What caught my attention this week?

On Threat Vector This Week: The Dangers From Cloud Misconfigurations

This week on Threat Vector, Margaret Kelly and I pulled back the curtain on how cloud misconfigurations are making life way too easy for cyber attackers—nation-states included. Takeaway: Secure your control plane. Tighten permissions. Treat cloud misconfigurations like a ticking time bomb—because they are.

China Hacks U.S. Treasury: A Supply Chain Alarm

Chinese state-sponsored hackers exploited a vulnerability in BeyondTrust to breach the U.S. Treasury, accessing unclassified documents and networks. This wasn’t a smash-and-grab; it was a calculated move showcasing the risks of supply chain dependencies.

Why It Matters: Third-party vulnerabilities are the soft underbelly of cybersecurity. For leaders, the Treasury hack is a blunt reminder: harden your defenses against third-party and cloud-based threats. Tools like network segmentation and credential rotation aren’t just helpful—they’re essential.

AI Deepfakes + Election Interference: A Dangerous Duo

The U.S. just sanctioned Russian and Iranian entities for running disinformation campaigns using AI-generated deepfakes to meddle in the 2024 elections. These aren’t just troll farms anymore; they’re AI-driven operations designed to fracture trust and sow chaos.

Why It Matters: AI is transforming disinformation into a weapon of mass confusion. Cybersecurity teams must focus on detection tools and educating users to counteract these emerging threats.

Hijacked Chrome Extensions: Your Browser’s a Backdoor

Legitimate Chrome extensions—including one from Cyberhaven—were compromised to steal browser cookies and authentication tokens. Hackers turned these trusted tools into silent data thieves.

Why It Matters: Even tools you trust can be turned against you. Regular audits of third-party integrations are no longer a “nice-to-have”—they’re a critical part of securing your attack surface.

In this week’s podcast, the link between the Treasury breach and our discussion on cloud security couldn’t have been clearer. It’s a call to action: misconfigurations and third-party gaps aren’t just IT problems—they’re existential risks. Let’s stay ahead of the game.

My Journey to the Mustang Mach-E

My journey toward owning an EV began with a desire to step away from gasoline engines. It wasn’t just about reducing pollution—it was about the convenience of charging at home and avoiding trips to the gas station. I’ve always enjoyed the quietness of EVs and hybrids, and the idea of a calm, peaceful ride was incredibly appealing.

I initially walked away from the Mach-E after a test drive because it didn’t meet my wife’s expectations for her next car. But after we found a great replacement for her, I couldn’t stop thinking about it. I loved how it looked, drove, and felt. Now, as an owner, I can say it has exceeded my expectations in every way.

Research and Comparisons

When I started seriously looking at EVs, I focused on cars that were comfortable, had enough room, and handled well. I wanted something that felt practical but also fun to drive.

I explored options from Audi, Toyota, and Honda, each of which had intriguing EVs in their lineup. While all of these brands brought something to the table, the Mustang Mach-E stood out for its sporty design, excellent driving feel, and unique features. It struck a balance between performance, practicality, and personality that I wasn’t finding elsewhere.

Driving the Mustang Mach-E

The Mach-E is the most fun car I’ve ever driven. While it’s not a sports car, it delivers a sporty experience that’s exciting every time I get behind the wheel. The instant acceleration is thrilling, and the quiet ride is a game-changer, making every trip feel calm and composed.

One of my favorite features is the driving modes. I usually drive in the calmest mode, Whisper Mode, but switching to Unbridled Mode transforms it into a sporty, responsive car. The one-pedal driving feature is another standout—it slows the car down when you lift off the accelerator, making it incredibly intuitive and easy to drive.

Charging and Range

Charging at home has been transformative. We installed a ChargePoint charger, and it works flawlessly for both the Mach-E and my wife’s plug-in hybrid. Waking up to a fully charged car each morning is a luxury I didn’t know I needed.

While I haven’t taken the Mach-E on a long trip yet, I’ve been planning for it. Fast chargers, especially Tesla’s superchargers, will be key to making cross-country travel feasible. For now, I’m keeping my trips within range, but I’m excited to push those limits in the future.

Things I Love vs. Things I Don’t

What I Love

Design: The sporty look and premium color options make the Mach-E stand out.

Features: Customizable interior lighting, seat memory, and a quirky frunk (front trunk) add practicality and fun.

Quiet Ride: It’s so quiet that conversations are effortless, and the peacefulness is unmatched.

Charging Convenience: Charging at home is simple, affordable, and eliminates trips to the gas station.

Driving Modes: Unbridled Mode and one-pedal driving make every trip feel dynamic and intuitive.

What I Don’t Love

Circular Gear Knob: I wish it had a more intuitive shifter design.

Lack of Cooled Seats: For a hot climate like Texas, this would be a welcome addition.

Infotainment System: While CarPlay is great, Ford’s built-in software feels clunky and outdated.

The Software Experience

In-Car Software

The Mach-E’s in-car software gets the job done but could use some modernization. While CarPlay works well, there’s a slight delay in wireless connectivity. Ford’s own software feels clunky in comparison, though I appreciate the seamless over-the-air updates that have kept the car running smoothly.

The iPhone App

The app is a useful tool for starting the car remotely, monitoring charging, and accessing the vehicle. However, it feels like it’s trying to sell me on premium services like BlueCruise or satellite radio, neither of which I find useful. Features like proximity unlocking could also be improved, as it’s inconsistent when I approach the car with my phone.

Ownership Experience

The Mach-E has become part of my daily routine, excelling at everything from gym trips to grocery store runs. Its utility is fantastic—it’s perfect for grabbing groceries, shopping trips, or even runs to the hardware store. The hatchback design and spacious rear area provide plenty of room for hauling everyday items, making it a highly practical choice for a family or an active lifestyle.

Charging at home has been a game-changer, eliminating gas station visits entirely. We installed a ChargePoint charger, which works flawlessly for both the Mach-E and my wife’s plug-in hybrid. Waking up to a fully charged car every morning has been one of the most convenient parts of owning an EV.

