00:00 Intro

00:44 Sounil's RSA Innovation Sandbox experience

5:00 5% staffing cuts at Crowdstrike, AI cited as a factor

16:00 Trump picks private sector veteran as Pentagon CIO

32:41 Messaging app used by Trump official suspends operations after reported hack

49:52 An open letter to third-party suppliers

59:32 Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support

1:04:42 Discussion: delivering secret keys stored in PDFs for password managers

Stories

5% staffing cuts at Crowdstrike, AI cited as a factor

CrowdStrike is laying off 5% of its workforce, citing AI-driven changes in industry operations as a driving factor.

https://www.cnbc.com/2025/05/07/crowdstrike-announces-5percent-job-cuts-says-ai-reshaping-every-industry.html

Trump picks private sector veteran as Pentagon CIO

Former President Trump has nominated a private-sector executive to serve as the new Chief Information Officer for the Department of Defense.

https://therecord.media/trump-picks-private-sector-veteran-for-dod-cio-position

Messaging app used by Trump official suspends operations after reported hack

A secure messaging app used by a Trump official has suspended service following a reported cyberattack.

https://www.cnbc.com/2025/05/05/signal-telemessage-hack-trump-waltz.html

An open letter to third-party suppliers

JPMorgan has issued an open letter urging its third-party suppliers to prioritize stronger cybersecurity and operational resilience.

https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliers

Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support

Microsoft is now enabling passkeys by default for new accounts, expanding passwordless access to over 15 billion users.

https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html

00:00 Intro

00:31 RSA conference

14:38 Verizon's 2025 DBIR report

37:55 Security of "Sign in with Google/Microsoft"

1:02:50 China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents

RSA Links:

Innovation Sandbox: https://www.rsaconference.com/usa/programs/innovation-sandbox

Professional Association of CISOs: https://theciso.org/

Pitch for Charity: https://www.okta.com/newsroom/press-releases/pitch-for-charity/

Verizon's 2025 Data Breach Investigations Report

This year's Verizon DBIR (Data Breach Investigations Report) has been released, which covers the latest techniques that lead to incidents and breaches.

Reference: https://www.verizon.com/business/resources/reports/dbir

China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents

"China accused the United States National Security Agency (NSA) on Tuesday of launching 'advanced' cyberattacks during the Asian Winter Games in February, targeting essential industries."

Reference: https://www.reuters.com/technology/cybersecurity/chinas-harbin-says-us-launched-advanced-cyber-attacks-winter-games-2025-04-15/

⬇️ See below for timestamps/summaries/references for each topic

00:00 Highlight/theme

23:05 Intro

06:56 White House revokes Chris Krebs and SentinelOne's security clearances

16:55 How Jeffrey Goldberg got added to the White House Signal group chat

26:48 DOGE staffer provided tech support to cybercrime ring

39:29 China Acknowledged Role in U.S. Infra Hacks

51:56 Oracle under fire for its handling of security incidents

54:51 Hackers Spied on 100 US Bank Regulators’ Emails for Over a Year

Fact Sheet: President Donald J. Trump Addresses Risks from Chris Krebs and Government Censorship

President Trump has revoked the security clearance of Chris Krebs and his associates, citing concerns over Krebs’ alleged misuse of authority at CISA.

Reference: https://www.whitehouse.gov/fact-sheets/2025/04/fact-sheet-president-donald-j-trump-addresses-risks-from-chris-krebs-and-government-censorship/

How the Atlantic’s Jeffrey Goldberg got added to the White House Signal group chat

An internal investigation revealed that Mike Waltz accidentally added Atlantic editor Jeffrey Goldberg to a Signal group chat discussing classified military plans due to a months-old contact-saving error.

Reference: https://www.theguardian.com/us-news/2025/apr/06/signal-group-chat-leak-how-it-happened

DOGE staffer 'Big Balls' provided tech support to cybercrime ring, records show

A member of DOGE previously provided network support to a cybercrime group through his company.

Reference: https://www.reuters.com/world/us/doge-staffer-big-balls-provided-tech-support-cybercrime-ring-records-show-2025-03-26/

In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks

​In a confidential meeting, Chinese officials tacitly acknowledged responsibility for a series of cyberattacks on U.S. critical infrastructure, including ports, water utilities, and airports.

Reference: https://www.wsj.com/politics/national-security/in-secret-meeting-china-acknowledged-role-in-u-s-infrastructure-hacks-c5ab37cb

Oracle Appears to Admit Breach of 2 'Obsolete' Servers

​Oracle has acknowledged that a hacker accessed two outdated servers containing encrypted or hashed credentials.

Reference: https://www.darkreading.com/cyberattacks-data-breaches/oracle-breach-2-obsolete-servers

Hackers Spied on 100 US Bank Regulators’ Emails for Over a Year

​Hackers infiltrated the email systems of over 100 U.S. bank regulators at the Office of the Comptroller of the Currency, accessing 150,000+ messages from 2023-2025.

Reference: https://www.bloomberg.com/news/articles/2025-04-08/hackers-spied-on-100-bank-regulators-emails-for-over-a-year