00:00 Intro

00:44 Sounil's RSA Innovation Sandbox experience

5:00 5% staffing cuts at Crowdstrike, AI cited as a factor

16:00 Trump picks private sector veteran as Pentagon CIO

32:41 Messaging app used by Trump official suspends operations after reported hack

49:52 An open letter to third-party suppliers

59:32 Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support

1:04:42 Discussion: delivering secret keys stored in PDFs for password managers

Stories

5% staffing cuts at Crowdstrike, AI cited as a factor

CrowdStrike is laying off 5% of its workforce, citing AI-driven changes in industry operations as a driving factor.

https://www.cnbc.com/2025/05/07/crowdstrike-announces-5percent-job-cuts-says-ai-reshaping-every-industry.html

Trump picks private sector veteran as Pentagon CIO

Former President Trump has nominated a private-sector executive to serve as the new Chief Information Officer for the Department of Defense.

https://therecord.media/trump-picks-private-sector-veteran-for-dod-cio-position

Messaging app used by Trump official suspends operations after reported hack

A secure messaging app used by a Trump official has suspended service following a reported cyberattack.

https://www.cnbc.com/2025/05/05/signal-telemessage-hack-trump-waltz.html

An open letter to third-party suppliers

JPMorgan has issued an open letter urging its third-party suppliers to prioritize stronger cybersecurity and operational resilience.

https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliers

Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support

Microsoft is now enabling passkeys by default for new accounts, expanding passwordless access to over 15 billion users.

https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html

00:00 Intro

00:31 RSA conference

14:38 Verizon's 2025 DBIR report

37:55 Security of "Sign in with Google/Microsoft"

1:02:50 China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents

RSA Links:

Innovation Sandbox: https://www.rsaconference.com/usa/programs/innovation-sandbox

Professional Association of CISOs: https://theciso.org/

Pitch for Charity: https://www.okta.com/newsroom/press-releases/pitch-for-charity/

Verizon's 2025 Data Breach Investigations Report

This year's Verizon DBIR (Data Breach Investigations Report) has been released, which covers the latest techniques that lead to incidents and breaches.

Reference: https://www.verizon.com/business/resources/reports/dbir

China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents

"China accused the United States National Security Agency (NSA) on Tuesday of launching 'advanced' cyberattacks during the Asian Winter Games in February, targeting essential industries."

Reference: https://www.reuters.com/technology/cybersecurity/chinas-harbin-says-us-launched-advanced-cyber-attacks-winter-games-2025-04-15/

⬇️ See below for timestamps/summaries/references for each topic

00:00 Highlight/theme

23:05 Intro

06:56 White House revokes Chris Krebs and SentinelOne's security clearances

16:55 How Jeffrey Goldberg got added to the White House Signal group chat

26:48 DOGE staffer provided tech support to cybercrime ring

39:29 China Acknowledged Role in U.S. Infra Hacks

51:56 Oracle under fire for its handling of security incidents

54:51 Hackers Spied on 100 US Bank Regulators’ Emails for Over a Year

Fact Sheet: President Donald J. Trump Addresses Risks from Chris Krebs and Government Censorship

President Trump has revoked the security clearance of Chris Krebs and his associates, citing concerns over Krebs’ alleged misuse of authority at CISA.

Reference: https://www.whitehouse.gov/fact-sheets/2025/04/fact-sheet-president-donald-j-trump-addresses-risks-from-chris-krebs-and-government-censorship/

How the Atlantic’s Jeffrey Goldberg got added to the White House Signal group chat

An internal investigation revealed that Mike Waltz accidentally added Atlantic editor Jeffrey Goldberg to a Signal group chat discussing classified military plans due to a months-old contact-saving error.

Reference: https://www.theguardian.com/us-news/2025/apr/06/signal-group-chat-leak-how-it-happened

DOGE staffer 'Big Balls' provided tech support to cybercrime ring, records show

A member of DOGE previously provided network support to a cybercrime group through his company.