Friends and family have been impressed by the car. My wife finds it comfortable, especially the back seat, though she prefers when I drive a little smoother. My son thinks the Mach-E is “cool” and likes it better than my wife’s plug-in hybrid. Overall, the Mach-E has exceeded my expectations as a daily driver and proven itself to be far more enjoyable than I imagined.

Why I Chose to Lease

Opting for a lease was both a practical and strategic decision. It helped keep costs under control and allowed me to approach my first EV with flexibility. I wasn’t sure how I’d feel about having an EV as my primary car, but the Mach-E has completely changed my mind.

Leasing also provides the benefit of turning in the car in three years and upgrading to the next generation of EVs, which will likely see significant advancements in technology, battery performance, and software. On the other hand, I already love the Mach-E so much that I might decide to buy it when the lease ends.

Final Thoughts and Looking Ahead

The Mustang Mach-E has transformed how I think about driving. Its sporty feel, quiet ride, and EV conveniences make it a car I look forward to driving every day. For anyone considering an EV, I’d wholeheartedly recommend the Mach-E—especially for those who want a family-friendly car that’s still fun to drive.

Looking ahead, I’m excited to explore fast charging and take the Mach-E on longer trips. While there are areas for improvement, like a better shifter design or cooled seats, the positives far outweigh the negatives. I can’t imagine ever going back to a gas-powered car—this feels like the future, and I’m thrilled to be a part of it.

Cybersecurity isn’t something you conquer. It’s not a finish line or a box to check. It’s a relentless journey. Threats keep changing, and so must we. In this week’s Threat Vector Podcast, Dr. Daniel Ford, Chief Information Security Officer at Jovia Financial Credit Union, joined us to talk about how mastering the basics—cyber hygiene and risk management—can make all the difference.

Let’s face it: without strong fundamentals, the fanciest security tech in the world won’t help much.

Cybersecurity Is About Progress, Not Perfection

“Where are you at in your journey?” Dr. Ford asked. It’s a good question because cybersecurity is all about improvement. Bigger organizations take longer to mature, but the goal is the same—consistent progress.

Curiosity, according to Dr. Ford, is the secret weapon of top security professionals. “We need to know how things work, how they break, and how attackers exploit them,” he explained. Cybersecurity pros don’t just fix problems. They think like hackers, always trying to anticipate the next move.

The Basics of Cyber Hygiene

Cyber hygiene is like personal hygiene. Dr. Ford made a compelling analogy: just as you brush your teeth or wash your face daily, good cyber hygiene requires regular, proactive steps.

Here are the key practices he recommends:

• Keep Your Software Updated: Vulnerabilities are patched all the time. Don’t skip updates, even when you’re tempted to hit “remind me later” for the 100th time.

• Use a Password Manager: Strong, unique passwords are critical, and a password manager makes it easy to keep track of them. It’s worth the investment.

• Enable Multi-Factor Authentication (MFA): One of the simplest and most effective ways to secure your accounts.

Organizations should take it further, with well-defined playbooks and adherence to standards like NIST or ISO. Dr. Ford also emphasized the importance of knowing what to do and actually doing it. Many organizations have plans but don’t execute them.

Financial Literacy Needs Cyber Literacy

Jovia Financial Credit Union, where Dr. Ford works, is all about helping people. But these days, financial literacy isn’t complete without cyber literacy. Digital transactions are now the norm—Venmo, Zelle, virtual credit cards—and that means new scams are always around the corner.

“We see people lose their life savings because they didn’t know how to protect themselves,” Dr. Ford shared. His team works with schools and universities to educate people on basic cyber hygiene. It’s a mission born out of necessity, not just altruism.

Changing the Rules of the Game

Let’s be honest: cybersecurity can feel overwhelming. Dr. Ford compared it to the Kobayashi Maru, the infamous no-win scenario from Star Trek. His advice? Change the rules.

Instead of trying to stop every attack, focus on detecting breaches faster and limiting the damage. The industry average for detecting a breach is 192 days. Imagine cutting that to just 30 days or even two weeks. That’s a game-changer.

“We know we’re going to get breached,” Dr. Ford said. “The question is, how quickly can we identify it and contain it?”

The Problem With Silence

When breaches happen, they’re often shrouded in secrecy. Lawyers get involved, and organizations stay tight-lipped. Dr. Ford sees this as a missed opportunity. If companies openly shared lessons from incidents, others could learn and avoid repeating the same mistakes.

Take the MOVEit breach. Over 5,500 organizations were impacted, but there’s been little public discussion about what went wrong. “We’re dooming ourselves to repeat these mistakes,” Dr. Ford warned.

A case-study approach, where anonymized details of breaches are analyzed, could change that. It’s a simple idea with enormous potential.

A World That Values Cyber Hygiene

Dr. Ford dreams of a world where businesses are rewarded for good cyber hygiene. He envisions consumers choosing companies based on their commitment to security, much like they might prioritize sustainable practices or ethical sourcing.

“Maybe it’s pie in the sky,” he admitted, “but I’d love to see it.”

Let’s Talk About Dave

Near the end of our chat, we got a little lighter. Dr. Ford and I laughed about a meme where millions of dollars in security software are pitted against “Dave,” the hapless employee who clicks the wrong link. As a member of the Dave club myself, I had to admit, the meme hits close to home. (Thanks, Dave.)

The humor underscored a serious point: cybersecurity is only as strong as its weakest link. That’s why education and training are just as important as technology.

Final Thoughts

The road to better cybersecurity starts with mastering the basics. For individuals, that means MFA, password managers, and staying vigilant. For organizations, it’s about implementing good habits, learning from mistakes, and prioritizing transparency.

Remember, cybersecurity isn’t a battle you win. It’s a game you stay in. And if you can laugh about Dave along the way, all the better.

What caught my attention this week?

On Threat Vector This Week: Research on North Korean Threat Actor TTPs

In this week’s podcast, I spoke to Assaf Dahan, and we discussed why North Korean hackers have become so formidable. Their motivations span financial gain, sabotage, espionage, and influence. These tactics resonate with the Silent Skimmer findings and what Dark Reading noted—layered, stealthy operations are the new normal.

