CSOH

Next steps

Next steps were not generated due to insufficient transcript.

Security Engineer's Career Advancement and Networking Importance

Steven shared his upcoming transition into a senior security engineer role at a company of approximately 200 people, his first full-time cybersecurity role. He expressed the need for guidance and mentorship as he is the first security specialist at the company. The company is part of a larger parent company with a larger security team, and Steven is looking forward to learning from them. David mentioned his intention to post about the meeting on LinkedIn. The group, including Jay, David, Shawn, and Rasheed, discussed the importance of networking in their careers and the need for organizations to keep up with technological advancements to prevent incidents like the Capital One breach. Jay was scheduled to present on setting up Cloud Guard rails and centralized audit log collection. Shawn mentioned plans for future presentations and the importance of maintaining industry contacts.

SAP's Cloud Accounts and Transformation Policies

Jay discussed SAP's policies regarding cloud accounts, emphasizing the importance of implementing cloud trails and secure cloud transformation. He highlighted the establishment of a central group to manage all cloud accounts and billing, and noted the successful transformation of their cloud strategy, with 18,000 public cloud accounts across multiple platforms. Jay also touched on the transition from Evident I/O to Transmit Cloud and the acquisition of Evident, as well as the need for compliance tracking through CSPM. He mentioned the challenges faced due to the lack of support for Old GCP or Ali cloud, which led to a year of remediation efforts.

Cloud Journey Challenges and Progress

Jay discussed the challenges faced with Prisma, a company acquired in 2021, due to its size and the subsequent delays in onboarding and data retrieval. The team had to renegotiate the contract with Prisma due to the Covid-19 pandemic and even considered building their own Cloud Security Posture Management (CSPM) tool. A chance encounter with Orca led to potential collaboration. Jay, Shawn, and David discussed the progress and challenges of their cloud journey, including the establishment of a virtual role and the kick-off of next-gen cloud delivery in Q4 2020. They also noted the deployment of a Cnap, made possible by a corporate audit report highlighting vulnerabilities and asset management issues. The team discussed the scalability issues faced, the doubling of cloud resources from 2020 to 2021, and the organizational support provided by the audit report.

Cloud Security Challenges and Solutions

Jay and David discussed their experiences in managing data privacy and security in a cloud landscape. They talked about the implementation of control tower, malware scanning, and vulnerability management. They also emphasized the importance of enforcing account ownership to maintain discipline. They faced challenges due to the complexity of the environment, which resulted from various acquisitions. They also highlighted the need for cloud security skills and talent. The discussion also touched on the importance of the cloud control plane and the difficulties of its understanding.

Cloud Security Challenges and Successes

Jay discussed the challenges faced by the security organization in understanding and managing cloud-based systems. He highlighted the confusion and lack of understanding about the landscape from the rest of the organization. He also shared the difficulties they encountered, such as security incidents, scalability issues, and the inability to onboard more than 750 accounts at a time. Despite these challenges, Jay mentioned the success they had in reducing vulnerabilities and improving visibility. Shawn emphasized that these skills are relevant to cloud security officers and that the journey in the cloud involves explaining and adapting to the unknown.

Cloud Security Preventive Controls Prioritized

Jay emphasized the importance of preventive controls in enhancing cloud security, highlighting the risk of initial compromises through weak or non-existent passwords. He pointed to the effectiveness of controls such as prohibiting certain IP addresses and implementing encryption measures, attributing their high CSPM compliance rate to these measures. Jay, Shawn, and Nuri agreed on the importance of cloud security and discussed the need for default settings that prioritize security over ease of onboarding. Neil shared a recent security incident, underscoring the need for better communication and tool installation. Jay concluded by noting the challenges of balancing centralized control with team autonomy in their large security and compliance organizations.

Capital One Incident's Impact on SAP's Agenda

Jay recounted an incident where a person from Capital One, who had recently joined SAP, was upset after hearing others discuss the Capital One incident. Jay explained that the incident had a different meaning for them, serving as a reference point to emphasize the importance of their work. He also shared that the incident helped garner the attention of executives and support from key stakeholders, allowing them to push their agenda despite opposition from other parts of the organization. Shawn confirmed the unusual situation, noting that it resulted in a significant section of the organization feeling pressured.

Cybersecurity Guest and Office Hours Update

Shawn announced that Lee Caswell, an SVP from New Tanics, would be a guest next week, noting potential interest due to recent events involving VMware and Broadcom. Shawn also shared that their Cloud Security Office Hours had 922 registered attendees with a goal to reach 1,000. christabel shared her experiences with cybersecurity breaches, emphasizing the need for a mindset shift in smaller businesses to underestimate the risk of cyber attacks. Michael shared a documentary about Kevin Mitnick that he believed the team would find interesting. No further discussion or action items were identified.

Next steps

- Shawn will send out a mapping of the hours to the calendar to help with scheduling. - Neil will reach out to maintainers at Red Hat to push them to accept the upstream version of XZ. - Shawn will share the presentation deck with the team after the meeting. - Chris will follow up with the five winners of the book giveaway.

Heavy Rainfall and Cloud Security News

Shawn initiated a discussion about the ongoing issues with heavy rainfall in his area, and moved on to welcome new participants, particularly Troy from Iowa. The group then delved into the week's cloud security news, discussing various topics of interest. Despite minor technical difficulties with the recording, the team managed to start the session on time and maintain a productive discussion throughout.

XZ Backdoor, Supply Chain, and Microsoft SSH

Shawn and Neil discussed the XZ backdoor and its potential consequences if not detected. Neil provided an analysis, indicating that most alerts were on container images and emphasized the need for systematic handling of supply chain issues in open-source. They also discussed the recent Microsoft SSH login issue, viewing it as a strength of the open-source community due to the quick identification and resolution. Furthermore, they deliberated on an operation involving outreach to maintainers at Red Hat and the addition of a Psy Ops portion. Lastly, Neil touched upon a CISA report, although the report's specific details were not disclosed.

Microsoft Security Incident and Transparency

Neil discussed the major security incident involving Microsoft from last year, where an Chinese actor gained access to Microsoft's signing key for authentication. He highlighted that the initial explanation from Microsoft about the origin of the signing key was untrue, and the exact method of compromise remains unknown. Neil also noted that this incident marked a decline in Microsoft's security since its peak in 2014, attributing this to a lack of transparency and accountability in the company's handling of the incident. He pointed out Microsoft's strength in software engineering, but identified the need for improvement in operational security and engineering.

Azure Subscriptions, Vulnerabilities, and Security

Jay expressed his frustration and disbelief over Microsoft's handling of the Azure subscriptions, citing an instance where a blog post seemed to suggest an uncontrolled race condition was possible. Neil also shared his personal feelings about the situation, and both highlighted the importance of protecting customers during the transition to cloud services. Shawn discussed a vulnerability discovered in Hugging Face, and Josef was about to present on the interview process for security engineers.

Sales Campaign Process and Job Interviews

Josef drew parallels between the sales campaign process and the job interview process, suggesting that the sales-qualifying steps could be applied to job interviews. He underscored the importance of targeting high-potential opportunities and leveraging AI tools to streamline the process, with a focus on the discovery and pitching stages. Josef also shared insights on job searching strategies, advising to delve deeper than others by examining customer feedback on the company's product and analyzing customer requests. The team also discussed the importance of understanding a company's unique aspects and pain points, the risks of sharing confidential information, and the value of having relevant work experience or demonstrating initiative.

Maximizing Interview Success With Sales Pipeline

Josef emphasized the importance of understanding and treating the interview process as a sales pipeline, highlighting the need to differentiate oneself and showcase unique qualities. The team discussed strategies for standing out in a competitive job interview process, including seeking a sponsor or mentor, demonstrating curiosity and a desire to learn, and understanding the interviewer's perspective. Don stressed the importance of being prepared, continuously honing skills and knowledge, and being memorable during interviews or networking. The team also shared their personal experiences and offered feedback and advice to each other.

Job Interview Experiences and Preparation

Jeff, Chris, Neil, and Don discussed their experiences with job interviews, emphasizing the importance of feedback, preparation, and cultural fit. They highlighted the subjective nature of the interview process and shared insights on how to stand out in professional settings. Shawn had to leave the meeting early, but Chris agreed to stay on the call for an additional 5 minutes, and Shawn encouraged the team to continue the discussion. Chris confirmed that this was the last call.

Sales Process, Lead Generation, and Feedback

Jeff, Chris, and Ken discussed the complexities and subjectivity of the sales process and lead generation. Chris emphasized the importance of understanding the process, comparing it to learning pickup arts in dating. He further stressed the need for self-reflection, humility, and the utilization of feedback for improvement. Ken shared his successful job search strategy, which included personal conversations, demonstrating knowledge of the company, and maintaining relationships. The group also discussed the significance of non-verbal communication in professional interactions.

Next steps

- Shawn will send out another Kevin Mitnick business card to those who did not receive it in the mail.

Managing Secrets and Preventing Unauthorized Access

Jay Flora and other members of the group introduced themselves and their areas of expertise, with a focus on technical marketing, security, and compliance. The discussion centered around the importance of managing and safeguarding secrets, with a particular emphasis on the potential risks of malicious insiders and the misuse of tools like AWS and Google CLI. The team also discussed strategies to prevent unauthorized access, including the use of canary tokens, monitoring S3 bucket names, and the proactive auditing of environment variables and secrets. The group also explored the potential utility of using GitHub's public repositories as a resource, while acknowledging the risks associated with storing secrets in the code.

Canary Tokens, Strong Passwords, and Security

Matt Currie emphasized the importance of using canary tokens for detecting unauthorized access, and Neil highlighted the significance of strong passwords through an incident involving a deputy CISO. The conversation also touched on the potential consequences of a security breach and the need for prompt action to secure and clean up any compromised data. The team then transitioned into discussing a new topic, with Don being invited to lead the discussion.

HashiCorp Acquisition by IBM Discussion

The team discussed the acquisition of HashiCorp by IBM, with Neil expressing his hope for HashiCorp's independence but predicting a negative impact on its direction if it joined IBM. Neil also suggested the potential benefits of reunifying Terraform and HashiCorp under a single platform, while Shawn shared his negative experiences with IBM's internal culture. The team also discussed the implications of the acquisition for Ansible, with Neil expressing concerns about the potential negative impact on product quality if the engineering and product teams were merged. Jay suggested that IBM's interest in HashiCorp might be motivated by financial considerations, and Mischa indicated that some platforms like Terraform and Vault are unlikely to change significantly in the short term.

