⬇️ See below for timestamps/summaries/references for each topic

00:00 Highlight/theme

00:37 Intro

1:21 Hitch Partners survey of CISOs

13:34 Dangling S3 buckets

24:35 Update on Cybersecurity Innovation Executive Order

32:58 Cyber stocks - NET and CRWD at all-time highs

44:07 Okta lays off 180 employees, including security engineers

55:47 Is anyone actually doing TLS inspection?

1:03:21 Is a SOC2 certificate enough to pass TPRM?

Hitch Partners survey of CISOs

The 2025 CISO Security Leadership Survey by Hitch Partners highlights key trends in CISO compensation, reporting structures, and industry disparities. Public company CISOs see higher cash compensation and equity growth, with a 6.1% increase year-over-year, while private company CISOs face tighter financial conditions and fewer benefits like D&O insurance. CISOs in larger organizations are less likely to report directly to the CEO, instead aligning with CIOs as company size increases. Compliance, business impact, and ROI are the top budget justification factors, and signing bonuses are more common in public companies. With an average tenure of 39 months, organizations looking to attract top security leaders must focus on competitive compensation, equity incentives, and comprehensive protections.

📖 References: https://www.hitchpartners.com/ciso-security-leadership-survey-results-25

Dangling S3 buckets

watchTowr Labs detailed how they identified approximately 150 abandoned Amazon S3 buckets previously utilized by various organizations, including governments and cybersecurity firms. Upon registering these buckets, they monitored over 8 million HTTP requests within two months, revealing ongoing attempts to access software updates, binaries, and other critical resources.

📖 References: https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/

Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity The outgoing Biden administration issues an executive order aimed at enhancing cybersecurity innovation in the U.S. The order focuses on strengthening national cybersecurity infrastructure, promoting technological advancements, and ensuring robust defenses against cyber threats.

📖 References: https://web.archive.org/web/20250119001804/https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/

Layoffs at Okta

On February 4, 2025, Okta, a U.S. access and identity management company, laid off 180 employees, marking its second workforce reduction in just over a year. This follows a previous layoff of approximately 400 employees in February 2024. The Enterprise Security team was affected.

📖 References: https://techcrunch.com/2025/02/04/okta-lays-off-180-employees-nearly-one-year-after-last-workforce-reduction/

⬇️ See below for timestamps/summaries/references for each topic

00:00 Intro

01:33 Biden's Executive Order on Cyber Security

05:18 Cyber policy wishlist

21:30 TikTok and RedNote

29:36 Marsh's report on cyber insurance

49:21 Do CISOs need to be highly technical?

Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity The outgoing Biden administration issues an executive order aimed at enhancing cybersecurity innovation in the U.S. The order focuses on strengthening national cybersecurity infrastructure, promoting technological advancements, and ensuring robust defenses against cyber threats.

📖 References: https://web.archive.org/web/20250119001804/https://www.whitehouse.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/

TikTok Refugees Flock to China’s RedNote Amid U.S. Ban Concerns Following increased scrutiny and potential bans on TikTok in the U.S., over half a million users migrate to China’s RedNote platform. This shift highlights growing concerns over data privacy, national security, and the geopolitical tensions surrounding Chinese-owned apps.

📖 References: https://www.reuters.com/technology/over-half-million-tiktok-refugees-flock-chinas-rednote-2025-01-14/

Using Cybersecurity Analytics to Prioritize Cybersecurity Investments This article by Marsh explores how organizations can leverage cybersecurity analytics to make informed decisions about where to allocate resources for maximum impact. By analyzing data on threats, vulnerabilities, and past incidents, businesses can prioritize investments in areas that will most effectively reduce risk and enhance their overall security posture.

📖 References: https://www.marsh.com/en/services/cyber-risk/insights/using-cybersecurity-analytics-to-prioritize-cybersecurity-investments.html

No, you probably don't need a technical CISO An article argues that organizations may not necessarily require a highly technical Chief Information Security Officer (CISO). Instead, it emphasizes the importance of leadership, strategic thinking, and the ability to manage risk effectively in the role. 📖 References: https://www.linkedin.com/pulse/you-probably-dont-need-technical-ciso-shaun-marion-u0pmc

Join former CISOs Jerry, Mario, and Sounil as they dissect the latest cybersecurity news, discuss evolving threats, and share their seasoned perspectives on infosec.

00:00 Highlight

00:32 Intro

1:48 China accuses US of stealing trade secrets

10:05 Taiwan reports 2.4M Chinese cyberattacks/day

18:21 Christmas day Chrome Extension hacks, including Cyberhaven

23:28 Krebs: U.S. Army Soldier arrested for Snowflake customer extortions

26:40 Wired: Popular apps hijacked to spy on locations through ad tracking

33:28 Holiday DoS vulnerabilities in Palo Alto and Windows LDAP

34:36 Are DoS vulnerabilities neglected by security programs?

40:37 TI news feeds are noisy and vulnerabilities are overhyped

49:37 Are Passkeys ready for prime time?

54:49 Adversarial Podcast YouTube comments

57:06 YouTube comment cryptowallet scams

59:24 What should security teams try to accomplish during offsites?

China Accuses US of Cyberattacks: https://www.reuters.com/world/china/chinas-internet-emergency-center-says-it-dealt-with-two-us-cyber-attacks-against-2024-12-18/

Taiwan Reports 2.4M Chinese Cyberattacks Daily: https://www.reuters.com/technology/cybersecurity/chinese-cyberattacks-taiwan-government-averaged-24-mln-day-2024-report-says-2025-01-06/

Christmas Day Chrome Extension Hacks: https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html https://adversarialgroup.slack.com/archives/C073BTZ6ZSR/p1735336226170729

U.S. Army Soldier Arrested for AT&T and Verizon Extortions: https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizon-extortions/

Geo-Data Privacy and App Hijacks: https://www.wired.com/story/gravy-location-data-app-leak-rtb/

Holiday DoS Vulnerabilities: https://security.paloaltonetworks.com/CVE-2024-3393 https://www.securityweek.com/exploit-code-published-for-potentially-dangerous-windows-ldap-vulnerability/

Passkeys: Are They Ready for Prime Time: https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/

Cryptowallet Scams and YouTube Comments: https://www.kaspersky.com/blog/cryptowallet-free-seed-phrase-scam/52810