Silent Skimmer Campaign Unveiled: Sneaky Credit Card Data Theft in E-commerce

My colleagues at Unit 42 uncovered Silent Skimmer, a crafty threat targeting online retailers. This malware hides behind legitimate-looking web scripts, siphoning payment data undetected. Unlike the noisier tools of the past, this campaign is focused on invisibility and persistence, making it a serious threat to digital storefronts.

Why It Matters: The rise of stealth tactics demands stronger web supply chain security. Retailers must scrutinize third-party scripts closely—one overlooked line of code can lead to thousands of compromised credit cards

Germany's New Law: A Win for Security Researchers

Germany is proposing a landmark law to protect security researchers who responsibly disclose vulnerabilities. This move addresses the ambiguity that has historically deterred ethical hackers from reporting flaws, potentially risking legal backlash.

Why It Matters: Why it matters: This shift sets a strong example for other nations, emphasizing the importance of safe, responsible vulnerability disclosure. If your organization participates in or relies on ethical hacking programs, this type of legislation could change the game for global cybersecurity practices.

Outmaneuvering Advanced Threats: Proactive Defenses Required

A recent analysis in Dark Reading detailed how attackers, especially nation-state actors, layer multiple techniques—phishing, credential theft, and data exfiltration—to avoid detection. The emphasis was on the importance of proactive threat hunting and anomaly detection to spot these sophisticated campaigns.

Why It Matters: If your defenses are reactive, you're already behind. Integrating threat intelligence and anomaly detection isn't just ideal—it’s essential for anticipating and countering advanced adversaries.

Canadian Authorities Arrest Snowflake Data Thief

Canadian law enforcement recently apprehended an individual connected to the theft of data from Snowflake, a major cloud-based data company. The incident underscores the risks tied to internal security weaknesses, regardless of the provider's strong external safeguards.

Why It Matters: Insider threats remain a significant vulnerability. This breach is a reminder to continuously assess and tighten user access controls. Ensuring employees' access is strictly necessary and monitored can prevent devastating data exposure.

What caught my attention this week?

On Threat Vector This Week: War Room Best Practices

This week on Threat Vector, I got a front-row seat to the latest in war room best practices with insights from Kyle Wilhoit, Director of Threat Research at Unit 42, and Michal Goldstein, Director of Security Architecture and Research at Palo Alto Networks. Our conversation unpacked how modern threat response is adapting to today’s complex cyber landscape—where speed, intelligence, and flexibility make or break a team’s response to emerging threats.

Spotlight on Iran’s Cyber Playbook: From Deepfakes to Disinformation

Iran's recent use of AI-driven deepfakes, doxing, and psychological warfare reveals just how crucial these adaptable war room strategies are. Iranian threat actors are blurring lines between traditional cyberattacks and public influence operations, meaning that our incident response plans must cover both technical defenses and real-time assessments of disinformation. **As AI-powered manipulation grows, the challenge to contain hybrid threats will only intensify.**

Why It Matters: This evolution in cyber tactics shows how adversaries are advancing their disinformation and social engineering capabilities. For security teams, it's a call to shift from reactive response to proactive monitoring of complex, blended threats.

North Korea’s Ransomware Offensive: A New State-Backed Threat Vector

North Korea’s pivot to ransomware, like the PLAY variant, demonstrates a chilling trend: nation-states turning to ransomware to fund their agendas and mask their tracks. This approach complicates attribution and pressures defenses, emphasizing the need for agile war room setups that can handle both political and financial attacks.

Why It Matters: When nation-states adopt criminal tools, it muddies the waters of attribution and raises the stakes for incident response. Security leaders should prepare for rising attacks that merge the tactics of crime with the goals of espionage. In two week I will share a conversation I had with Assaf Dehan on the research him and the Cortex team have produced on North Korean activity.

Salt Typhoon and the Art of Stealthy Espionage

China’s Salt Typhoon (APT5) continues its cyber espionage spree, targeting sectors critical to national security. The advanced persistence of these intrusions demands that war rooms are not just reactive but also geared for long-term monitoring. Threat intelligence must focus on identifying stealthy, drawn-out attacks that could otherwise slip by under routine monitoring.

Why It Matters:As cyber espionage escalates, especially around sensitive industries, our war room readiness needs to reflect the patience and stealth of these persistent threats. Salt Typhoon reminds us to be vigilant for prolonged attacks that prioritize sensitive, strategic data.

Macron’s Strava Slip: Fitness Apps as a Security Concern

President Macron’s jogging routes were exposed on Strava, highlighting the hidden privacy risks of fitness apps. While these apps seem harmless, they carry real security implications, especially for high-profile individuals.

Why It Matters: Tracking apps may pose serious privacy and security risks. For those who are especially at risk, it’s time for a digital hygiene check. War room teams and cybersecurity leaders should reiterate safe app usage to prevent unintended exposure.

What caught my attention this week?

On Threat Vector This Week: Crisis Leadership Lessons from Chris Scott

This week we will publish an episode with Christopher Scott, a veteran in crisis leadership, about handling cybersecurity incidents under intense pressure. Scott’s advice? Be decisive even when data is sparse, balance technical and business priorities, and practice incident drills regularly. With the SEC’s recent crackdown on SolarWinds-related disclosures, Scott’s insights on honest communication during crises resonate even more. His take is clear: transparency isn’t just about compliance—it’s a critical tool to maintain trust within your organization and with regulators.

What got my attention this week?

New Windows Driver Bypass Opens Door for Kernel Rootkits

Microsoft’s latest vulnerability could open up a nightmare scenario for security teams: a new driver signature bypass that allows attackers to push malicious drivers directly to the kernel. This flaw could allow kernel rootkit installations to bypass even the most advanced endpoint defenses, giving attackers a stealthy way to deploy hard-to-detect malware.

Why it matters: Kernel-level rootkits are no joke—they give attackers deep system access to hide malicious activity right under your nose. Security leaders need to stay sharp, prioritize monitoring kernel activity, and scrutinize any suspicious drivers to stay ahead of this sophisticated threat.

SEC Fines Firms Millions for SolarWinds Incident Downplay

The SEC’s latest action sends a loud message: mislead stakeholders about cyber incidents, and you’ll pay. Firms were fined millions for downplaying the SolarWinds breach, highlighting how essential transparency is in cybersecurity. Holding back on breach disclosures can cost not only millions in penalties but also trust from stakeholders and the public.