Open Source, Cyber Security, and Start-Ups

The team discussed potential challenges and opportunities in relation to Open Tofu, Terraform, and other open source and proprietary software products. They also explored rumors surrounding Wiz's plans to acquire Lace Work and the recent trend in cyber security start-up valuations. Personal startup journeys were shared, with Jay Jay Flora reflecting on his experience from technical marketing at Facebook to his current position at Laceward. The team agreed to continue discussions on these topics in a follow-up meeting the following week.

Next steps

- Neil will explore the idea of hosting a conference for engineers and tech people, focusing on information sharing and product discussions. - Steve Castano will connect with the team to discuss the formation of a trade association for engineers and tech people.

Jay's Critique of Trade Show Strategies

Jay voiced his dissatisfaction with the lack of originality and innovation at a recent trade show, criticizing companies for relying on gimmicks and flashy displays instead of showcasing their products and services. Shawn and Kyle acknowledged Jay's views, but no specific action items were identified. Kyle explained that the similar strategies observed among security companies stemmed from their pursuit of venture capital. Don proposed the possibility of a quick sale to a potential buyer like Chris Richardson who might appreciate their business model without seeking venture capital.

Neil's Start-Up Event Observations

Neil shared his observations from a recent start-up event, noting that only a small number of start-ups were doing interesting or innovative work. He emphasized the importance of using trade shows to showcase products, distribute branded merchandise, and engage in conversations with potential customers and partners. Neil also differentiated between start-ups building complete products and those focusing on selling an interesting feature, expressing concern about the lack of uniqueness among various Xdr startup packages. No clear next steps or action items were defined in response to these observations.

Vendor Strategies and GCP Incident

The team discussed the strategies of vendors in attracting potential customers. Neil suggested that price is a key factor, while Shawn pointed out the importance of providing useful information quickly. Adam questioned the effectiveness of marketing strategies, focusing on the usefulness of swag. Jay suggested that vendors should aim to engage customers in conversations about their problems, rather than just selling products. Kurt shared a humorous anecdote about stress balls from a previous event. The conversation then shifted to a recent incident involving GCP and Unis, where a finance company experienced an outage due to a problem with GCP's backend.

Discussing Trade Shows and Conferences

David shared his preference for seeking senior engineers at conferences for product-related issues. Shawn, Jay, Neil, Jeff, and Kyle discussed their frustrations with booths that rely on gimmicks instead of substance, emphasizing the need for vendors to quickly convey their offerings. The team debated the effectiveness of trade shows in generating meaningful leads and sales opportunities, with Jeff expressing skepticism and Jay suggesting a more standardized booth format. Matt pointed out the differences between sales and engineering approaches at trade shows. Steve shared his positive experience from a recent conference, highlighting its value for new attendees, and Neil hinted at discussing the vendor aspect in more detail.

Tech Conferences, Trade Association, and Sales

Neil shared his experience with the challenges of communicating technical information at conferences and proposed a separate conference for tech people. Matt agreed and planned to discuss this idea with his marketing leadership. Steve revealed his company's intention to establish a trade association for engineers by 2025. Neil, Shawn, and Jay also discussed the issue of unauthorized sales attempts at their booths, which they agreed was a recurring problem. Lastly, they discussed their experiences with LinkedIn, emphasizing the importance of authenticity and selective content sharing.

Next steps

- Shawn to create an online or Udemy course on RFID basics. - Valerie to consider developing a comprehensive "RFID 101" resource for beginners. - Shawn to send Valerie a Cloud Security Office Hours lapel pin. - Shawn to wear a Mr. Rogers-style cardigan for next week's session. - Attendees to provide feedback and suggestions for future sessions using the link shared in the chat. - Shawn to plan next week's open session and consider any speaker or topic suggestions received.

Team Introduction and Campus Group Discussion

Shawn shared his plans to edit and distribute the meeting's transcript, while Valerie discussed her new cat's behavior. The team also introduced themselves, with newcomer Enock sharing his role in the Campus Group. Shawn welcomed everyone to the group, emphasizing its openness to any questions. The team also discussed the possibility of an Easter egg contest at Black Hat.

Cloud Security Expert Networking

Shawn introduced the participants of the meeting, including Ravi, a cloud security expert from North Carolina; Mrinal, a cybersecurity professional from Boston; Bartek, a salesperson from Frankfurt with a passion for security; and romuald, a service desk worker from Asia. Shawn also welcomed Valerie, a pen tester with extensive experience in cloud security. The group discussed their backgrounds and interests, with a common goal of staying updated in the field of cloud security. Shawn emphasized the value of networking and encouraged participants to connect on LinkedIn.

Physical Security Assessments and Social Engineering Tactics

Valerie, a cloud security consultant, shared her team's experiences in conducting physical security assessments using social engineering tactics. She detailed their recent assessment of two branches of a company, where they posed as potential renters to gain access to the buildings. Valerie also discussed the challenges they faced while using long-range RFID tools, such as the Prox Mark 3, and how they successfully cloned a card using Kevin's method. She contrasted these early methods with the current, more streamlined options available. Valerie also mentioned their strategy to gain access to a secure building using RFID cards and a PIN, and how they left a warning message for the building's security team.

Valerie and Shawn's Secret Book Incident

Valerie and Shawn discussed a past incident where they both got into trouble due to a shared secret involving a book gifted by Kevin to the team, which contained their actual passwords. Valerie shared her background in legal criminalism, revealing that she swindled her first book, "The Order Deception," before realizing its potential as a tool for social engineering. She also shared her experiences with hardware hacking and her favorite sites, including a converted AT&T Longline site from the Cold War. Valerie also agreed to help Brandon with several questions he had.

Tax Surface Monitoring and Security Challenges

Brandon initiated a discussion about common errors in tax surface monitoring, with Valerie providing insights on the challenges and misunderstandings between physical security and IT security. Valerie highlighted the potential for ransomware situations and the need for better understanding and communication between these two areas. The team also discussed the issue of naming conventions in DNS, with Valerie suggesting that this could be a potential entry point for attackers. Mischa questioned the frequency of environments that were secure enough to prevent unauthorized access, to which Valerie responded that such environments often had strict limitations and testing procedures in place.

Effective Communication and Collaboration in Challenges

She discussed the challenges she faced, particularly the need to communicate effectively with both security and development teams to ensure the issues were addressed without causing defensiveness or emotional hijacking. Michael emphasized the importance of emotional intelligence and communication in these situations. Valerie agreed, highlighting that creating a collaborative environment was crucial for success. The conversation then shifted to Mischa, who had a question for Valerie.

Responsible Use of Hardware Exploits Discussion

Mischa, Valerie, and Shawn discussed the responsible use of hardware exploits, with a focus on the flipper and RFID technologies. Valerie shared her experience and emphasized the importance of understanding the underlying technology and potential risks. The group also discussed the value of learning through practical experimentation and the availability of further classes from Red Team Alliance. Future sessions were planned, with Shawn encouraging participants to suggest speakers or topics. Valerie agreed to attend the next session to see if Shawn had acquired a "Mr. Rogers Cardigan" as suggested.

Next steps

- Crowdstrike to publish root cause analysis of the outage within 3-6 weeks. - Crowdstrike to review and improve their quality assurance and deployment processes. - Healthcare organizations to review and update their contingency plans for IT outages. - IT teams to reassess the risks of auto-updates on mission-critical systems. - Cyber insurance companies to evaluate potential claims related to the Crowdstrike outage. - Cloud security professionals to monitor potential impacts of Google's proposed acquisition on industry partnerships. - Meeting organizers to consider a future discussion on the concept of "coopetition" in the tech industry.

Equinix Team Addresses Infrastructure Outage

Shawn, Matt Alvarez, and Cooper from Equinix discussed the recent infrastructure outage caused by an automatic software update. They discussed the difficulties in fixing the issue, including the need to boot into safe mode and the potential lack of access to the necessary 48-bit locker key. The conversation also touched on the negative impact on the company's reputation. Shawn shared his experience in the data center industry, revealing that he was part of the team that created the Colo business at Exodus Communications, which grew to a valuation of $28 billion. The team also discussed the trend of customers preferring to rent server space rather than manage their own infrastructure.

Team Updates and New Members Discussed

The team discussed recent events including a Reddit outage and issues with CrowdStrike. Shawn introduced new members, Thomas and Cooper, who are looking to expand their knowledge and network. Shawn also encouraged the group to take advantage of the forum for networking and learning. Jay shared that he had released a blog and was open to discussions about it.

AI, Container Configuration, and CrowdStrike

Jay, Shawn, Jim, and Galan discussed the potential of AI and its impact on container configuration. Shawn praised the research team's work, while Jay admired a particular solution's elegance. The team also shared their experiences during the recent CrowdStrike incident, with Galan sharing his personal impact due to issues with hotel key cards. The group agreed to stay updated on future developments in the field. The team also discussed the global impact of a recent update to the CrowdStrike software, which caused many systems to crash and display a blue screen of death, akin to the disruption caused by the '90s worms, Sobig and Slammer.

Microsoft Azure Mitigation Concerns and Solutions

Neil expressed concerns about Microsoft Azure's guidance for mitigation, noting that some customers had to reboot their machines multiple times. Adam St., Shawn, and Galan discussed the effectiveness of suggested solutions and the challenges of repairing Azure-based machines. The team also considered the potential of buying Crowdstrike stock due to issues with Azure and discussed its extensive integration with tech companies and the US government. The conversation concluded with Neil and Jay speculating on the breadth of Microsoft's Defender tool and the significant number of companies affected by recent events.

Global Outage Implications and Backup Solutions

The team engaged in a discussion about the potential implications of a global outage, drawing from their experiences at Crowdstrike and in the medical sector. Shawn highlighted the financial and liability concerns, while Samantha explained that her hospital has backup systems in place to ensure continuity of care during network downtime. The team also discussed the potential change in the company's operating procedure to a multi-cloud system for backup purposes, prompted by the risk of data loss. Concerns were raised about the lack of a backup system for Windows-based medical devices, and the team acknowledged the current efforts to address this issue.

