Marc Rogers

Trump’s anti-DEI efforts damage national security, former officials say The rollback of diversity, equity and inclusion initiatives weakens intelligence operations, erodes workforce morale and limits the U.S. government’s ability to navigate global threats, former nationa...

NEW: The national security risks of Trump’s axing of DEI programs. The rollback is casting a wide net into the intel and DOD agencies. Fmr NatSec officials say it weakens operations, erodes morale and limits the U.S.’s ability to navigate global threats →
www.nextgov.com/cybersecurit...

Lawfare Daily: What Can Be Done to Improve Cloud Security with Maia Hamin, Trey Herr, and Marc Rogers Discussing cloud security

On today's Lawfare Daily, Stephanie Pell spoke to Maia Hamin, Trey Herr, and @cjunky.bsky.social about the Cyber Safety Review Board’s report on the 2023 Microsoft online intrusion, the lagging state of cloud security policy, and more.

Cloud Un-Cover: CSRB Tells It Like It Is But What Comes Next Is on Us Lagging policy upholds a status quo in which cloud vendor’s design decisions about how their systems work (and work together) are almost entirely opaque.

Maia Hamin, Trey Herr, and @cjunky.bsky.social discuss a CSRB report on the 2023 intrusion into Microsoft’s cloud infrastructure, and what it reveals about the current state of cloud security policy.

It is important that we talk about government boundaries and ensure our rights are protected. However must make sure this conversation is bi-partisan, balanced and constructive. We must also make sure we don’t tear down our national defenses in the process. 5/5

We have no “cyber 9-1-1” in this country. There is no one to call when you face a cybersecurity attack if you don’t have the money for private incident response. Volunteering to protect our fellow citizens is a national institution in this great country. 4/5

Skilled cybersecurity workers volunteering to support these institutions makes a huge difference even if some feel the work we do is already available elsewhere. The simple fact is many organizations sit below the cybersecurity poverty line and need support. 3/5

The CTI League did not engage in censorship, it focused on protecting the health sector. Despite testimony to congress that it’s ridiculous hospitals need help the hard truth is they do. At least one major hospital per week is hot by a ransomware incident. Incidents at hospitals cost lives. 2/5

Statement by Marc Rogers on the CTI League | CTI League Yesterday I provided testimony to Congress about the CTI League and addressed the allegations that it is somehow part of a government censorship apparatus. ...

I have released a statement about our work in the CTI League. Yesterday I provided this and additional material as testimony to congress. Today we have made our github public and opened up all our files.
cti-league.com/statement-by... Details are in this statement. 1/5

DEF CON. One week reminder to pack weather appropriate clothes.

Maximum advertising value for Diablo from dystopian atmosphere.

IMHO both are great experiences, but I much preferred the German one. Will have to do it again next year.

Yeah my experience is one every 2 weeks but ive seen super active people get more. One week I got 6. YMMV :)

All the lovely people who posted a photo of their copy of my book. I’m humbled. 🥰

Concealment tools at Deutschen Spionagemuseum

Random number generation the manual way. @ Deutschen Spionagemuseum

Crypto Devices at the Deutschen Spionagemuseum.

Last message from Lukas at the #offensivecon closing ceremony: Taking sides is hard but has to be done. We should all be mindful of how war affects our communities and have each others backs during these difficult times.

Some fabulous talks this year at #Offensivecon in Berlin. Parties have been like infosec reunions.

I wouldn’t know about most important but i’m definitely happy that significant issues like this, and others such as voting are getting attention at DEF CON. Its great to see the community given a chance to become part of the solution.

DEF CON to set thousands of hackers loose on LLMs Can't wait to see how these AI models hold up against a weekend of red-teaming by infosec's village people

The AI Village’s Redteam event at DEF CON is picking up more attention.

FACT SHEET: Biden-Harris Administration Announces New Actions to Promote Responsible AI Innovation that Protects Americans’ Rights and Safety | The White House Today, the Biden-Harris Administration is announcing new actions that will further promote responsible American innovation in artificial intelligence (AI) and protect people’s rights and safety. These steps build on the Administration’s strong record of leadership to ensure technology improves the lives of the American people, and break new ground in the federal government’s ongoing effort…

My trip to the White House this week involved a lot of discussion about this. Especially the DEFCON bit. I’m excited to see crowd sourcing of AI security. While there are clear challenges, openness is definitely the way. Its also a GREAT opportunity for policymakers to engage and learn.

Federation of content is hard. Im looking forward to seeing how it works here.I hope theres a way to allow niche safe spaces while lifting up voices you wouldn’t normally hear. Given that its not possible to federate everything, everywhere, all at once it doesn’t feel like just an algorithm problem

The parallels between Mastodon and Bluesky aren’t lost on me. I still maintain am account on Mastodon and enjoy engagement there. But it lacks the open discovery of new content from communities you don’t normally engage with that old twitter was great for. Its safer but undeniably more balkanised

Im both excited and nervous for this. Allowing communities to have their own federated spaces is a great concept. However we need to avoid balkanisation and the creation of toxic echo chambers.

The key to making the US cyber strategy work: boots on the ground Prioritizing work with academic institutions, localities and skilled volunteers is the best way of advancing America's cybersecurity needs.

I wrote an article with Sarah Powazek from Berkeley’s CLTC on how we need state and local resources to defend against cyberattacks. We have one of the most forward leaning National Cybersecurity Strategies, now we need to get boots on the ground to defend our schools, hospitals and businesses.

To summon @kimzetter.bsky.social I think have to whisper the names of specific threat actors in the right order.

Landed in San Jose CA.

Probably one of the best pieces of reporting on the Solarwinds supply-chain attack. Excellent piece by Kim Zetter.

Highly recommended reading.

New to Bluesky? Check this out.