Why it matters: With the SEC cracking down, the regulatory landscape around breach disclosures is more intense than ever. CISOs, take note: prioritize clear, honest communication during incidents to avoid the hefty fines and reputational damage that follow misleading responses.

Senator Probes Domain Registrars Over Russian Disinformation Sites

U.S. Senator Mark Warner is pressuring domain registrars for allowing Russian-linked disinformation sites to proliferate, claiming that lax oversight supports the spread of content that can destabilize democratic processes. This probe could lead to stricter regulations on registrars to clamp down on disinformation.

Why it matters: With geopolitical tensions in focus, this probe calls out the critical role of tech intermediaries in stemming disinformation. CISOs should consider that digital assets tied to under-regulated or laxly managed platforms may face scrutiny, especially in politically charged contexts.

What caught my attention this week?

New Tactics to Jailbreak AI: The Risk of Camouflage and Distraction

A recent Unit 42 investigation reveals how malicious actors can bypass large language model (LLM) safeguards through a clever technique called "Deceptive Delight." By embedding harmful prompts within benign topics, attackers trick AI systems into generating unsafe content. This highlights a significant vulnerability in AI models that needs to be addressed to prevent misuse. Read more about how this tactic works and the steps needed to strengthen LLM security here.

Tricking CAPTCHAs: Lumma Stealer Malware on the Rise

Cybercriminals are using Lumma Stealer malware to bypass CAPTCHA protections, allowing them to steal sensitive data, such as login credentials and financial information. This development weakens one of the basic online security measures, making it easier for attackers to compromise accounts. Strengthening security defenses is crucial as these threats evolve. Read more in the full article here. For additional insights on cyber threats, explore Unit 42 research here.

Bumblebee Malware Returns with a Vengeance

Bumblebee malware has made a comeback, more potent and harder to detect than before. Used by threat actors for ransomware attacks and data theft, this revamped version highlights the adaptability of cybercriminals. Organizations must stay vigilant as botnet-driven threats evolve. Cyber defenses should be strengthened to counteract these persistent threats.

For more details, check out the full article here.

We had a busy week recording new episodes of Threat Vector.

I was thrilled to have had Dr. Daniel Ford join to record an episode of Threat Vector! His insights on cyber hygiene and cyber literacy have been rattling around my head since all week. His insights on who takes the risk vs. who experiences the risk (hint: security teams take the risk, you and I experience the risk) changed my perception of my relationships with security teams.

I also had a chance to go deep into IoT Security with Dr. May Wang. I can’t wait to release it - I think May named this one during the episode “The ABCs of IoT Security. This episode struck a great balance between security insights and forward-looking strategy. Plus, it’s always great to share the mic with a fellow nerd (her words! though I am right there with her).

Early in the week, I was able to get Meerah Rajavel and Niall Browne to talk to me about the relationship they have as Palo Alto Networks CIO and CISO. Meerah and Nial discussed the importance of integrating security into software development and emphasizing designing frictionless security early in processes. They also shared how they foster a culture of security at Palo Alto Networks. I know this episode will resonate with executives who are looking to drive speed and innovation.

Allie Mellen from Forrester and I also recorded an episode. It's supposedly about XDR and The Forrester Wave™: Extended Detection And Response Platforms, Q2 2024, but we went off script. Allie answered some deeper, tough questions and was absolutely wonderful to chat with. This will be a totally different episode of Threat Vector, and I am all for it.

Finally, I had Richu Channakeshava on to talk about Quantum Security. She did a fantastic job as a guest and an advocate for our listeners. At the end of the conversation, she called me out. Her observations were spot on, I was stiff and ran the interview as a Q&A. Quantum is such a big topic that I didn't want to let my ignorance get in the way, but as she pointed out, we need the conversation to flow, and when I don't know something, it’s better to ask (I keep learning that lesson). So, we will rerecord it in the style of What Roman Mars Can Learn About ConLaw, one of my favorite pods and podcasters. As soon as we redo this one, we will release it.

In the landscape of cybersecurity, educational institutions face unique challenges. From limited budgets to the expansive attack surfaces created by remote learning, schools are increasingly vulnerable to cyber threats. In the latest episode of Threat Vector, I sat down with Mike Spisak, a seasoned cybersecurity expert, to explore these challenges and uncover practical strategies for schools to enhance their security posture.

A Proactive Approach to Security

Mike emphasizes the importance of proactive security in education. Unlike the reactive measures that often make headlines, proactive strategies involve identifying and mitigating risks before they materialize. As Mike explains, conducting a comprehensive cyber risk assessment is the foundational step every institution should take. This process not only highlights vulnerabilities but also provides a roadmap for implementing effective security controls.

The Role of Threat Intelligence

Threat intelligence is another critical component of a robust cybersecurity strategy. Educational institutions, with their diverse and transient user base, must stay informed about the latest threats targeting their sector. Mike suggests that schools leverage both paid and open-source threat intelligence feeds to keep their defenses up to date. By integrating AI tools with threat intelligence, schools can better prioritize and respond to the most relevant threats.

Embracing a Cyber-Aware Culture

One of the standout points from the discussion is the need to cultivate a cyber-aware culture within schools. Mike draws parallels between the designated driver campaigns of the past and the need for similar cultural shifts in cybersecurity awareness. Just as society normalized responsible behavior around alcohol, schools can lead the way in promoting responsible digital behavior.

Key Takeaways

The conversation with Mike underscores two essential lessons for educational institutions. First, the importance of adopting a proactive security mindset cannot be overstated. Implementing risk assessments and integrating threat intelligence are crucial steps in staying ahead of cyber threats. Second, fostering a culture of cybersecurity awareness is key to empowering students, staff, and faculty to contribute to the institution’s overall security.

For those interested in diving deeper, I recommend reading "The NIST Cybersecurity Framework: A Comprehensive Guide" and the latest articles on AI in cybersecurity, such as "AI Is The Past, Present And Future Of Cybersecurity" in Forbes. These resources provide additional context and strategies that align with the proactive approaches discussed in this episode.