System Outage Consequences and Solutions

The team discussed the potential consequences of a system outage, focusing on its impact on the health industry and the stock market. Don raised concerns about the inability to access medical records in emergencies, while Alhaji highlighted the potential loss of life and the drop in share prices for companies like Crowdstrike. The team also explored the potential for customers to seek alternatives and the risk of lawsuits following an outage. Lastly, they discussed the potential reevaluation of technology, particularly the use of eBPF over kernel-level solutions, and the challenges of regular updates for mission-critical systems.

Crowdstrike Senate Hearing and Share Price Impact

Matt Alvarez opened a discussion about setting a date for the Crowdstrike Senate hearing. The conversation then shifted to the recent security issue that led to a significant drop in share prices. Kurt expressed curiosity about how long it would take for Crowdstrike to publish the root cause of the issue, with Jay suggesting it could take 3 to 6 weeks. Neil shared a past experience from Microsoft about a similar issue, emphasizing the importance of thorough testing before rolling out new software. Brandon then discussed the impact of the incident on cyber insurance claims, highlighting that it was a significant uptick. The conversation concluded with SLuengo@BankUnited.com acknowledging that such incidents could happen to any company.

Crowdstrike Challenges and Google Acquisition

The team discussed the recent challenges faced by Crowdstrike and possible solutions, with a focus on the importance of a deployment strategy. They also explored the potential implications of Google's proposed acquisition of Palo Alto, with Shawn, Neil, Jay, and Kurt expressing their views. The team agreed that such acquisitions are common in the tech industry and should not significantly alter their relationships, though Palo Alto might emphasize its independence more. Kurt added that any initial disruptions would likely be settled quickly as all parties aim to remain profitable.

Co-Opetition Discussion and Feedback

Shawn led a discussion about co-opetition, referencing Ray's competitive strategy towards Microsoft. Dane shared his perspective as an Orca and Google customer, expressing his appreciation for Google's recent efforts. Shawn then invited feedback and suggestions for future topics, mentioning that all members would receive a lapel pin. The conversation ended with Shawn sharing an example of co-opetition from his own experience and announcing the next meeting.

Next steps

- Shawn will send Neil the link to the Wikipedia article on IPv6. - Steve will look into famous audit failures for the next meeting.

YouTube Growth, Crowdstrike Incident, and ATMs

Chris commended Steve's growth on YouTube and urged everyone to subscribe to his channel. The team reported that their group had reached 1,660 members and discussed the ongoing issues with the Crowdstrike incident, with 3% of machines still down. Estimates for the cost of the incident ranged from a billion to several billions, with Neil expressing doubts about the accuracy of these figures. The team also discussed the impact of outdated systems and software on the performance of ATMs, with Kurt sharing his personal experience of using an ATM affected by Crowdstrike. Neil and Steven explained that many older systems are based on Windows and are vulnerable to crashes, and Josef raised a question about Microsoft's plans to change this model.

Dealing With Nation State Actors' Malware

Kyle and Neil discussed the challenges and potential solutions for dealing with nation state actors' malware. Neil explained that while these actors are persistent, they often use off-the-shelf malware and introduced the concept of Ebpf, a Linux facility for observability in the kernel. He also highlighted the risks and considerations associated with vendor-distributed signatures and the impact on systems. The ongoing debate between Linux and Windows, and the complications surrounding the use of CrowdStrike were also addressed. Neil predicted that companies would continue to use Falcon due to its lower risk, but also anticipated discussions and decisions about the appropriate level of agent stability for new or changing situations.

New Boot Key and Operating System Comparisons

David Gargan proposed the creation of a new boot key and the option to enter within safe mode after inputting the BitLocker key. He suggested this could improve the rollout of operating systems and mitigate vulnerabilities. Neil and Matt discussed the differences in stability and capability between Windows and Mac operating systems, with Neil arguing that Mac's smaller installed footprint and less advanced malware techniques made it less susceptible to attacks. They also discussed the increasing use of Mac devices in the workplace and the potential for more attacks targeting them. Jay and Zak highlighted the difficulty of administering Windows devices in an enterprise setting compared to Macs.

Discussing Security, Deployment, and IPV6 Trends

The team discussed the security challenges and deployment issues of devices running on Windows and Linux. Matt suggested secure coding practices could mitigate risks, while Neil pointed out that while Linux holds a significant percentage of interesting infrastructure, it's not as attractive a target for advanced malware as Windows. Shawn shared that Microsoft Windows remains the most widely used operating system. The team also discussed recurring trends in the technology industry, with a focus on the development and challenges of IPV6. Steven shared his positive experiences using IPV6, highlighting its benefits in bypassing NAT issues and improving connection speeds.

No Before Security Incident and Prevention Strategies

The team discussed a security incident at No Before involving a new employee who installed malware, despite passing background checks. Matt referenced a podcast about infiltration attempts in the industry. The team explored ways to strengthen vetting processes to prevent such incidents. Steve agreed to research infamous audit failures for a future discussion.

Next steps

- Neil to share more details about the 20% of AI security threats that aren't related to traditional vulnerabilities and sensitive data. - Steve to explore further with Neil about the 20% of AI security threats that aren't vulnerability-intensive data. - Mario to create a rough outline for a future presentation on AI security and anonymization techniques. - Mario to send his LinkedIn and email to the group for follow-up on AI security topics. - Shawn to coordinate with Mario for a future presentation on AI security and anonymization. - Matt to share more details about his company's AI Slack bot implementation with the group.

Recent Activities and New Members Discussed

Chris, Shawn, Neil, David, and others gathered, discussing their recent activities and introducing new members. Shawn asked if anyone attended Black Hat, and Neil mentioned Patrick Maddox and Carley's attendance. Chris brought up a LinkedIn profile thread about critical AWS vulnerabilities, which Neil admitted he hadn't seen yet. New members Brian, Walid, and Stacy introduced themselves, sharing their backgrounds and interests in the group. Lastly, Chris mentioned his upcoming trip to Singapore.

AWS Vulnerabilities and Bucket Security

Chris, Neil, Ross, and Shawn discussed the recent vulnerabilities found in AWS. Neil explained that the vulnerabilities, discovered by Aqua, could make it easier for attackers to access S3 buckets, which could lead to sensitive data being exposed. The team agreed that bucket names should be unique and not easily discoverable to prevent unauthorized access. They also discussed the need for a policy to ensure developers write their code correctly and the potential benefits of making bucket names a variable.

AWS S3 Bucket Naming and Repository Branches

Jay, Neil, Chris, and Justin discussed the issue of unique names causing unintended charges on AWS S3 buckets, referencing a previous incident where a naming conflict resulted in a $1,300 charge. The group also debated the necessity and management of branches within a repository, with Neil emphasizing the potential for human error and the need for automation and security policy enforcement. The team agreed on the importance of preventing developer errors and the need for an improvement process before any changes are implemented.

Advanced Malware, Attackers, and Cybersecurity Approaches

Neil disagreed with Kyle's concerns about the prevalence of advanced malware, stating it is rare and fragile. Jay discussed attackers targeting weaknesses. Josef shared an anecdote contrasting theoretical and practical cybersecurity approaches. The discussion also touched on malware detection techniques and the open nature of their conversations.

Addressing Cloud Storage Sprawl and Security

Carley initiated a discussion about strategies to limit Cloud storage sprawl in their organization. The team shared their experiences and concerns, with David suggesting that enterprise architecture forums could help control unauthorized applications. Carley highlighted the issue of third-party collaboration tools, like Box.com, leading to unmanaged storage and potential vulnerabilities. In response, Ross proposed considering data classifications to prevent unauthorized sharing, which Carley agreed was a step towards better oversight.

Cloud Detection and Response Strategies

frederick, a cloud detection engineer, discussed the challenges and evolving strategies in cloud detection and response. He highlighted the shift in focus from traditional prevention methods to detecting and responding to incidents in modern, cloud-native environments. Shawn and Neil further emphasized the complexity of cloud environments and the need for proactive planning and understanding of available logging and telemetry. They stressed the importance of being prepared for incidents before they occur, as responding after the fact can lead to a lack of useful data.

Automated Forensics and Extreme Security

Kyle proposed the use of automated forensics, specifically Crowdstrike, to help solve security problems. Neil responded that while such tools could be useful, they would not solve the problem entirely and would require significant resources. He mentioned a startup launched by Neil's former CEO that uses AI to correlate data and identify incidents. frederick suggested focusing on extreme security observability and forensics through logs, considering the shift towards cloud-native tooling. Neil emphasized the importance of building detection and response capabilities, as vulnerabilities will always exist.

AI Speaker Slots and Security Concerns

Shawn invited anyone interested in speaking to come forward and offer a slot for the upcoming weeks. Neil then shared about the Orca's research team's new AI tool for training and research purposes, which he offered to arrange for Shear and Ophir to speak about in the future. Matt discussed the potential security risks of integrating AI into infrastructure, highlighting the need for careful data management. The team also engaged in a discussion about the potential misuse of AI for resume evaluation.

Boeing Issues, Space Exploration, and Job Openings

The team discussed the recent issues with Boeing, particularly their failed attempt to join the space race with Spacex and Blue Origin. They also delved into the challenges and advantages of private versus government-funded space exploration, referencing books like "How to Astronaut" and "The Cognitive Style of PowerPoint." Additionally, Neil announced a new job opening, while Chris speculated about his own qualifications. The team also shared their personal plans and discussed the weather and a potential weekend Ducati outing.

Weather Experiences and Tradeout I/O

The team discussed weather conditions in their respective locations and shared personal experiences. The conversation then shifted to work-related matters, with Matt introducing a low code/no code automation platform called Tradeout I/O, which anonymizes data before passing it to other models. Mario expressed interest in discussing his work and suggested creating a rough agenda for a future meeting. Matt emphasized the importance of data security and the need for accountability when using such platforms.

Next steps

- Shawn Nunley to consider having Kimberly (Kevin Mitnick's wife) join a future call to discuss the Kevin Mitnick story. - Chris to follow up with Friday for a one-on-one conversation about specific career goals and timeline for transitioning into a Sales Engineer role. - Alex Cohen to prioritize finding what's next in his career and consider dedicating more time to job searching. - Crystal to focus on networking and finding internal sponsors for job opportunities rather than relying solely on cold applications. - Kyle to explore learning R programming language for potential career paths in data science and machine learning. - Neil to continue being a sponsor and advocate for people seeking job opportunities within his network. - Matt to continue offering resume review and job search assistance to those in need within the group. - All participants to consider offering their time and expertise to help others in the group with job searches and career transitions.

