content(opsec): endpoint security tiers and DPRK liveness verification#400
Open
artemisclaw82 wants to merge 9 commits intosecurity-alliance:developfrom
Open
content(opsec): endpoint security tiers and DPRK liveness verification#400artemisclaw82 wants to merge 9 commits intosecurity-alliance:developfrom
artemisclaw82 wants to merge 9 commits intosecurity-alliance:developfrom
Conversation
artemisclaw82
force-pushed
the
content/workforce-verification
branch
from
111d872 to
6203ca9
Compare
Sidebar Configuration ReminderDocumentation files update: New in this push:
Please ensure that:
See Contributing Guide – Sidebar & Navigation for more details. This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message. |
…boarding Adds workforce security content from Andrew Chang-Gu (CISSP) presentation: - 3-level identity verification framework (pseudonymous → verified → privileged) - Anti-deepfake liveness techniques for video interviews - Hardened onboarding sequence (identity → environment → scoped access) - Instant offboarding procedure (IdP → sessions → secrets → hardware → audit)
artemisclaw82
force-pushed
the
content/workforce-verification
branch
from
6203ca9 to
54a8287
Compare
Author
|
Updated — PR now only touches the DPRK mitigation page (1 file, 58 lines added). Device security tiers saved for a follow-up after PR #381 merges (the secure OS file only exists there). |
- Remove Hardened Onboarding section (duplicates existing 'Hardening your organization') - Remove Instant Offboarding section (duplicates existing 'I hired a DPRK IT Worker') - Trim Liveness Verification intro (cross-reference TTP page instead of restating) - Add cumulative tier checks (Level 2 includes Level 1, Level 3 includes Level 2) - Add Device Security Tiers section (Managed Devices, VDI, Enterprise Browser) moved from secure-operating-systems PR to keep all Andrew content together Co-authored-by: Dickson Wu <dicksonwu654@users.noreply.github.com>
Device provisioning tiers (Managed Devices, VDI, Enterprise Browser) are general organizational security guidance, not DPRK-specific. Move from the DPRK mitigation page to the Endpoint Security page where it belongs. Replaces the placeholder content with a full page including a comparison table and cross-references to related sections. Co-authored-by: Dickson Wu <dicksonwu654@users.noreply.github.com>
DicksonWu654
suggested changes
Mar 1, 2026
Collaborator
|
Let's update the name of the PR plz |
DicksonWu654
suggested changes
Mar 2, 2026
Per review: removed 'Defeating Deepfakes' section and 'periodic re-verification' bullet from mitigating page. Moved liveness content to TTP page under 'Am I Interviewing' section where it contextually belongs.
Sidebar Configuration ReminderDocumentation files update: New in this push:
Please ensure that:
See Contributing Guide – Sidebar & Navigation for more details. This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message. |
artemisclaw82
changed the title
Remove unrelated config index and endpoint overview changes so this PR only includes DPRK mitigation/TTP updates from review feedback.
Per review: removed '### Tiered Identity Verification' section from mitigating page. Restored endpoint/overview.mdx with device security tiers and attribution.
Collaborator
|
update title and description |
DicksonWu654
suggested changes
Mar 2, 2026
artemisclaw82
changed the title
…endpoint overview Per review: removed andrew-chang-gu contributed attribution from DPRK mitigating page. Replaced all emoji markers (✅⚠️ 🔑💡❌) with plain text in endpoint overview.
Collaborator
|
plz undraft now! |
built with Refined Cloudflare Pages Action⚡ Cloudflare Pages Deployment
|
scode2277
reviewed
Mar 3, 2026
scode2277
reviewed
Mar 3, 2026
scode2277
reviewed
Mar 3, 2026
scode2277
reviewed
Mar 3, 2026
scode2277
reviewed
Mar 4, 2026
Comment on lines
+697
to
+708
| "andrew-chang-gu": { | ||
| "slug": "andrew-chang-gu", | ||
| "name": "Andrew Chang-Gu", | ||
| "avatar": "https://avatars.githubusercontent.com/andrew-chang-gu", | ||
| "github": "", | ||
| "twitter": "", | ||
| "website": "", | ||
| "company": "", | ||
| "job_title": "", | ||
| "role": "contributor", | ||
| "description": "", | ||
| "badges": [] |
Collaborator
There was a problem hiding this comment.
Please revert all the indentation updates regarding the other users + @DicksonWu654 what is the actual github username of Andrew? The user added doesn't seem to exist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes:
opsec/endpoint/overview.mdx): Device provisioning tiers (managed devices, VDI, enterprise browsers) for Web3 organizations, with role-based recommendations and comparison table.techniques-tactics-and-procedures.mdx): Added deepfake detection techniques (head turn, random phrase, hand movement, live screen-share) under the 'Am I Interviewing a DPRK IT Worker?' section.mitigating-dprk-it-workers.mdx): Removed contributed role that didn't apply.Authors: @DicksonWu654, @andrew-chang-gu