By taking these lessons to heart, educational institutions can not only protect their digital environments but also set a standard for cybersecurity practices that extend beyond the classroom.

Identity Security in the Hybrid Work Era

In a recent episode of Threat Vector, I had the pleasure of hosting Jamie Fitz-Gerald, Sr. Director of Product Management at Okta. Jamie’s journey in cybersecurity is fascinating, from a fitness instructor to a defense contractor, and eventually to a key player at Palo Alto Networks and now Okta. His unique experiences have equipped him with deep insights into the evolving landscape of identity security.

Identity as the New Perimeter

In today’s hybrid work environment, where employees access resources from various locations, identity has emerged as the new perimeter. Traditional security measures are no longer sufficient. Jamie emphasizes the importance of strong identity controls, including multifactor authentication (MFA) and passwordless authentication. These measures are crucial in safeguarding organizational resources against unauthorized access.

Identity is the one door, it is the one place where you can ensure you have some security control no matter what.

Zero Trust Security Strategy

Jamie explains that identity is the foundation of a zero trust security strategy. Organizations can significantly reduce their risk of cyber attacks by verifying every user, device, and application before granting access. This approach ensures that only authenticated and authorized entities can access sensitive information, thus bolstering overall security.

Emerging Trends and Technologies

Phishing Resistant Authentication

Jamie highlighted the rise of phishing-resistant authentication methods. As traditional passwords become obsolete, the focus is shifting towards more secure, user-friendly options like biometric authentication. This approach not only enhances security but also provides a seamless user experience, which is critical in today’s fast-paced work environment.

Identity Proofing

Another emerging trend is identity proofing. This technology involves verifying the authenticity of a user's identity, often through digital means such as biometric data. Jamie points out that this can help organizations combat social engineering attacks, where attackers impersonate legitimate users to gain access to sensitive information.

Top Lessons for Cybersecurity Leaders

1. Prioritize Identity Security Identity is the cornerstone of modern cybersecurity strategies. Implementing robust identity controls, such as MFA and passwordless authentication, is essential in protecting against unauthorized access and ensuring the integrity of organizational resources.

2. Embrace Zero Trust A zero trust approach, where every user, device, and application is verified before granting access, is crucial in today’s threat landscape. This strategy minimizes the risk of cyber-attacks and ensures that only authenticated entities can access sensitive information.

For further reading, consider exploring "Zero Trust Networks" by Razi Rais, Christina Morillo, Evan Gilman, Doug Barth, which delves into the principles and implementation of zero trust security. Another valuable resource is the article "Is the password dead? Legacy technology prevents the shift" By Amber Jackson. By embracing these lessons and staying informed about the latest trends and technologies, cybersecurity leaders can better defend their organizations against evolving threats.

Identity Under Siege: Insights with Okta

To hear more about Jamie Fitz-Gerald's insights on identity security and the future of authentication, tune into the full episode of Threat Vector. Jamie shares his journey, delves into the importance of identity controls, and discusses the critical role of identity in a zero-trust strategy.

Have an idea for the show? Email me at threatvector@paloaltonetworks.com.

I had the unique opportunity to watch as Michael Sikorski and Jason Healey recorded the latest episode of Threat Vector, and it was an absolute thrill to see two great minds dive deep into a topic they’re both incredibly passionate about. It was early morning in Vegas, and the energy in the room was palpable as they explored the ever-evolving cyber landscape, dissecting the challenges and opportunities that have shaped our industry over the last five decades.

First, I want to extend a heartfelt thank you to Siko for stepping in as our guest host. Siko is a true expert in reverse engineering and malware analysis, with a career that spans over two decades at Mandiant, the NSA, and now Palo Alto Networks. His passion for education, highlighted by his teaching role at Columbia University and his leadership on the Board of Directors for the Cyber Threat Alliance, made him the perfect guide for this conversation. His deep expertise and commitment to advancing cybersecurity shone through in every part of the discussion.

Joining Siko was Jason Healey, a Senior Research Scholar at Columbia University's School of International and Public Affairs. Jason’s career is a testament to his pioneering work in cyber conflict studies. Jason has been at the forefront of shaping our understanding of cyber strategy and policy from the military and the White House to academia. He was a founding member of the first joint cyber command and the White House's Office of the National Cyber Director. As an acclaimed author and thought leader, Jason brought a wealth of knowledge and insight to the conversation.

The Evolution of Cyber Conflict

Reflecting on his extensive experience, Jason highlighted a sobering truth: many of the challenges we face in cybersecurity today aren’t new. The notion that "the red team always gets through" has been with us since the 1970s, underscoring a persistent advantage for attackers. This historical perspective is a stark reminder that innovative thinking in defense strategies is not just beneficial—it's essential.

As Jason noted, “If we don't innovate, our grandkids are going to inherit a worse internet than we have today.” His words serve as a clarion call to all cybersecurity professionals to rethink traditional approaches and push for systemic changes that can truly shift the balance of power.

Scaling Defense: A Collaborative Effort

One of the key takeaways from this episode is the critical role of collaboration in cybersecurity. Jason discussed how initiatives like the Cyber Threat Alliance are essential for achieving defense at scale. By sharing threat intelligence and coordinating responses, cybersecurity organizations can collectively outmaneuver adversaries.

He also touched on the need for a new framework to measure the success of these defense efforts. Jason advocates for a shift from input metrics, such as the number of trained experts, to outcome-based metrics that reflect whether threat actors are actually being disrupted.

Lessons for Cybersecurity Leaders

For those of us leading cybersecurity efforts, the conversation offers two critical lessons:

- Innovation in Defense: To keep pace with the ever-evolving tactics of threat actors, defense strategies must evolve. This means embracing new technologies, frameworks, and collaborative approaches that can amplify our defensive capabilities.

- Policy and Education: There is a strong need for a focus on policy and education. By engaging with policy-makers and fostering cross-disciplinary education, we can help shape a more secure digital future.

We need to step back and look at the scoreboard," ensuring our strategies are making a real impact—Jason Healey

For further reading on the topics discussed, I recommend exploring Jason’s work on the history of cyber conflict or diving into the latest reports from the National Cybersecurity Strategy. These resources provide valuable context and deepen our understanding of the ever-evolving cyber landscape.