Schooling Dilemma and Sales Kickoff Events

Chris and Shawn discussed the dilemma of their children's schooling in Singapore, debating whether to live close to the school or in a more central location. They also reminisced about their sales kickoff events, with Shawn mentioning that theirs are held mid-year, and Chris expressing his preference for end-of-year kickoffs. Chris also mentioned that he missed the fanfare and production of these events.

Dumpster Etiquette and Cloud Security

Chris and Shawn Nunley shared their frustrations about neighbors using their private dumpsters without permission. The group also discussed the weight limit of dumpsters and the etiquette around using someone else's. Chris announced that the meeting format would be an open forum, encouraging attendees to share their thoughts and experiences. The Cloud Security Office hours were initiated, with new members introducing themselves. No specific topics were raised for discussion in the meeting.

CrowdStrike Outage and Windows Development

Neil discussed the recent CrowdStrike outage and its aftermath, highlighting the risks and challenges associated with security products. He emphasized the need to balance the ability to block and contain threats with stability and availability. Neil also touched on the history of Windows development, specifically the efforts to prevent blue screens and the role of video drivers and anti-malware companies in this. He mentioned that Edrxdr vendors are pushing the limits by operating in the kernel for enhanced monitoring. Neil discussed the findings from Crowdstrike regarding a series of attacks using named pipes and invited Kyle to contribute his thoughts.

Neil's Transition and Work-Life Balance

Kyle initiated a discussion about Neil's transition from Microsoft to Orca, which Neil explained was prompted by burnout, marital issues, and dissatisfaction with management. Neil shared his journey, including his subsequent role at Twistlock. Alex and Chris shared their own experiences of extensive work-related travel and its impact on their personal lives, highlighting the importance of work-life balance. Chris's wife's previous communication about the need to slow down and enjoy the present was also mentioned.

Humorous Moments and Team Bonding

Alex Silva initiated a discussion about humorous past incidents involving Sean and Kevin, with Chris emphasizing the importance of preserving such moments. Shawn agreed to share more such stories and even considered having his wife, Kimberly, join for a future discussion. Matt also shared a similar experience, highlighting Kevin's ability to overcome challenges, but it was noted that Kevin did have some detractors.

Careers With Extensive Travel Discussion

Neil led a discussion about the pros and cons of careers that involve extensive travel, sharing his personal experiences and those of his colleagues. He emphasized the importance of considering one's personal life and preferences when choosing such a career. The team also discussed the benefits and challenges of travel in their careers, with Shawn sharing his experience in programming and networking, Chris highlighting the opportunities in sales and pre-sales roles, and Neil mentioning Microsoft's field engineering role. The impact of travel on personal relationships and the need for a passport for international travel were also discussed.

Addressing Burnout and Strategic Career Growth

Chris addressed Alex's feelings of burnout and suggested that he prioritize his own well-being and career development. Alex shared his frustrations with his current role as a cloud security engineer at an MSSP, and the group discussed the challenges of launching a new EU-based service without proper testing. Don highlighted the importance of perspective and the fact that difficult situations can be opportunities for growth. Alex confirmed he was currently interviewing for a new role, which Don advised should be approached strategically to prioritize mental health. Matt shared his negative experiences with the current job market and the pressure to provide free labor during interviews. Chris agreed with Matt's points and added his own strategy of scheduling time for self-education and holding oneself accountable to prevent analysis paralysis and ensure progress. Crystal also found the advice helpful and was encouraged to focus on finding an internal sponsor to secure an interview.

Tech Industry Transition and Networking Strategies

Jay discussed the scale of the tech industry and the ongoing transition of Cisco from a network company to a cybersecurity company. Neil emphasized the importance of being a sponsor and using connections to help others, while Matt shared his journey of transitioning into the tech industry and advised the team to actively seek referrals and to provide detailed justifications when referring candidates. Kurt highlighted the increased competition in the job market due to the rise of remote and hybrid work, noting that candidates now compete on a global scale. The discussion centered around the importance of networking and having advocates within target companies.

Career Advice and Exploring AI

Matt shared his experience of helping someone improve their job prospects and feel better about themselves. Kyle then asked for advice on how to find a career that would utilize his strengths in math and programming. Jay suggested Kyle learn R, an open-source programming language used in data science, which would allow him to clean and analyze data effectively. The team also discussed the potential of AI and machine learning, with Kyle expressing interest in these fields but concerns about the hype surrounding them.

Sales Engineer Role and Career Development

Friday, a newcomer with a sales background and a keen interest in the enterprise architect role, joined the call to learn more about the sales engineer role and how to land it. Chris, a former sales engineer himself, shared his insights on the broad scope of the role, its benefits, and the barriers to entry. He also offered to have a one-off session with Friday to discuss his specific goals and timeline. The team also shared their experiences and connections in the field, with a view to supporting Friday's career development.

Next steps

- Brandon to research and consider pursuing professional services opportunities, particularly in SIM or EDR-oriented roles. - Kyle to further investigate the CyberCorps Scholarship for Service program for potential use in pursuing a master's degree in cybersecurity. - Brian to explore alternative authentication methods for AWS access, considering the issues encountered with passkeys in Firefox. - All attendees to fill out the suggestion form for future topics and speakers. - Rick to prepare a short introduction of himself and his background for the next meeting. - All attendees to review the Telegram chat for discussions on CrowdStrike and related topics between meetings. - Shawn to send out a reminder email the night before the next meeting to ensure all participants are notified.

Managing Multi-Factor Authentication and SIM Cards

Shawn invited suggestions for future topics and speakers, while Brian shared his issues with 2-factor authentication on AWS using Firefox. The group discussed the challenges of managing Multi-Factor Authentication (MFA) for shared accounts, particularly in small to medium-sized businesses, and agreed on the need for a robust approach, with suggestions including the use of FIDO keys for each user with shared access. Lastly, the management and protection of SIM cards for telecoms were discussed, with Brian suggesting a strategy of splitting tasks into three parts for root accounts, and questions were raised about its applicability to medium to large organizations.

Docker Key Cloak Instance and Scholarships

Brandon proposed setting up a key cloak instance on Docker, while Shawn discussed the use of physical safes for key security. Neil suggested using Red Hat's examples for an easier setup. Kyle brought up the topic of a cybercorp scholarship for service, which he was considering for his future master's degree. The group discussed the potential benefits and challenges of pursuing a master's degree, with advice from Afrida to consider working on the side to cover costs. Kurt shared a solution for the root password issue for their AWS roles, which could be a potential career path for Kyle. David reported issues with Microsoft's latest updates breaking Watchcard Auth.

Evolving Roles in Application Security

The discussion focused on the evolving roles and responsibilities in application and infrastructure security. SLuengo@BankUnited.com shared their experience in transitioning from a development to a security-focused role, highlighting the increasing overlap between the two. Shawn agreed, noting the historical silos between cloud, security, and development teams have started to break down, leading to a more integrated approach. David, a devops engineer, emphasized the importance of breaking down silos in enterprise architecture and the role of a release manager in ensuring the secure and efficient release of code. The conversation also touched on the need for early governance, the integration of security and infrastructure considerations into the development process, and the goal of getting everyone to use the source control repository and terraform to prevent unauthorized access and ensure secure development.

Building Strong Relationships With Customers

Marc, Robbie, Shawn, Neil, and Kurt discussed the importance of building strong relationships with customers in an enterprise environment. They emphasized the need for active listening, understanding customer problems, and consistent communication. Neil shared his sales philosophy, stressing the importance of guiding clients to the right solutions and aligning personal values with company policies. The group also discussed the challenges of handling situations where personal and company values conflict, with Neil advising individuals to seek support from colleagues and mentors when needed.

Integrating Security Tools and Aligning Incentives

The team discussed integrating security tools into products for addressing vulnerabilities. Carley emphasized the need for clear vendor documentation. Connor stressed working with customers' existing tech stacks. They agreed on a tailored approach to product security and vendor engagement. Neil highlighted aligning sales incentives with customer needs. Frederick discussed the shift towards using code for product security detection and deployment in his company. Chris emphasized the significance of fair compensation in driving behavior.

Professional Services Discussion

Brandon initiated a discussion about professional services, with team members sharing their experiences and insights. Chris emphasized the importance of understanding client needs, communicating the value of professional services, and building trust with clients. Don highlighted the challenges of implementing new systems, setting right expectations, and avoiding being blamed for issues. Shawn and Connor stressed the importance of subject matter expertise and upskilling. Kurt, who founded and ran a pro services company, advised the team to reflect on whether their services add value to the customer before proceeding with a proposal. The team agreed that professional services, when approached with the right mindset, can be a valuable part of the business.

Emphasizing Honesty in Sales and Services

Chris and Kurt emphasized the importance of honesty and authenticity in professional services and sales, sharing their experiences of how being transparent led to successful resolutions. They also discussed the value of internal honesty and admitting when a situation isn't a good fit. Rick, who missed the previous week's meeting, was introduced to the group and shared his extensive experience in the IT world. The group welcomed Rick and appreciated his practical experience, agreeing to meet again the following week for further discussions.

Next steps

- Ed to continue improving the Discord server structure and onboarding flow for new members. - Crystal to seek a volunteer to run the Phase 2 project management, as Hugo is no longer available. - Neil to share links and resources about SSVC (Stakeholder-Specific Vulnerability Categorization) for the group to learn more about this vulnerability management approach. - Shawn to consider discontinuing the Mastodon instance due to low activity and notify users to find alternative instances.

AI, Job Replacement, and Office Hours Discussion

Alex discussed the potential of AI to enhance work capabilities, but also warned about the risk of AI replacing certain jobs. Shawn and Neil shared their views on AI, with Shawn expressing optimism and Neil expressing concern about the cost and potential misuse of AI. Eric, a security architect, introduced himself and shared his experience with the office hours. The team also discussed the potential discontinuation of the Mastodon instance due to low activity and the need for a new project manager. Lastly, they discussed the use of Discord for communication and the potential for a new project manager.

Discussing Vulnerability Severity and CVSS Scoring

The team discussed a recent vulnerability, referred to as 9.9 RCE, which was initially perceived as a significant threat. However, they concluded that it was not as severe as initially thought, with many unlikely events required for it to be exploited. They also discussed the CVSS scoring system, which focuses on the worst possible scenario, and the concept of EPSS, which measures the likelihood of a vulnerability being exploited in the next 30 days. The team agreed that while the vulnerability was theoretically bad, it was unlikely to be exploited in practice.

