eradicate whole categories of vulnerabilities across software"

    2 replies 22 retweets 74 likes
    Undo
  2. Retweeted
    May 4

    With the MITRE results recently published, and I got motivated into having some fun with offensive techniques as part of some Spooler/Fax research. We just published "Faxhell" on GitHub at with a blog up at Enjoy!

    10 replies 184 retweets 398 likes
    Show this thread
    Show this thread
    Undo
  3. May 4

    Citrix keeps hiring for our security team. SOC, IR, Red Team, security architecture, ... roles. We even now are hiring in Madrid, Spain apart from US, India, Costa Rica, ... Apply at

    6 retweets 13 likes
    Undo
  4. Apr 15

    Very interesting podcast! Thanks Jaime for the mention. Good old times with !Hispahack (2nd epoch)... I still run the domain with a good amount of good stories including 1999 exploits I wrote back then...

    🎙 A new podcast is out 🎙
    1 reply 2 retweets 15 likes
    Undo
  5. Apr 12

    Thank you for the insane amount and transparency! Respect.

    I’m moving $1B of my Square equity (~28% of my wealth) to LLC to fund global COVID-19 relief. After we disarm this pandemic, the focus will shift to girl’s health and education, and UBI. It will operate transparently, all flows tracked here:
    Show this thread
    3 likes
    Undo
  6. Apr 8

    Not only very smart on to build the CSO council but, if executed, correctly the product itself will lead to gain the trust with tangible security improvements. Good move to have and other strong folks as advisors.

    6 retweets 35 likes
    Undo
  7. Mar 22

    Listen to ! this conference was great last year and they treat speakers so well...

    H2HC 17th Edition Call for Papers Officially Open (Conference in the end of October)! We cover speaker's travel to Brazil. Come and be a part of the oldest security research conference in Latin America. CFP page:
    3 likes
    Undo
  8. Mar 15

    And this!

    This Tweet is unavailable.
    Undo
  9. Mar 15

    This!

    This Tweet is unavailable.
    2 likes
    Undo
  10. Mar 15

    Entiendo que (relacionada con el independentismo catalán) se refiere a su admiración por la gran ciudad que Madrid es. Entiendo que no es tan mala persona como nos esta obligando a pensar. Demos el beneficio de la duda, aunque sea muy difícil.

    2 replies 1 retweet 16 likes
    Undo
  11. Feb 20

    Sometimes quite accurate... but I would add... "with the devil poking you with the pitchfork!" But very rewarding when things work out :)

    Paging
    3 replies 1 retweet 25 likes
    Undo
  12. Feb 14

    Some teams are red Some teams are blue Join Security We are waiting for you!

    1 reply 28 retweets 42 likes
    Undo
  13. Jan 24

    We just released v1.1 of our IOC scanning tool for CVE-2019-19781 reducing false positives. Check it out...

    Citrix and FireEye Mandiant release version 1.1 of the IOC Scanner for . The update improves detection logic, enhances IOC intelligence, and reduces false positive results.
    1 reply 19 retweets 34 likes
    Undo
  14. Retweeted
    Jan 22

    Citrix and FireEye have joined forces and developed a tool that scans your Citrix ADC/Gateway servers and tells you if there's any evidence of compromise (via the CVE-2019-19781 vulnerability)

    55 retweets 71 likes
    Undo
  15. Jan 22

    Ha! did not develop the tool but provided some ideas :) CISOs need to stay technical too for making good decisions around risk management

    You know a CISO rocks when he is sending commits in github to a DFIR tool to detect compromises in his company's products. I know, it wasn't probably him typing the code but... I wouldn't be surprised :-) Stay awesome !
    9 retweets 55 likes
    Undo
  16. Jan 19

    Good article from around CVE-2019-19781

    22 retweets 39 likes
    Undo
  17. Jan 19

    12.1 build 50.28 information is being misinterpreted heavily. If you applied ALL mitigations steps even as they were described Dec 17th you should be good. Mitigation was never incomplete. Two options 1) upgrade 50.28 and apply partial mitigation OR 2) apply full mitigation

    Confirmed version 12.1 workaround to mitigate the (CVE-2019-19781) doesn’t work 🤦🏻‍♂️if you have it you are…. 😱 thanks to for the clarification!
    1 reply 12 retweets 15 likes
    Undo
  18. Jan 19

    12.1 build 50.28 information is being misinterpreted heavily. If you applied ALL mitigations steps even as they were described Dec 17th you should be good. Mitigation was never incomplete. Two options 1) upgrade 50.28 and apply partial mitigation OR 2) apply full mitigation

    I created a simple flow-chart to assist in Citrix CVE-2019-19781 mitigation decision making. This is based on the latest information from and .
    26 retweets 32 likes
    Undo
  19. Jan 11

    We just published further information around the Citrix ADC/Gateway vulnerability with fix release dates. If I can recommend something, apply the mitigation ASAP if you have the management IP exposed and not firewall protected. It stops the attack on known vulnerable scenarios.

    Blog post from CISO about updates to the Citrix ADC, Citrix Gateway vulnerability -
    8 replies 80 retweets 124 likes
    Undo
  20. 26 Dec 2019

    My brother (attorney specialized in privacy, acquisitions and helping businesses raising funding/VC launched a podcast in Spanish (). Very interesting the first one with around his several entrepreneur endeavors.

    Diego Parrilla  - Vender tu empresa a un 🦄 Bienvenidos a este primer episodio de "Entre Amigos"
    1 reply 4 retweets 27 likes
    Undo

@fjserna hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·