As cybersecurity continues to evolve, the need for innovation, collaboration, and a broader strategic focus becomes ever more pressing. The insights shared by Jason Healey in this episode of Threat Vector offer a roadmap for professionals who are eager to make a meaningful impact in the field. By embracing these lessons, we can work toward a future where defense holds the advantage, and the digital world is a safer place for all.

Thank you again to Michael for stepping in as a superb guest host, and to Jason for sharing his invaluable expertise with us. It’s through conversations like these that we continue to push the boundaries of our field and better prepare for the challenges ahead.

2024

• FEZIBO Electric Standing Desk

• Aeron Chair

• Mac Book Pro (M1)

• Magic Keyboard and Mouse

• 27'“ Apple Studio Display

• Shure MV7 Mic

• Promoter

• Logitec light

• Ember mug

• Anker Wireless Charging Stand

• iPad Mini 6

2023 and earlier

In early February 2021, I posted internally at IBM about my Desk setup up as many people were asking. There have been a few changes to the arrangement, and I thought it was as good as any time to make a post to update the annual log.

I am sharing my original Slack post and editing it and will add new photos.

The Desk: [retired] Custom-made several years ago with the help of my carpenter neighbor. I wanted something tiny "for just an iPad,"… then the pandemic hit, and I've made it work.

2022 update - I've moved to a standing desk. I tried to make my custom desk work as a standing desk (the monitor arm and large monitor sort of made it work). In October, ordered a FEZIBO Electric Standing Desk. It's good enough. It has three preset heights and lets me lift everything on my Desk to be comfortable seated or standing. My only recommendation to you (or my ordering self) would be to pick up better cable management and power. I had much of what I needed, but in the end, it's not as clean as I would like. 

The Chair: 2023 update - Upgraded to Aeron. It’s insanely better. Touch more expensive tho.

Autonomous, I would not buy it again. The seat is a cushion, and while ok for a smaller period of time, my rear goes numb in this one—a great reminder to stand and move, though.

2022 update - I still feel the same about this chair. I've noticed that the seat is already fraying a bit, which is disappointing. The seat should be mesh, just like the back. A cushion is just not as good of a design choice.

The Computer: 13-inch MacBook Pro (IBM issued). I wanted to save space and decided to run it in clamshell mode. Pro Tip: this mode covers the camera (duh) and physically disconnects the mic and that I why I am constantly fiddling with the mic setting in Webex on your calls.

2022 update - with a slightly bigger desktop and a need for duel screens (new job), I have returned to having a laptop riser and the laptop open. It's great to have Touch ID back, and my mic and speakers on the Mac are available again. I have chosen to go with my external mic and camera. They look, and sound are better and are located above the screen to catch my voice and "look at" the people on video calls.

The Tablet: iPad Pro with iPad Magic Keyboard and Apple Pencil. I use the iPad for notes (Goodnotes) and as a second screen via SideCar. I also use it as a second device to log in to Webex calls and drive presentations or see faces/get feedback when presenting. I also run a handful of work-related shortcuts from the iPad. DM me if you want to geek out on iPad stuff, Shortcut stuff, etc.

2022 update - opted to upgrade to the 12.9 inch iPad (writing the review on it now, though I am struggling to get the Square Space app to work as smoothly as I would like). I love the larger screen, and 11 iPad Pro has a great new home with my daughter. I have used Jump Desktop a couple of times to access my Mac remotely, which works pretty well.)

The Keyboard and Mouse: This combo took me a week to fall in love with, and sometimes I long for the old Magic Mouse 2 and Apple Keyboard (they are hidden just off-camera). The mouse is the MX for Mac. It's got a lot of bells and whistles, and its reason for being on my Desk is that it pairs with both the Mac and iPad. In fact, it could pair with my iPhone too, but I don't need a mouse for the iPhone. And the keyboard, which is the MX Keys, also pairs with both Mac and iPad. A note about the keyboard is heavy compared to the Apple Keyboard. And the key travel is much bigger than most laptop keyboards. It took me a while to get my hands used to the travel. I purchased the mouse to go with the keyboard. IBM allowed for the better keyboard through their program, but the mouse was not within limits.

2022 update: Back to the Magic Mouse and keyboard, then the keyboard tanked, and I had to get the Logitech Keyboard back out. So, for now, it's a combo of the Magic Mouse & The MX Keys. I have recently added Better Touch Tool, Keyboard Maestro, and Text Expander to the mix, and I am slowly adding functionality to speed up my work. Keyboard Maestro is excellent!

The Monitor: This is from Samsung. It is decent but has drawbacks. Namely, the brightness is not high enough for me, and the color is iffy. If I were still doing design work, I would whine about this a ton. However, it does have one neat feature… two HDMI ports. So with a click of a button, I can have either the Mac or the iPad on this monitor (or both at the same time). Combined with the mouse and keyboard trickery, I can do all my professional work or personal work on the right computer/tablet with the same mouse, keyboard, and screen.

2022 update - gave up on using the monitor with the iPad. The cable busted, and I was not using the Logitech gear (loaded it to my son for virtual school). I might go back to this at some point and hope Apple releases Universal Control soon!

Monitor Arm: Unseen, but I have the monitor on a monitor arm from Amazon. It's good enough. I like that I can be far away or close, making for a janky standing desk option. It also gave me a lot of my desktop space back, which given the small footprint of this Desk is a big deal.

The Mic: This is an external mic on the cheapest boom arm I could find. I used to have a pop filter, but I have removed it because it is bothersome due to the mic being unplugged when in clamshell mode I have to have a mic. I could use the mic on the webcam, but it isn't very good.

The Webcam: Of all the things I wish I had invested in stock-wise, it's companies that make webcams. This is the third webcam I was able to get. It's the best one so far, and it's irritatingly bad. The big takeaway about this webcam is that it is at eye height so that y'all don't have to look up my nose on calls. It also makes it easy for me to look right into the camera when talking, and there is a body of research that says this helps viewers connect with the speaker… all for finding ways to seem more human in these distanced days.

2022 update - I changed to the Anker PowerConf C300 Smart Full HD Webcam. The previous camera looked like garbage, and the supply chain seemed to catch up finally. I tested six cameras, which was the best for me (combo of functionality, how it looked in tests, and cost).