Vulnerability Management Models and Industry Applications

Neil discussed the development and implementation of a new vulnerability management model, SSB, which uses machine learning to assess the likelihood of exploitation. He mentioned that this model has been adopted by vulnerability management teams and is being pushed by SISA for regulation and guidance. Neil also introduced the concept of SSBV, a decision tree model that takes into account factors such as exploitability, automatability, scope, and asset context to determine the appropriate action for a vulnerability. The model has been implemented by Cisco and is open-source. Jeff and David discussed the practical application of these models in their assessments, with Jeff expressing concerns about the potential for misinterpretation of vulnerability scores. Friday, who is studying for the security plus exam, expressed his interest in learning more about the industry application of these models.

CVSS Scores and Vulnerability Prioritization Discussion

Neil explained that the CVSS score is subjective, with different assessments from numbering authorities, vendors, and developers. Shawn noted it is one of many risk assessment scores. Jeff and Friday agreed that CVSS alone is insufficient for decision making without considering likelihood and impact. Neil highlighted research showing many exploited vulnerabilities have low CVSS scores, and that organizations typically only patch around 10% each month. He emphasized prioritizing the right vulnerabilities beyond just high CVSS scores.

Product Security and Cloud Security Discussion

The team discussed the concept of product security, with Kyle and Justin sharing their experiences in the field. They clarified that product security could involve hardware or software, depending on the product, and is not a specialized field but rather an application of their skills. They also touched on cloud security, with Freddy explaining its similarities to application security but now including cloud security. The team welcomed a new member, Nadeem, and shared their experiences with unpredictable weather. The conversation ended with Shawn welcoming everyone and asking if anyone else had a topic to discuss.

Adapting Security in Cloud-Native Environments

Neil discussed the shift in security as companies move into cloud security, emphasizing the need for security teams to collaborate more closely. He suggested that the renaming and recontextualization of terms like "product security" and "application security" are part of this response. Matt agreed, emphasizing the need to find ways to say yes to innovation while maintaining security. Freddy and Mischa added context, noting the evolution of roles in cloud-native environments and the importance of collaboration. James raised a question about boundaries in cloud security, which Shawn responded to by acknowledging the complexity of the issue and the need for efficient use of signals.

Next steps

- Shawn to fix DNS issues with csoh.org website. - Matt to consider presenting on his automated SOX audit process at a future meeting. - Shawn to explore opening a second time slot for Cloud Security Office Hours meetings. - Chris to run the potential new time slot for Cloud Security Office Hours meetings. - Shawn to reach out to potential speaker for next week or the week after.

New Member's Cloud Security Transition

Shawn welcomed a new member, Saubhagya, who is new to cybersecurity and is transitioning from on-prem servers to cloud security. Saubhagya expressed interest in learning more about securing their cloud infrastructure. Shawn advised that there's a lot to learn and suggested that Saubhagya stick around to learn more. David offered to conduct a breakout session to share his approach to onboarding clients who are new to cloud security. Saubhagya confirmed that they are using Google Cloud Platform (GCP). The conversation ended with Shawn opening the floor for any questions or topics for discussion.

FCC Fine, Cybersecurity Investments, and Industry Trends

Adam discussed a recent fine imposed on T-Mobile by the FCC, which included a mandate for increased cybersecurity investments. The team debated whether this trend would continue, with the US government becoming more prescriptive, especially in the healthcare sector. Kyle and Jay suggested that heavy government regulation was unlikely due to lobbying by major tech companies. Shawn highlighted the potential of mandated spending on security as a way to address budget constraints. Jay concluded that compliance was often the driving force behind security investments. alex expressed relief that something was finally being done about a long-standing issue, despite it being overdue. Matt and Shawn discussed the idea of a central licensing agency for cybersecurity professionals, but agreed that it was unlikely due to the wide range of disciplines and cross-functional aspects involved in cybersecurity. The team also discussed the upcoming Octane event in Las Vegas and the immaturity of the cybersecurity field, with Jay suggesting that more recognition and praise should be given to those working on the fundamentals of cybersecurity.

Professional Development and Certification Discussion

The team discussed their experiences with professional development and certifications. David expressed his desire to continue learning and considered renewing some Microsoft certifications. Eric shared his thoughts on determining which certifications are worth renewing, while Shawn shared his experience with maintaining his CISSP certification. Jay and Eric discussed the challenges of obtaining points for certifications, with Matt expressing concerns about his lack of formal security titles despite his extensive security work experience. The team reassured him that his experience could still be considered valid, with Shawn suggesting an endorsement from someone who knows his work well could be the key. Crystal shared her similar experience of not having a security title but still being able to validate her security experience. The conversation ended with Crystal discussing her work on a Red Hat Certified Specialist in Containers certification.

Certifications in the Job Market Discussion

The team discussed the importance of certifications in the job market, with Shawn and Chris emphasizing that while certifications can open doors, they are not always necessary. Matt shared his experience of studying for an Octa certification, only to find the content irrelevant and a money grab. He argued that practical skills and experience are more valuable than memorizing information. David agreed, recalling his own experience of needing to apply core knowledge in a business trip. The team concluded that certifications are situational and not always required, but can be beneficial in certain circumstances.

Cloud Certifications, Automation, and on-Premises Challenges

Eric recommended the AWS Cloud Practitioner certification as an entry-level introduction to cloud services and Jay suggested the CCSK certification for cloud security knowledge. Matt automated the SOC audit process using a Slack bot. Shawn proposed a second meeting time slot, with Chris volunteering to run it. The team discussed the challenges of moving back to on-premises solutions from the cloud, such as high cloud bills and inefficiencies, and the importance of having a good reason to move to the cloud and refactoring applications. Chris shared his experience with the visa process for his family's move to Singapore. The team discussed issues with the website csoh.org, which was temporarily down due to a DNS problem caused by a switch to Cloudflare, but Shawn assured it would be resolved by the end of the week and provided an alternative website.

Next steps

- Don to prepare and deliver a session on containers in a future meeting. - David to collaborate with Don on preparing content for the containers session. - Brandon to prepare and deliver a presentation on a topic of his choice for the next meeting. - Chris Richardson to provide insights on cybersecurity topics to Friday via Discord or LinkedIn. - Shawn to ensure the anonymous feedback system is available for Brandon's presentation. - All participants to consider using the Toastmasters ChatGPT plugin for outlining future presentations.

Overcoming Fear of Flying and Aviation

Chris Richardson expresses his fear of flying and considers taking medication to cope with an upcoming flight. Shawn shares an anecdote about Kevin Mitnick overcoming his own fear of flying. The discussion turns to Shawn's 15-year-old son, who is learning to fly and will soon do a solo flight. Chris marvels at his son's bravery, contrasting it with his own aversion to small planes and newly licensed pilots.

Climate Experiences and Cloud Security Discussion

The meeting participants shared their experiences with various climates, with Chris Richardson expressing a preference for warmer weather despite the challenges. Richard shared a water shortage situation at his house in Spain due to lack of rain. Carlos, a new member, introduced himself and his role in cloud security sales, explaining his work with Tim Nun and his focus on helping customers remediate misconfigurations. Carlos also clarified that a Cnap is a Cloud Native Application Protection Platform. The conversation ended with Chris encouraging others to share their thoughts and questions.

Discussing Tech Industry's Climate Change Impact

The team discussed the potential impact of climate change and migration on the tech industry, with a focus on finding a new hub to replace Silicon Valley. They agreed that while other regions are emerging as tech hubs, Silicon Valley's scale and wealth are unmatched. Jay mentioned a concerning trend he wanted to discuss further, but no details were provided. The team also discussed the increasing demand for auto remediation from overwhelmed developer teams, with Shawn highlighting the growing customer demand for targeted auto remediation and the need for automated solutions due to personnel shortages.

Exploring Container Use in Enterprise Environments

Friday expressed interest in understanding the practical use of containers in an enterprise environment, and Shawn suggested a future session to clarify common misconceptions. Don agreed to lead this session, emphasizing the importance of understanding when to use containers and when not to, and the value of seeking input from colleagues and managers. David and Don discussed the challenges of meeting customer requirements, particularly when customers have additional needs after initial requirements have been met. They agreed on the need for flexibility in their approach and the importance of building solutions that are cloud-native and adaptable. The conversation ended with Chris expressing anticipation for a future session to further explore these issues.

Auto Remediation Discussion and Implementation Challenges

The team discussed the concept of auto remediation, a process that involves automating the resolution of issues or problems. They agreed that while the idea sounds appealing, it can be challenging to implement effectively, especially at scale. They highlighted the potential pitfalls of auto remediation, such as causing operational problems or inadvertently bringing down systems. The team also discussed the importance of involving all stakeholders and being aware of potential pitfalls when implementing auto remediation. They agreed that the process should be carefully managed and that the acceptance of risk should be pre-authorized. The team also discussed the complexity of auto remediation in modern architectures, such as those controlled by pipelines, and the need for careful management of change.

Cybersecurity, Automation, and Server Management Discussion

Alhaji discussed his role in cybersecurity, including a recent migration with Microsoft Azure and the use of phishing tests to assess employee vulnerability. He highlighted the importance of auto remediation in preventing cyber attacks. David then discussed the potential for automation in server management, suggesting the use of run books and monitoring tools like Logic Monitor. Jay and paulmarinos added to the discussion, emphasizing the need for non-disruptive process cycling and the importance of regular server reboots. Chris Richardson suggested following cybersecurity companies on LinkedIn and Twitter for updates on industry acronyms and topics. Don ended the conversation by defining auto remediation as achieving a desired state by fixing adverse effects, using the example of a public S3 bucket or a vulnerability on a virtual machine.

Auto Remediation Discussion and Customer Scenario

Don discussed the benefits and challenges of auto remediation, highlighting its potential to fix issues but also introduce unintended changes. He shared a customer scenario where automation caused a configuration change, leading to an outage. Michael suggested reaching out to Shawn or Kris for further clarification. Chris offered to provide visual insights and storytelling for Brandon's presentation, and Shawn agreed to make the anonymous feedback system available for Brandon's session. Carley mentioned a Toastmasters chat GPT plugin that could be useful for outlining presentations. The conversation ended with Chris thanking everyone and encouraging them to reach out for further assistance.

Next steps

- Don to prepare a presentation on containers for next week's meeting, if schedule permits. - Kyle to reach out to community members for additional resume feedback. - Cloud Security Office Hours team to promote Discord channel to increase membership beyond 250 people. - Attendees to add their LinkedIn profiles in the chat for networking purposes. - Cloud Security Office Hours team to consider organizing more resume review sessions due to their high value.