Reference: https://www.reuters.com/world/us/doge-staffer-big-balls-provided-tech-support-cybercrime-ring-records-show-2025-03-26/

In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks

​In a confidential meeting, Chinese officials tacitly acknowledged responsibility for a series of cyberattacks on U.S. critical infrastructure, including ports, water utilities, and airports.

Reference: https://www.wsj.com/politics/national-security/in-secret-meeting-china-acknowledged-role-in-u-s-infrastructure-hacks-c5ab37cb

Oracle Appears to Admit Breach of 2 'Obsolete' Servers

​Oracle has acknowledged that a hacker accessed two outdated servers containing encrypted or hashed credentials.

Reference: https://www.darkreading.com/cyberattacks-data-breaches/oracle-breach-2-obsolete-servers

Hackers Spied on 100 US Bank Regulators’ Emails for Over a Year

​Hackers infiltrated the email systems of over 100 U.S. bank regulators at the Office of the Comptroller of the Currency, accessing 150,000+ messages from 2023-2025.

Reference: https://www.bloomberg.com/news/articles/2025-04-08/hackers-spied-on-100-bank-regulators-emails-for-over-a-year

⬇️ See below for timestamps/summaries/references for each topic

00:00 Highlight/theme

00:28 Intro

02:15 Unicorn startup allegedly cultivated spy to steal trade secrets from competitor

18:19 Google Strikes $32 Billion Deal for Cybersecurity Startup Wiz

33:35 Trump Administration accidentally sends war plans to reporter via Signal

47:20 GitHub action supply chain attack

53:55 Oracle under fire for its handling of security incidents

Rippling Alleges Deel Cultivated Spy, Orchestrated Trade-Secret Theft Against Competitor

Rippling has filed a lawsuit alleging that $12 billion HR-tech company Deel orchestrated a months-long corporate espionage campaign involving a planted spy within Rippling.

Reference: https://www.rippling.com/blog/lawsuit-alleges-12-billion-unicorn-deel-cultivated-spy-orchestrated-long-running-trade-secret-theft-corporate-espionage-against-competitor

Google Strikes $32 Billion Deal for Cybersecurity Startup Wiz

Google has agreed to acquire cybersecurity startup Wiz for $32 billion in cash, marking its largest acquisition ever and the biggest tech deal of 2025 so far.

Reference: https://www.wsj.com/business/deals/alphabet-back-in-deal-talks-for-cybersecurity-startup-wiz-41cd3090?st=uQ8bmN&reflink=article_copyURL_share

The Trump Administration Accidentally Texted Me Its War Plans

In the article, journalist Jeffrey Goldberg reveals that he was accidentally included in a Signal group chat by senior members of the Trump administration—specifically Pete Hegseth, the Secretary of Defense—who shared detailed plans for a military strike on Houthi targets in Yemen.

Reference: https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/

Supply Chain Attack on GitHub Action

Wiz discovered a supply chain attack on the GitHub Action reviewdog/action-setup@v1, likely leading to the compromise of tj-actions/changed-files, resulting in widespread CI secret leakage and highlighting the risks of unpinned actions.

Reference: https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup

Oracle hacked

Oracle has informed clients of a second recent cybersecurity breach in which a hacker accessed an old system and stole customer log-in credentials, some of which date back to 2024, according to Bloomberg News.

Latest: https://www.reuters.com/technology/cybersecurity/oracle-tells-clients-second-recent-hack-log-in-data-stolen-bloomberg-news-2025-04-02/

⬇️ See below for timestamps/summaries/references for each topic

00:00 Highlight/theme

00:37 Intro

01:37 Malvertising campaign leads to info stealers hosted on GitHub

11:59 Wall Street is worried it can't keep up with AI-powered cybercriminals

24:02 What Really Happened With the DDoS Attacks That Took Down X

28:34 Bring-your-own-laptop policies

40:41 Are WAFs useful or are they just another TPRM box to check?

46:59 Is the CISO job market warming up?

