🛡️Found this fake badge I created during a social engineering engagement many years ago.

(Yes, they did let me on the premise. I also made it into the server room.)

🛡️ I posted a work update.

🛡️ just received a legal briefing on EO 14117. Monumental impact if it continues to stand.

Will change how programs operate, and introduces penalties 10x higher (cf. HIPAA).

🔗🛡️

The world found out shortly before 2 p.m. eastern time on March 15 that the United States was bombing Houthi targets across Yemen. I, however, knew two hours before the first bombs exploded that the attack might be coming. The reason I knew this is that Pete Hegseth, the secretary of defense, had texted me the war plan at 11:44 a.m. The plan included precise information about weapons packages, targets, and timing. This is going to require some explaining.

OpSec in the modern era

🛡️ The final big project at my last org was a Wiz implementation for 1k+ cloud accounts.

It was an excellent solution, especially at our scale.

Yet, I’m still slightly-stunned by the $32B purchase price.

I do wonder what it means for ongoing support for non-GCP clouds.

🎙️🛡️ Interesting conversation on Risky Biz comparing TikTok and X.

I would disagree that there isn’t already influence in TikTok 1, but it is certainly less flagrant than you see on X.

  1. All algorithmically-controlled feeds reflect the biases of their creators, owners, and governors. ↩︎

🛡️ An iCloud Backdoor Would Make Our Phones Less Safe

A technical means of access can’t be limited to only people with proper legal authority.

🛡️ In case you needed another reason to use Signal:

Elon Musk’s X blocks links to Signal, the encrypted messaging service: werd.io

🛡️ Trying something new:

I wrote a roundup of some of my professional connections this week.

🛡️ I can confirm this analysis from lcamtuf: How security teams fail

It’s relevant to why I put so much emphasis on cybersecurity strategy, principles, and communications.