Water Polo Dedication, Workout Routines, and Dogs

Shawn compared the dedication of water polo players to other sports like basketball. Patrick shared his daily workout routine and expressed interest in water polo. Chris and Patrick discussed their dogs, Ripley and Ragnar, with Chris mentioning a setback with Ragnar's license and a potential appeal. They also discussed the possibility of using a friend's address if the appeal fails. Bradley, a new attendee, introduced himself and shared how he found the meeting. Shawn emphasized the meeting's open and interactive nature, inviting everyone to ask questions and share their experiences.

Evolution of Application Development and Containers

Shawn discussed the evolution of application development, highlighting the challenges faced in the past due to dependencies on the operating system and the difficulty in coordinating among multiple developers. He explained how virtualization and containers emerged as solutions, enabling portability and compatibility. Containers allowed for the creation of micro-architectures, where each function could be its own package or container, with all containers working together to form a deployment. Shawn also mentioned that David would have more insights on this topic. Shawn discussed the benefits of using containers for application deployment, emphasizing their role in facilitating portability and accelerating development. He highlighted how containers reduce dependency on specific environments and allow for deployment on-premises or in the cloud. David added that containers help resolve issues with application compatibility across different platforms and hardware, and also accelerate deployment. He suggested that developers should aim for cloud-native solutions where possible to avoid relying on containers, which still require management.

Container Benefits, Challenges, and Deployment Strategies

The team discussed the benefits and challenges of using containers in their operations. David highlighted the difficulty of tracking and locating containers, especially when they are not well-documented. Jay added that containers offer security benefits, such as isolating processes and restricting access to the file system, but emphasized the importance of proper configuration. Shawn and Jay also discussed the importance of testing and approving versions before deployment, and the potential risks of using the latest version. Don brought up the example of Crowdstrike's recent update, suggesting that inadequate testing and communication could have contributed to the issue. The team agreed to continue the discussion on deployment methods and automation.

Container Orchestration, Digital Twins, and Auto Scaling

The team discussed the challenges of testing under load and the potential solution of digital twins. Shawn shared his experience with the red and blue system from Novell and explained the role of containers in the ecosystem, emphasizing the need for an orchestrator like Kubernetes. The team also discussed the benefits of auto scaling and self-healing in container orchestration, with a focus on cost efficiency and resilience. The conversation concluded with an agreement to further explore the topic of ECS and EKS, with Ed expressing interest in understanding the difference between Amazon ECS and EKS.

Container and Virtual Machine Differences

The team discussed the differences between running containers on AWS using ECS and EKS, with a focus on the complexity of the topic. They also explored the distinctions between containers and virtual machines, with Shawn explaining that containers are lighter weight and share the same OS kernel, while virtual machines have their own root user. The team also touched on the concept of serverless, with Shawn explaining that it means not having control over the host, but being able to define what to run and where it runs.

Exploring Abstraction, CI/CD, and Cloud Roles

The team discussed the concept of abstraction in computing, with Shawn and Jay emphasizing the importance of understanding the underlying layers of abstraction to effectively debug problems. They also touched on the topic of continuous integration and continuous delivery (CI/CD), with Shawn explaining that it involves the automated processing and deployment of software. D expressed interest in moving into cloud security and devops roles, and Shawn clarified that CI/CD is not exclusive to cloud or on-prem environments, but rather a development process that can be applied to both. The team also briefly discussed the role of cloud specialists in managing the deployment of software.

Code Orchestration, CI/CD, and Agile Practices

Jay discussed the benefits of using code for resource orchestration, including accuracy and error prevention, but mentioned potential configuration drift and the need for version control. Aaron McKenzie compared CI/CD to car manufacturing, emphasizing quality control and distribution. Brad noted that CI promotes code stability through post-commit testing. isaac said a failed CI indicates the process is working properly. The team agreed on the importance of agile practices and frequent, small changes. Don was thanked for initiating the container discussion, and potentially leading the next session. Shawn introduced Discord for networking conversations. Chris encouraged new attendee introductions, and Bradley introduced himself, sharing his Silicon Valley startup and security background. Michael offered to help others after collaborating with Kyle on his resume. The team discussed a recent Azure logging issue, with Jay noting potential missing log entries. The conversation ended with a light-hearted discussion about Microsoft's logging issues.

Next steps

- Alhaji to research AWS and Salesforce trust documentation for insights on chaos engineering practices. - Paul to explore GraphQL Summit for more in-depth knowledge on graph databases and their applications. - Syed to investigate Microsoft's CSS Sec incident response team for potential global hiring opportunities in security operations.

Transitioning to Cloud-Based Systems Challenges

The team discussed the challenges of transitioning from on-premises to cloud-based systems, with a focus on the differences in security and infrastructure. Alhaji inquired about chaos engineering, and Crystal suggested looking into AWS's Trust documentation for insights. Brad confirmed that Azure also has a Chaos Studio and emphasized the importance of building resilient architectures. The team agreed that understanding these differences is crucial for success in cloud-based systems.

Team Congratulates Crystal, Discusses Security

In the meeting, Chris, Shawn, Crystal, Neil, and Syed discussed various topics. Crystal shared her recent promotion to security architect and expressed her gratitude to the team for their support in her growth. Chris and Neil congratulated her and praised her confidence. Syed, who joined the call from Pakistan, shared his journey from working in automation and business operations to security operations for a California-based company. He asked for suggestions on how to get more into security and if there are companies that openly hire people from anywhere in the world. Chris and Neil encouraged him to continue learning and exploring opportunities.

Global Experience and Networking Importance

Neil discussed his extensive global experience, particularly in Microsoft's security team, where he worked with teams in various countries. He highlighted the importance of a global approach in their field and suggested Microsoft's CSS as a great place to learn incident response. Chris agreed, emphasizing the global nature of their work and the importance of networking and preparation. David shared his personal experience of building a global network, starting with a global role and traveling extensively, which led to multiple opportunities. He stressed the importance of hard work, determination, and stepping out of one's comfort zone to achieve success.

Csp, Stealth Project, and Graph Databases

In the meeting, David shared his work on a Csp in Ireland and a stealth project. He also mentioned his dislike for Ireland's climate and Dallas. Chris revealed that David works part-time on the Board of Tourism for Ireland. Paul discussed his work on a cloud security project, focusing on a Django project and the use of Apache Agea graph extension with Postgres SQL. He was considering switching to Digital Ocean. The team also discussed the potential of graph databases, with Shawn highlighting their efficiency and Neil expressing skepticism about their application in various contexts. Brian suggested attending a Graphql summit for further learning. The team also discussed the importance of security and privacy in their work.

Next steps

- Micah to educate himself on Kubernetes basics using the Code Cloud learning platform. - Micah to work with the engineering team to identify potential mitigations for the Grafana permissions issue. - Micah to review the company's policy exception process and consider making it more rigorous for non-critical exceptions.

Addressing Vulnerabilities and RDP Security

The team discussed an article by Sophos about Chinese groups targeting firewalls. They also discussed a report by Patrick Garrity, a researcher at Volnshek, which showed that Microsoft had the highest number of known exploited vulnerabilities. The team agreed that the data set used in the report was flawed and that it was easier to find vulnerabilities in Microsoft due to its widespread use. They also discussed the issue of remote desktop protocol (RDP) being used by foreign threat actors for spear phishing campaigns. The team concluded that closing RDP ports was a necessary security measure, even if it was inconvenient for some users. They also discussed the challenges of implementing security measures in small to medium-sized organizations.

Container Security and Permission Management

In the meeting, Matt Alvarez expressed concern about the state of their security systems. Micah, a security operations engineer, raised a question about container security, specifically about alerts related to controllers with the ability to read secrets and pods. Neil and Don discussed the importance of evaluating the necessity of certain permissions and the potential for misconfigurations in third-party services. They suggested that the alert could be a valid configuration, but it might be desirable to limit the permissions of the service account to only read its own secrets. The team agreed that further triage and evaluation were necessary to determine the best course of action.

Handling Security Alerts From Vendors

The group discusses how to handle security alerts from third-party vendors. Connor suggests documenting the risk, presenting it to the business, and letting them decide whether to accept or mitigate it. Neil advises providing well-researched arguments to vendors for fixing issues, as vague requests are unlikely to be addressed. Jay notes that only major organizations can effectively pressure vendors. Matt recommends gathering justification from vendors and presenting it to management for a path forward. The group agrees that support teams should properly gather data and escalate to product teams, while security teams should build a case around the business risk.

Navigating Security Alert Disagreements

In the meeting, Don and Jay provided guidance to Micah on how to navigate a situation where an engineering team disagreed with a security alert. They suggested that Micah should educate himself on the topic, particularly on Kubernetes, and try to reproduce the alert in a dev environment. They also advised Micah to figure out the business criticality of the system where the alert is taking place. Connor added that vendor tools often go to the lowest common denominator and may not be fully customizable. Eric suggested analyzing event logs to prove the existence of the issue. The team also discussed the importance of partnership and collaboration in resolving security issues. Micah expressed appreciation for the advice and plans to apply it to his situation.

Next steps

- Alexander to consider pushing for cloud services adoption at his current company or explore new job opportunities that align with his career goals. - All members to utilize the Discord server for impromptu conversations and networking outside of Friday meetings. - Chris to periodically join voice channels in the Discord server to facilitate discussions. - All members to put their LinkedIn URLs in the chat for networking purposes. - Shawn to continue developing the new website (csoh.org) based on member feedback and suggestions. - All members to explore and contribute to the new website (csoh.org) with content and resource suggestions. - New members to familiarize themselves with the group's resources, including the Discord server and website. - All members to actively engage in networking opportunities provided by the group. - Kyle to attend the external finalist day for job interviews with local Indiana tech companies.

Diverse Group Shares Cloud Security Experiences

The meeting began with introductions from the participants, including Erik, Ahmed, Akis, AY, Ash, Sarit, Vidyut, and Lota. They shared their backgrounds and current roles in the field of cloud security. Shawn, the host, welcomed everyone and expressed his excitement about the diverse group of participants. He emphasized the importance of learning from each other's experiences and encouraged everyone to ask questions and share their knowledge. The conversation ended with Shawn thanking everyone for their participation and looking forward to future discussions.