Assorted kit: (some is unseen)

- The Nomad Basestation Pro, I don't recommend this. The first one stopped working. This one seems about to die. Loved the ascetic and minimal footprint, but it's meh at best.

2022 update - I replaced this with the Anker Wireless Charging Stand, PowerWave 2-in-1. So Much Better! MagSafe for the win here. I can "click" my phone on to the magnetic puck and know I am getting a charge, see my screen if I want and use it (rarely needed). Those all really help make this a much better solution for my Desk. The Qi charging for the AirPods Pro is solid. I wish that the divot for the case was a bit deeper… I occasionally miss having them lined up perfectly and it will slow or stop the charging. The other win is that the footprint for this stand is much smaller than the previous base station and the charging cable is very compact (its USB-C) compared to the Nomad's massive charging brick.

- AirPods Pro! An instant classic of a product and use them daily… occasional calls and all runs. I've paired them up with these ear hooks so there is no slippage when running now.

- The Elevation Shelf from ElevationLab. I hide the weird little junk in this drawer-like space under my Desk.

- Aukey USB-C 90W charger - Powers both Mac and iPad. Great charger. The only weirdness is when I unplug my iPad, it turns off power to the Mac, and the monitor flickers for a minute until the power starts up again. I have no idea why, very annoying if I do this while on a call.

2022 update - This power brick is back in the laptop go bag! I have actually gone to the offices and hope to do more in 2022.

In the latest episode of "Threat Vector," I had the privilege of conversing with Sam Rubin, the VP and global head of operations at Unit 42. Our discussion ventured into the increasingly complex and rapid evolution of ransomware attacks, their significant impact on various sectors, and the indispensable role of AI, automation, and public-private partnerships in bolstering our cybersecurity defenses. Here are some of the critical takeaways and insights from our enlightening conversation.

The Escalating Cost and Impact of Ransomware Attacks

A striking anecdote shared during our podcast highlighted the devastating financial toll ransomware attacks can impose on organizations. A Vermont hospital administrator revealed that the expenses incurred in responding to and recovering from a ransomware attack surpassed the total costs associated with adapting to the COVID-19 pandemic. This stark comparison underscores not only the financial strain but also the profound operational challenges organizations face in the wake of such cyber attacks.

The Sophistication and Speed of Attacks

Sam Rubin brought to light the remarkable evolution of ransomware attacks over the years. From the initial "spray and pray" tactics to the current highly sophisticated and targeted strategies, ransomware has become a formidable threat to large enterprises and government entities alike. Rubin emphasized the rapid weaponization of disclosed vulnerabilities, which has become a newer trend, allowing cybercriminals to exploit these vulnerabilities within hours of their disclosure. The shift from an average dwell time of 30 days to a mere one to two days before data exfiltration occurs illustrates the heightened speed and efficiency of these attacks, making them increasingly difficult to defend against.

The Need for Enhanced Cybersecurity Measures

The conversation also highlighted the critical need for robust cybersecurity measures, including vulnerability and threat management programs, and a defense-in-depth strategy. Rubin stressed the importance of assuming breach and focusing on containment and detection to prevent widespread organizational impact.

The Vulnerability of Education, Healthcare, and Government Sectors

Rubin pointed out that the education, healthcare, and government sectors are particularly vulnerable to ransomware attacks due to their large digital footprints and often underfunded cybersecurity initiatives. These sectors present "resource poor, but target rich" environments for cybercriminals, emphasizing the need for increased funding and support to bolster their defenses.

The Role of AI and Automation in Cyber Defense

Our discussion delved into the role of AI and automation in enhancing cybersecurity defenses. Rubin underscored the potential of these technologies to significantly improve the speed and efficiency of detecting and responding to cyber threats. The integration of AI into cybersecurity strategies represents a promising avenue for mitigating the risks posed by sophisticated ransomware attacks.

The Importance of Public-Private Partnerships

The testimony before Congress highlighted the crucial role of public-private partnerships in addressing cybersecurity challenges. By sharing threat intelligence and collaborating on security initiatives, both sectors can leverage their strengths to combat cyber threats more effectively. Rubin's advocacy for these partnerships underscores their potential to facilitate information sharing and enhance overall cybersecurity resilience.

Preparing the Cyber Workforce of Tomorrow

Finally, our conversation touched upon the importance of cybersecurity education and training. With the demand for skilled cybersecurity professionals outstripping supply, Rubin emphasized the need for educational institutions and training programs to focus on preparing individuals for careers in this critical field.

Reflecting on my conversation with Sam Rubin, it's clear that the landscape of ransomware attacks is evolving with alarming speed and sophistication. The insights shared during our podcast underscore the necessity for heightened cybersecurity vigilance, the adoption of advanced technological defenses, and the cultivation of strong public-private partnerships. As we continue to navigate the complexities of the digital age, these principles will be instrumental in safeguarding our digital world against the ever-evolving threat of cyber attacks.

As IBM sent us home because of the pandemic in March 2020, I took over a new marketing role. I felt stress from both a growing feeling that the pandemic would be nasty and learning a new job. My go-to stress relief of watching stand-up or sitcoms and love of loud snacks provided an escape from the stress. However, TV + snack were not helping my health.

I was tipping the scales between 243-247 pounds, depending on the day. And according to my Apple Watch, my resting heart rate averaged 64 bpm at the time (lower is usually considered better).

After being sent to work from home, I had more time for myself and started taking occasional walks to listen to my usual commute podcasts.

My Fitness Equipment in March 2020

• AirPods Pro

• Apple Watch Series 4

• Brooks Ghosts 11s

• Some older shorts, t-shirts, sunglasses, and hats

• Access to my Nordictrack elliptical (it was pretty dusty!)

In April, after staring at my Apple Watch rings from March and feeling underwhelmed with my effort, I started trying to exercise intentionally. Not just random walks, but small daily walks of a few miles each.

That month I closed more rings, and then in May, I stepped it up. I closed every ring, every day for the month. I also got bored with walking alone and had a brilliant idea. I would try running!

