๐Ÿ›ก๏ธ just received a legal briefing on EO 14117. Monumental impact if it continues to stand.

Will change how programs operate, and introduces penalties 10x higher (cf. HIPAA).

๐Ÿ”—๐Ÿ›ก๏ธ

The world found out shortly before 2 p.m. eastern time on March 15 that the United States was bombing Houthi targets across Yemen. I, however, knew two hours before the first bombs exploded that the attack might be coming. The reason I knew this is that Pete Hegseth, the secretary of defense, had texted me the war plan at 11:44 a.m. The plan included precise information about weapons packages, targets, and timing. This is going to require some explaining.

OpSec in the modern era

๐Ÿ›ก๏ธ The final big project at my last org was a Wiz implementation for 1k+ cloud accounts.

It was an excellent solution, especially at our scale.

Yet, I’m still slightly-stunned by the $32B purchase price.

I do wonder what it means for ongoing support for non-GCP clouds.

๐ŸŽ™๏ธ๐Ÿ›ก๏ธ Interesting conversation on Risky Biz comparing TikTok and X.

I would disagree that there isnโ€™t already influence in TikTok 1, but it is certainly less flagrant than you see on X.


  1. All algorithmically-controlled feeds reflect the biases of their creators, owners, and governors. ↩︎

๐Ÿ›ก๏ธ An iCloud Backdoor Would Make Our Phones Less Safe

A technical means of access canโ€™t be limited to only people with proper legal authority.

๐Ÿ›ก๏ธ In case you needed another reason to use Signal:

Elon Muskโ€™s X blocks links to Signal, the encrypted messaging service: werd.io

๐Ÿ›ก๏ธ Trying something new:

I wrote a roundup of some of my professional connections this week.

๐Ÿ›ก๏ธ I can confirm this analysis from lcamtuf: How security teams fail

It’s relevant to why I put so much emphasis on cybersecurity strategy, principles, and communications.

Two years ago:

Iโ€™ve been staying with my Mom while she recovers from surgery, and sheโ€™s been watching the news. It is 99% propaganda, vapid, or irrelevant. Makes me want to go into news.

๐Ÿ”’ Still true! If you are doing something in journalism and need cybersecurity help, please let me know!

๐ŸŽ™๏ธ๐Ÿ”’ Tomorrow Iโ€™m recording for the eXecutive Security Podcast.

My bar for podcasts:

โ€œIs this a better use of my time than an audiobook?โ€

So I take this pretty seriously. Hopefully weโ€™ll make it worth your listening time.