Website Revamp and Networking Opportunities

Shawn introduced the revamped website, csoh.org, and encouraged feedback for improvement. He also introduced the leadership team, including Neil Carpenter, Kris Richardson, and Matt Alvarez. Shawn emphasized the importance of networking within the group, highlighting the numerous side conversations and job opportunities generated from these interactions. Alexander suggested using the Discord server for impromptu conversations, which Chris agreed to do once a week. The group also discussed the challenges of working in the MSP space, with Alexander sharing his experiences and Alex offering support.

Addressing Boss's Cloud Service Resistance

Alexander discussed his challenges in convincing his boss to offer cloud services like Intra ID and AWS storage solutions to their customers. He expressed concerns about his boss's lack of comfort with the technology and his reluctance to offer these services. The team suggested that Alexander could demonstrate the potential profitability of these services and the risk of losing customers if they don't offer them. They also advised Alexander to assertively guide his boss towards adopting cloud services, emphasizing the benefits of economies of scale and centralized management. Neil highlighted the importance of having the courage to advise customers when they are making incorrect decisions. The team agreed that Alexander's boss was not considering the long-term benefits of moving to the cloud.

Choosing Cybersecurity Career Paths

Neil emphasizes the importance of understanding one's interests, strengths, and motivations when choosing a career path in cybersecurity. He suggests evaluating different areas like application security, infrastructure, governance and compliance, or red teaming to find the best fit. Alexander agrees, noting it took him 18 months of trial and error to determine he enjoys networking and using tools like Terraform. Jay adds that while finding enjoyable work is valuable, it's also important to feel one's role has meaningful impact. Alexander concurs, stating that having a purpose beyond just completing tasks makes learning labs and projects more rewarding.

Finding Balance and Purpose in Work

The team discussed the importance of finding a balance between fulfilling work and the necessity of paying bills. They acknowledged that not all jobs are enjoyable, but some aspects can be fulfilling. The concept of "ikigai" was introduced, referring to the intersection of purpose and fulfillment. The team also discussed the importance of networking and finding the right place to start a career. They agreed that finding one's reason for being can take time and experience, and that mentoring can help accelerate this process. The conversation ended with a reflection on the importance of learning from others' mistakes to avoid similar pitfalls.

Navigating Career Challenges and Growth

In the meeting, Chris shared his experiences of being fired from a technical sales internship at IBM and how he learned from his mistakes. Jay emphasized the importance of understanding how the world works and the impact of one's work on others. Paul highlighted the distinction between controllable and non-controllable factors in one's career. Alex discussed his dilemma of choosing between a safe job with a good manager or taking a risk for a potentially more rewarding opportunity. Chris concluded the discussion by emphasizing the need for growth and finding new ways to communicate one's achievements without being selfish or arrogant.

Next steps

- Attendees to check out the new Cloud Security Office Hours website for resources and meeting notes. - Attendees to provide suggestions for additional resources to be added to the website. - Attendees interested in writing articles or blog posts for the website to contact Shawn. - Attendees to consider preparing and presenting topics of interest for future meetings. - Attendees to utilize the LinkedIn connect thread for networking opportunities within the group. - Alexis to follow up with Don regarding her LinkedIn content.

Incoherent Transcript Discussion

Based on the incoherent transcript, it seems Shawn was speaking nonsensically or possibly reciting song lyrics or poetry. Without any clear context or decisions discussed, I cannot provide a meaningful summary that adheres to the given guidelines.

New Members Introduce Themselves

In the meeting, Shawn initiated the discussion, welcoming everyone and encouraging new attendees to introduce themselves. Alexis, a new member from Megaport, introduced herself and shared her background in Cisco and her interest in cloud security. Shawn emphasized the importance of networking and making connections within the group. Kimberly, another new member, introduced herself, sharing her experience in engineering and product management at Verizon and her recent role at Ericsson. Shawn concluded the introductions and hinted at a special presentation for the day.

Website Creation and Cyber Insurance

Shawn encouraged group members to share their expertise and resources for the new website he had created, emphasizing its potential as a platform for learning and sharing. He also asked for suggestions to improve the site's content. Brandon then presented on the exciting topic of cyber insurance, explaining its function as a risk transference tool for individuals and organizations unwilling to pay for cyber insurance claims out of pocket.

Exploring the Scan Engine's Functionality

Brandon discussed the workings of the scan engine, a tool used in the cyber insurance industry. He explained that the scan engine is cloud-based, built on a serverless architecture, and looks at domains, public IP addresses, SPF records, and SSL certificates. He also mentioned that the scan engine is split into different parts, including minions worldwide and honeypots for detecting major vulnerabilities. Brandon emphasized that the scan engine only touches external infrastructure and does not scan shared hosting providers unless there are egregious issues. He also clarified that contingencies, or stop signs, are part of the scan engine and can affect various tech stacks. Lastly, he mentioned that the scan engine also scans the entire internet, gathering data on common protocols and software banners.

Underwriting Process and Security Analysis

Brandon discussed his role in the underwriting process, which involves reviewing scan data results and issuing declinations or contingencies based on security issues. He noted that he is pre-bind, meaning he reviews policies before they are bound, and he has the authority to issue declinations for egregious security issues. He also mentioned that he is the only team member with mainframe experience, and he handles all mainframe calls. Brandon further explained the underwriting process, which involves sorting businesses based on revenue class and industry class, with certain industries like MSPs being rarely underwritten. He also mentioned that they are the only company willing to underwrite crypto-oriented businesses. Lastly, he differentiated between the pre-bind security analysis side and the post-bind security support center.

Security Practices and Underwriting Process

Shawn asked Brandon about the company's approach to security, specifically whether they look at security practices from an internal viewpoint or only from an attacker's perspective. Brandon explained that they do look at internal infrastructure during security calls, especially when there are questions about a declination or a scan engine. He also mentioned that they are starting to push towards getting policy holders on user behavior analytics. Paul then asked about the thoroughness of their underwriting process compared to a typical pen test, to which Brandon responded that they do look at CVEs and vulnerabilities, but it's not a super detailed pen test. Lastly, Paul asked about the claims process after an incident occurs, which Brandon said would be a long conversation.

Handling Claims and Breach Council

Brandon discussed the process of handling claims within the business. He explained that claims are handled by specific contacts, which are usually found in a document issued after binding a policy. These contacts include the Security Support Center for security alerts and the claims department for client issues. Brandon also mentioned the involvement of breach council and the possibility of using a predefined forensics provider. He emphasized that the size of the cyber carrier determines the size of the claims fund. He also hinted at the possibility of using external legal help for breach council.

Cyber Insurance Claims and Payouts

Brandon discussed the process of claims and payouts in cyber insurance, emphasizing that the timeline and payout amount depend on the complexity of the claim and the type of incident. He also mentioned that disputes often arise from misrepresentation of risk. Jason asked about exclusions in policies, to which Brandon explained that post-bind contingencies can be used to exclude certain risks, such as outdated software. Kimberly asked about the impact of cyber insurance on the likelihood of a breach, to which Brandon responded that having cyber insurance reduces the likelihood of a claim by 2 times on average. Carly asked about the consideration of reputational damage in payouts, to which Brandon explained that it depends on the type of claim and the severity of the breach. Lastly, Brandon shared his personal journey into cyber insurance, starting from a security operations center role and being drawn to the unique aspects of the field.

Next steps

- Don to prepare and deliver a demo of a tool from the Cloud Security Office Hours website - Steve to develop a demo on adding security scanners to a pipeline and GitHub Actions - Shawn to add Brandon's presentation to the Cloud Security Office Hours website - Neil to deliver a talk on AI Security next week - Shawn to record and post Neil's talk for those who cannot attend - Community members to contribute content and descriptions for tools on the Cloud Security Office Hours website - Jay to share resources on quantum cryptography that don't require advanced physics knowledge

Stream of Consciousness Reflections

Shawn speaks in a stream of consciousness, expressing various thoughts and emotions without a clear narrative or decision-making process. He mentions feeling deep inside, being alive, changing, and wanting to call someone. He also references God, Indians, and his people, suggesting spiritual or cultural themes. However, the transcript lacks coherent discussion or specific action items.

Random Statements and Meeting Start

Shawn makes various random statements and sounds, with no clear discussion or decisions. An unknown speaker briefly mentions that the meeting is starting soon.

New Attendees and Wiz Implementation

The meeting began with introductions from new attendees, including Benjamin and Kyle. The group discussed the agenda for the meeting, which was open for questions and discussions. Shawn mentioned that there would be a guest speaker next week, but they missed the call. The group also discussed the implementation of Wiz, with Steven offering to share his experience. Neil mentioned that he would be discussing AI Security next week. The conversation ended with Shawn opening the floor for any interesting news or updates from the group.

Industry Acquisitions and Mergers Discussion

Don McQueen initiated a discussion about the recent acquisitions and mergers in the industry, particularly in the cybersecurity sector. He sought opinions on why these acquisitions were happening and whether it was a new trend. Shawn and Jay contributed to the discussion, with Shawn suggesting that acquisitions and mergers have always been part of the industry and that it's not necessarily a new trend. Jay added that the number of companies getting acquired might be due to the challenging economic conditions, with interest rates being low and money being cheap. He also pointed out that cloud security is a minor subset of the larger cybersecurity space, which might contribute to the perception of increased activity in the industry.

Selective Purchasing and Platform Integration

Jay discussed the trend of buyers becoming more selective in their purchases, leading to a move towards fewer, more integrated providers. He also mentioned the platformization of services. Neil shared his observations on acquisitions, noting that many companies buy capabilities with the intention of integrating them into their existing platforms. He also mentioned that some acquisitions don't add value to the customers or the product. Shawn praised Wiz's approach to acquisitions, contrasting it with Palo Alto's method of strapping on acquired technology. Gareth shared his experience at Cisco, noting that acquisitions often didn't integrate well into the company's existing products. He suggested that Cisco's security business would benefit from being run as a separate entity.

Market Activity, Acquisitions, and Integration

The team discussed the current market activity and the potential reasons behind it. They noted that acquisitions have always been a part of the industry, but now they are more visible and sensitive to the media. The conversation also touched on the challenges of integrating new technologies into existing systems and the potential for companies to acquire competitors to gain a competitive advantage. The team also discussed the impact of acquisitions on customers, with some arguing that it can lead to a lack of focus on improving the product and instead focus on acquiring customer books. The conversation ended with a discussion on the motivations behind acquisitions and the potential for companies to prioritize short-term gains over long-term success.