Malvertising campaign leads to info stealers hosted on GitHub

Microsoft Threat Intelligence uncovered a large-scale malvertising campaign in December 2024, affecting nearly one million devices globally. The attack originated from illegal streaming sites embedding malvertising redirectors, which funneled users to GitHub-hosted malware, with additional payloads delivered via Discord and Dropbox. This multi-stage attack leveraged info stealers like Lumma and Doenerium, along with remote monitoring tools, using advanced evasion techniques to steal system and browser data while maintaining persistence on compromised devices.

📖 References: https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/

Wall Street is worried it can't keep up with AI-powered cybercriminals

A survey by Accenture found that 80% of bank cybersecurity executives believe generative AI is enabling cybercriminals faster than banks can respond. While banks invest billions in cybersecurity, they struggle to keep pace due to strict regulations and the rapid advancement of AI-powered scams that target customers, employees, and vendors. Cybercriminals exploit generative AI to craft sophisticated attacks, infiltrate supply chains, and identify vulnerabilities, making third-party risk a major concern for financial institutions.

📖 References: https://www.businessinsider.com/banks-ai-cybersecurity-threats-hackers-generative-ai-2025-3

What Really Happened With the DDoS Attacks That Took Down X

X experienced intermittent outages due to a series of DDoS attacks, which Elon Musk attributed to Ukrainian IP addresses, though cybersecurity experts argue that IP attribution alone is unreliable. Analysts suggest the attacks targeted improperly secured X origin servers, allowing a botnet of compromised cameras and DVRs to bypass Cloudflare protection. While a pro-Palestinian group claimed responsibility, experts emphasize that the attack’s true origin remains unclear due to the decentralized nature of botnets and the use of obfuscation techniques.

📖 References: https://www.wired.com/story/x-ddos-attack-march-2025/

00:00 Highlight

00:28 Intro

3:41 What's getting cut at CISA?

19:01 USCYBERCOM told to stop planning offensive attacks against Russia

27:54 ByBit hacked for $1.5B in cryptocurrency

40:01 CISO discussion: How to regain trust after a cyber breach

49:17 CISO discussion: Data security for GenAI tools

58:43 How to get the most out of RSA Conference

💰 Budget cuts hit CISA, and election security programs might be first on the chopping block. The team debates whether these cuts were expected, what they mean for cybersecurity, and whether some programs were outside CISA’s core mission in the first place.

Reference: https://www.scworld.com/perspective/a-sober-look-at-the-recent-cuts-at-cisa

⚔️ A sudden shift in cyber warfare strategy—USCYBERCOM has reportedly been asked to halt offensive cyber operations against Russia. The guys discuss what this means for national security, cyber deterrence, and whether it signals a political deal in the making.

Reference: https://www.nbcnews.com/politics/trump-administration/defense-secretary-pete-hegseth-orders-halt-offensive-cyber-operations-rcna194435

💸 A massive crypto heist exposes software supply chain vulnerabilities. North Korean attackers allegedly compromised a JavaScript library to drain $1.5 billion. The team breaks down what happened, what it means for the future of crypto security, and whether cybercriminals will use the same techniques elsewhere.

Reference: https://docsend.com/view/s/rmdi832mpt8u93s7

🔄 When a company gets hacked, how do CISOs rebuild trust? The conversation explores the difference between trust and transparency, why some companies handle breaches better than others, and what lessons CISOs can learn from past incidents.

Reference: https://www.csoonline.com/article/3825447/how-cisos-can-rebuild-trust-after-a-security-incident.html

🤖 GenAI tools want access to everything—but should security teams allow it? The team debates whether CISOs should fight the inevitable, or if they should negotiate smarter ways to control AI access while still allowing business teams to benefit.

🎟️ RSA Conference survival guide! How do you maximize networking, avoid vendor overload, and make sure the week is productive?