In college, I had blown out a knee playing football (Go Crusaders!) and had avoided making it worse by running for decades. In my mind, my knee couldn't take more trama. I lived in fear that I would lose more and more mobility if I ran or worked my knees too hard. I also used that as an excuse not to run because running sucks.

And at first, running did suck. I got tired pretty quickly. I had cramps in my calves, my quads, my feet. I would cough and have problems with phlegm. My lungs hurt from breathing so hard, and the coughing made it worse. But I didn't stop. I kept chipping away at going further, pushing past all the reasons to give up. Some days I would start a walk on my Watch but run for a part of it, each time trying to get a little further. Looking back at my Fitness data is confusing. An ~11-minute walk is a speedy walk but a leisurely run. There are a lot of "walks" that were not entirely walking and not entirely runs. But as they say, crawl, walk, run, and at least I wasn't crawling.

In June, I had a great start but then hit a wall two weeks in. It was a Saturday, I was tired, and I just gave in to a rest day (actually not a bad idea). And so, I broke my streak but was pumped I made it 52 days at that point. But that meant starting over on a streak. And I did. I've been able to close all my Watch rings every day since (writing this on April 20, 2021, with a 309-day streak I intend to complete later today).

Along the way, I ran my first 5K (3.1 miles), my first 10K (6.2 miles), lost 30+ pounds and discovered that running is a mental game as much as a physical one. Early on, it was cramps and pain that would physically stop me. Now it's mental traps that I am more attuned to.

One of the most important things that happened as I got off my butt and started this was competition. My friend Derick and I competed back and forth for several weeks (I think he beat me more than I beat him). The tiny nudge from that completion was insanely helpful. I didn't want to lose as much or more than I wanted to win. And sometimes, I would get a cheeky text (can I say that… I am not British) or a motivational one from him. Knowing that while I was alone on the run, I wasn't alone on the journey helped. If anyone is thinking about getting started on their journey, get a friend to go with you. The other thing that helped me was the Nike Run Club app. It's simple and runs on the Apple Watch. Having it track my pace and give me updates while I am running is excellent. I know if I am going a little fast or slow and how much I have run towards a goal. Plus, my buddy Derick uses it too and sometimes will cheer me on LIVE!! while I am running. Amazingly, he has a knack for sending a cheer (which is his voice) right as I start a hill climb or try to close out a long run. That little cheer is so motivating!

At ~215 pounds, I am still considered overweight, and I am working on it. For now, I feel that the goal of better health and fitness has been achieved. My heart rate is down, my weight is down, even my blood pressure is down a little. I am running a 5K every morning (or afternoons on some weekends). There are points where I am walking out the door for a run, and it's cold, dark, rainy… or any number of other things that make me think, "what in the hell am I doing"?" and I realize I am getting a little better, every day, every time.

And now I have my eye on 100 pushups a day. I will check in with progress soon.

I am finally facing “Goal Writing”.

I have never loved writing and sharing my goals. At Salesforce I struggled to connect with their V2MOM - in hindsight the V2MOM is fantastic. And at IBM my blood pressure has risen every time I’ve opened our Checkpoint tool (until today! It’s finally working right).

About a month ago I watched a video that really helped me understand both how and why to write down goals in a way that spoke to me. I want to share that inspiration and my template. I am finally eager to write goals down and share them with others.

I will try to revisit this post throughout the year to share what I add or take away from this process.

(The things that I use and love)

I’ve sent this list to new (and old) Mac users and iPhone lovers a lot over the past several years. I think it is time for it to become a story and URL I can send people to and update as needed.

1Password

Do you like your simple password? Maybe a variation on a student ID you have… or maybe it’s just that six-character ID you were issued?

iPassword Login Screen

Stop. Right now.

That is an awful plan. Go get 1Password right now. Put it on your phone, your tablet, your Mac (or PC).

This application is amazing. It works on your Mac and integrates with your browsers so that when you need to log in you can with 1 password. It allows me to have really long (50+ characters) passwords for every site & service. I put this on my iPhone and can sync all my passwords from my Mac. So now all my passwords are in my pocket. It’s great. They just released an update that lets you keep separate vaults for work and personal.

This is perhaps my oldest, favorite app. One of the very first things I grab on new hardware.

DuckDuck Go for search.

While you are thinking about protecting yourself, go into your settings. Switch to DuckDuck Go. You won’t pay with your privacy.

— Advertising without tracking, the DuckDuck Go business model vs Google’s business model.

Speaking of search… what about on your device.

PRO TIP for Apple Notes: Use the #hashtag in your notes.

This “hack” makes searching for a note so much simpler. Adding the octothorp (the hashtag for those of you that are not type nerds) means that you can search for “#apps” and find your note about great #Mac #apps

This is my note title → Great #Mac #apps

Skitch (free)

Awesome app to markup files, screenshots, etc. It works on your Mac and iPhone. It is free.

Mac Only Apps

Amphetamine (Free)

This is the upgrade from Caffeine. It keeps your Mac screen on, this is great when you are presenting and you want to make sure your Mac stays awake.

Noizio

This is a great little utility to create a calming atmosphere from your Mac. You can build a sound profile, think waves + boat = sailing sounds.

Desktop Curtain

Hide your desktop shame with Desktop Curtain. This little app covers up your desktop with clean, custom desktops. Perfect for when you need to share your screen with a customer.

iPhone Only Apps

Otter is a voice recording app. It transcribes the voice memo for you. It has decent accuracy, but I am looking into the privacy implications. I am a little worried about that and may just stick with Voice Memo or Just Press Record.

Snapseed (mainly use it on an iPad btw) is a great tool to quickly retouch a photo with decent to great results. I have found that a little goes a long way with photo editing and that it can be easy to over correct in Snapseed. It is also a Google owned tool and that gives me the creeps. I need to find a tool that does red-eye removal on iPad as simply as this. One knock on the app is that it isn’t integrated into the Photos app’s share sheet so the workflow is clunkly.

Polytopia is just a fun as can be turn based strategy game. I have been locked in some epic battles with my youngest son. I suspect I am about to be repeatedly destroyed by him soon. Bring it on youngster!

Originally published at:

https://medium.com/@davidrmoulton/great-apps-that-i-use-b346c239265d