On the subject of personal security, I recommend a realistic look at your threat model, but also don't over do it at the risk of not living your life to the fullest. I venture to say a lot of people over do it in this regard.

🧑‍🎓 Burnout is a common challenge in cyber security and technology. This insightful presentation by Matt Linton and Johan Berggren discusses strategies for identifying, overcoming, and protecting yourself and your team from it.
#burnout #cyber #mentalhealth
buff.ly/3JjF2IB

Ok folks, this is huge. Go watch Matt Linton and Johan Berggren.

When they talk about burnout, they are experts, because they:

a) observe many many different teams including our own team at constant risk of burnout

and
...

Big shout out to my colleague Heather Adkins - Ꜻ - Spes consilium non est for being recognized w/ the Baldrige Foundation Foundation Award for Leadership Excellence in Cybersecurity: baldrigefoundation.org/news-resources…

Thanks for your 20+ years of tireless work defending Google from all the threats! 👏🔐💪🙏

I just posted the slides from my Tampa BSides (link) training session for 'Chef's tour of the Security Adoption Framework (SAF)'

This session covers why organizations need to approach security with an end to end security approach and follow Zero Trust principles.
(1 of 2)

1. What are the ethical and societal implications of advanced AI assistants? What might change in a world with more agentic AI?

Our new paper explores these questions:
storage.googleapis.com/deepmind-media…

It’s the result of a one year research collaboration involving 50+ researchers… a🧵

Cloud CISO Perspectives blog for mid April '24 is up, covering:

- 20 major security announcements from Next ‘24
- Real secure enterprise browsing
- Gemini/AI for security
- IAM principal access boundaries
- What’s so spiffy about SPIFFE
- and more.....

cloud.google.com/blog/products/…

The Open Source Problem: cybersecpolitics.blogspot.com/2024/04/the-op…

There’s a role for everyone.

'Our Security of AI Papers and Blogs Explained' blog curates Office of the CISO papers on AI security! google.smh.re/3xFl

AWS's CISO throwin' bombs😄:

David O'Brien (he/him) We keep neglecting boring but necessary practices and engagement with other stakeholders while focusing on shiny new things. Too much AI, not enough “Actual Involvement”.

The state of cloud security feels depressing.
People seem to be talking big game, but in reality orgs get hit daily through exposed services, weak or no authentication on public services, or similarly preventable situations.

What are we doing?!

Kudos to Google Project Zero's j00ru//vx who published new research today detailing his audit of the Windows Registry which includes 50 CVEs: googleprojectzero.blogspot.com/2024/04/the-wi…

The AT&T breach includes social security numbers. Just got notified that my social was in the breach data. Lock your credit reports its easy and free.

Some people have asked me why organizations would pay for pentests if they didn't want to know where vulnerabilities are.

Once upon a time I had that innocence too. 😆

A variant/corollary of this:

A security weakness present on the external perimeter of an organization (whether you're talking traditional network perimeter, cloud storage object ACLs, whatever) pretty reliably means you'll find a lot more rot inside.

This is one key reason security culture and strong business execution processes/procedures are both so important.
You can have Defense-in-Depth in place on an architectural design document but if you have holes shot through every layer it might well not matter very much.

Dr. Anton Chuvakin We’ve been talking about Cloud Security needing nuance about where emphasis is: Cloud, or Security. This kind of market dynamic, if it indeed goes through, is an indication of how Security > Cloud.

John Speed Meyers and Paul Gibert of Chainguard ⛓️ analyze three common beliefs that have shaped the debate over liability for open-source software. lawfaremedia.org/article/questi…