⬇️ See below for timestamps/summaries/references for each topic

00:00 Highlight/theme

00:37 Intro

1:21 Hitch Partners survey of CISOs

13:34 Dangling S3 buckets

24:35 Update on Cybersecurity Innovation Executive Order

32:58 Cyber stocks - NET and CRWD at all-time highs

44:07 Okta lays off 180 employees, including security engineers

55:47 Is anyone actually doing TLS inspection?

1:03:21 Is a SOC2 certificate enough to pass TPRM?

Hitch Partners survey of CISOs

The 2025 CISO Security Leadership Survey by Hitch Partners highlights key trends in CISO compensation, reporting structures, and industry disparities. Public company CISOs see higher cash compensation and equity growth, with a 6.1% increase year-over-year, while private company CISOs face tighter financial conditions and fewer benefits like D&O insurance. CISOs in larger organizations are less likely to report directly to the CEO, instead aligning with CIOs as company size increases. Compliance, business impact, and ROI are the top budget justification factors, and signing bonuses are more common in public companies. With an average tenure of 39 months, organizations looking to attract top security leaders must focus on competitive compensation, equity incentives, and comprehensive protections.

📖 References: https://www.hitchpartners.com/ciso-security-leadership-survey-results-25

Dangling S3 buckets

watchTowr Labs detailed how they identified approximately 150 abandoned Amazon S3 buckets previously utilized by various organizations, including governments and cybersecurity firms. Upon registering these buckets, they monitored over 8 million HTTP requests within two months, revealing ongoing attempts to access software updates, binaries, and other critical resources.

📖 References: https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/

Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity The outgoing Biden administration issues an executive order aimed at enhancing cybersecurity innovation in the U.S. The order focuses on strengthening national cybersecurity infrastructure, promoting technological advancements, and ensuring robust defenses against cyber threats.

📖 References: https://web.archive.org/web/20250119001804/https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/

Layoffs at Okta

On February 4, 2025, Okta, a U.S. access and identity management company, laid off 180 employees, marking its second workforce reduction in just over a year. This follows a previous layoff of approximately 400 employees in February 2024. The Enterprise Security team was affected.

📖 References: https://techcrunch.com/2025/02/04/okta-lays-off-180-employees-nearly-one-year-after-last-workforce-reduction/

⬇️ See below for timestamps/summaries/references for each topic

00:00 Intro

01:33 Biden's Executive Order on Cyber Security

05:18 Cyber policy wishlist

21:30 TikTok and RedNote

29:36 Marsh's report on cyber insurance

49:21 Do CISOs need to be highly technical?

Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity The outgoing Biden administration issues an executive order aimed at enhancing cybersecurity innovation in the U.S. The order focuses on strengthening national cybersecurity infrastructure, promoting technological advancements, and ensuring robust defenses against cyber threats.

📖 References: https://web.archive.org/web/20250119001804/https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/

TikTok Refugees Flock to China’s RedNote Amid U.S. Ban Concerns Following increased scrutiny and potential bans on TikTok in the U.S., over half a million users migrate to China’s RedNote platform. This shift highlights growing concerns over data privacy, national security, and the geopolitical tensions surrounding Chinese-owned apps.

📖 References: https://www.reuters.com/technology/over-half-million-tiktok-refugees-flock-chinas-rednote-2025-01-14/

Using Cybersecurity Analytics to Prioritize Cybersecurity Investments This article by Marsh explores how organizations can leverage cybersecurity analytics to make informed decisions about where to allocate resources for maximum impact. By analyzing data on threats, vulnerabilities, and past incidents, businesses can prioritize investments in areas that will most effectively reduce risk and enhance their overall security posture.

📖 References: https://www.marsh.com/en/services/cyber-risk/insights/using-cybersecurity-analytics-to-prioritize-cybersecurity-investments.html

No, you probably don't need a technical CISO An article argues that organizations may not necessarily require a highly technical Chief Information Security Officer (CISO). Instead, it emphasizes the importance of leadership, strategic thinking, and the ability to manage risk effectively in the role. 📖 References: https://www.linkedin.com/pulse/you-probably-dont-need-technical-ciso-shaun-marion-u0pmc