Mobile Cybersecurity Acquisition Challenges

In the meeting, Kimberly shared her experience with a mobile cybersecurity company's acquisition, highlighting the challenges of integrating with a larger company and the importance of runway and investment. Shawn and Jay discussed their experiences with acquisitions, emphasizing the role of ego and culture clashes. Neil shared his observations on the difficulties of integrating acquisitions, particularly when multiple companies are involved. The team also discussed the challenges of East Coast and West Coast cultures clashing in acquisitions. The conversation ended with Abdullahi and Jay discussing Cisco's shift towards a more comprehensive approach with their "hyper shield" initiative.

Website Updates and Demo Opportunities

In the meeting, Shawn showcased the new website and encouraged the team to explore its resources. He also mentioned that he would be adding more content to the site, including tutorials and demos, and invited team members to contribute. Shawn also discussed the possibility of hosting demos of various tools on the website. Don McQueen expressed interest in doing a demo of a tool and offered to collaborate with others. Steve also expressed interest in presenting a demo related to application security. The team was encouraged to reach out to Shawn for any contributions or questions.

Quantum Computing Threats and Priorities

Matt Currie discusses a recent claim that Chinese researchers cracked 50-bit RSA encryption using a quantum computer. Shawn and Jay explain that this is not a significant threat, as modern encryption uses much larger key sizes. Neil emphasizes the importance of understanding threat models and applying that lens to security issues. The group agrees that while quantum computing advancements are interesting, most security priorities should focus on more mundane but critical tasks like proper key management. Steve asks for resources to learn about quantum computing and cryptography at a high level.

Next steps

- Neil to share more details about AI Goat, the open source project for illustrating AI security risks. - Shawn to plan a recap session on AWS re:Invent the week after the conference. - Cloud Security Office Hours team to consider sharing resources on AI security testing and vulnerabilities. - Neil to bring Cloud Security Office Hours swag to AWS re:Invent for attendees. - Attendees to review OWASP Top 10 for Machine Learning and LLMs for AI security guidance.

Addressing AI Risks in Security Reports

Neil discussed the importance of considering the self-selected nature of data in security reports, particularly when it comes to companies using cloud security solutions. He highlighted the need for security teams to be aware of the rapid adoption of AI models in custom applications by business units, despite potential risks. Neil also shared his personal experience with an AI product that generated inaccurate results, emphasizing the need for security teams to be proactive in addressing these issues. The team agreed to continue the discussion in the next meeting.

AI Package Vulnerabilities and Security

Neil discussed the vulnerabilities in AI packages and components, noting that while they are not currently publicly exploitable, he expects this to change as researchers focus on these areas. He highlighted a specific issue with Amazon Sagemaker, which automatically creates an S3 bucket for storing files, using a default naming convention that makes it easily discoverable. Neil emphasized that many new services, particularly those driven by developers, are not secure by default. He also pointed out that many organizations have exposed access keys to AI services, which could be exploited for malicious purposes.

Secure Design and Default Settings

Neil discussed the importance of secure design and default settings in cloud computing. He highlighted the risks of exposing secrets in Git commit history and the need for a plan to remove them. He also pointed out the vulnerabilities in using Sagemaker with admin privileges and the lack of configuration for IMDSv2 in many instances. Neil emphasized the need for secure practices, such as disabling route access from notebook instances and configuring private endpoints in Azure Openai. He concluded by noting the high percentage of instances without IMDSv2 configuration and the potential for significant security breaches.

Addressing AI Security Risks and Challenges

Neil discussed the challenges and risks associated with AI security, particularly in relation to Azure Open AI accounts. He highlighted that 27% of organizations have not configured their accounts to be privately accessible, making them publicly accessible. He also noted that most organizations are not encrypting their notebooks, training pipelines, or models, making them vulnerable to unauthorized access. Neil emphasized the need for better security measures, such as infrastructure as code, vulnerability management, and secure data practices. He also mentioned the AI Goat project, an open-source initiative that aims to illustrate common security risks in AI applications.

Exploring Cloud Security and Infrastructure

Neil discussed the team's desire for input and pull requests on a project, mentioning that it could be found on the Cloud Security Office hours website. Chris suggested sharing the project with others and noted that it could be a good entry point for those wanting to get hands-on experience. Kyle added that the internet was designed with security and privacy as afterthoughts, necessitating the addition of features like HTTPS and TLS. Richard shared his experience with default passwords in mid-range systems and suggested exploring the infrastructure of the AS-400 series as a potential entry point. Shawn agreed that all this information exists in the cloud and will continue to do so.

Managing System Access and Cybersecurity

The team discussed the challenges of managing system access and security after employees leave an organization. They shared experiences of finding default passwords on firewalls and the difficulty of removing access from multiple systems. The conversation also touched on the use of online resources for learning cybersecurity, with a focus on TryHackMe and HackTheBox Academy. The team agreed that while these resources can provide foundational knowledge, practical experience is essential for deeper understanding. They also emphasized the importance of learning fundamentals first before diving into more advanced topics.

Regulating AI and Vulnerability Challenges

Neil discussed the challenges of regulating AI, noting that existing compliance frameworks like GDPR are often reactive rather than proactive. He gave an example of how PCI certification requirements changed after an incident involving unencrypted credit card transactions. Juninho added that the lack of understanding about AI technology makes it difficult to create effective regulations. Nathaneal asked about the vulnerability of AI systems, particularly in relation to jailbreaking, and Neil clarified that while jailbreaking is a vulnerability, it is not the same as a CVE-style vulnerability. Chris thanked Neil for his talk and encouraged others to introduce themselves. Juninho, who has been with Orca for a couple of months, introduced himself and shared his background in Google Cloud security.

Addressing AI Model Vulnerabilities

Brian expressed concerns about protecting against AI model vulnerabilities, such as model poisoning. He questioned the feasibility of implementing policies to prevent such issues and the difficulty of testing for them. Philippe shared his experience with building a chatbot using LangChain, which was initially difficult to pen test due to the need for multiple attempts for the attack to work. He suggested using observability tools to find prompts and responses, but noted that this method was not real-time and required significant time to find vulnerabilities. Shawn mentioned emerging technology for testing AI models programmatically to identify vulnerabilities. Philippe also discussed the challenges of limiting an AI model's scope to specific tasks, such as mathematical questions, and the weakness of protection mechanisms like prompting techniques. He also shared his experience with Microsoft's OpenAI interpreter, which he found to be vulnerable to certain attacks.

AI Risks, Benefits, and Regulation

In the meeting, the team discussed the potential risks and benefits of AI, particularly in relation to security and regulation. Steve expressed concerns about the security of AI systems and the need for human oversight, while Neil argued that AI is not as dangerous as often portrayed and that evidence-based discussions are needed. Shawn suggested that AI is a natural progression and that regulation is necessary to ensure responsible use. The team also discussed the need for government regulation and the importance of understanding the technology behind AI. The conversation ended with plans for a recap session the week after.

Next steps

- Neil to meet with D to take professional headshots for her LinkedIn profile. - Shawn to add Cloud Security Lab resource to the CSOH website. - Nathaniel to share the link for Target Institute home lab setup in the chat. - Ian to discuss potential presentation at future CSOH meeting with Shawn. - Shawn to update the group on his surgery schedule and recovery plan. - CSOH leaders to coordinate running meetings while Shawn is out for surgery. - Shawn to reach out to group members to help reach 2,000 members before February anniversary. - Sam to offer assistance to group members on improving their elevator pitches and introductions. - Aashay to explore bash scripting resources for automation tasks.

Shawn's Philosophical and Poetic Musings

Shawn makes various philosophical and poetic statements, referencing nature, emotions, and life experiences. He mentions waiting a long time, being on the frontline like a soldier, hearing a late night telephone call, socializing, and taking in the world around him. Saubhagya briefly affirms looking at 300, though the context is unclear. The summary alludes to Shawn's contemplative musings without providing specific details.

Incoherent Meeting With Music Discussion

The meeting transcript was largely incoherent and lacked clear discussion points. However, there were a few discernible elements. There was a mention of starting at the top of the hour and getting coffee. There was also a reference to a perfect song for SOC/IR and a discussion about waiting room music. Additionally, there was a mention of a new Spotify list and a question about whether they have a Spotify account. Lastly, there was a reference to a gym and a mention of a stage. However, due to the disjointed nature of the transcript, it was difficult to discern any clear decisions, alignments, next steps, action items, or open questions.

AI Recording and Team Introductions

Shawn initiated the meeting by discussing the use of AI recording and the posting of meeting notes on their website and Discord. He encouraged new members to introduce themselves and participate in discussions. Sean Yarger, the leader of the Southwest SE team at Whiz, introduced himself. Ian McQueen, the Cloud Community Leader for the Azure Community at the Center for Internet Security, also joined the meeting. Shawn expressed his intention to involve Ian in future presentations. The meeting was characterized by open discussions and the sharing of experiences.

Security Updates and Professional Headshots

Jay discussed the company's security updates, revealing that they release all security patches on the second Tuesday of each month. Jeff asked about the number of in-house security researchers, to which Jay clarified that most submissions come from external sources like bug bounty programs and security partners. D asked for tips on getting a professional headshot, and the team suggested using a photographer or a passport photo service. Obi asked about the difference between AWS and Forward Cloud Tech, and Jay recommended Forward Cloud Tech for its focus on practitioners and real-world cloud security practices. The team also discussed the relevance of AWS for security, with Jim noting that while it's not security-focused, it does have security features and advice for securing AWS.

Cybersecurity Certifications: Value and Necessity

The team discussed the value and necessity of certifications in the field of cybersecurity. Ken expressed his skepticism about the need for certifications, while Shawn and Matt Alvarez argued that they can be useful for learning and breaking through barriers to talk to employers. Steve recommended the Cloud Security Lab a Week (S.L.A.W) resource for practical learning. Jay shared his experience of not needing certifications to get a job, while Afrida asked for advice on which certifications to pursue. Matt Alvarez suggested starting with an intro-level cloud certification like the Az 900 or an associate AWS certificate. Nathaneal recommended setting up a home lab for hands-on experience before pursuing certifications. The team agreed to share these resources and suggestions with others.

Computer Stores, Home Labs, and Security

In the meeting, Matt Alvarez discussed the availability of computer stores in major cities like the US, and the potential for home labs in IT. Jay suggested the use of Raspberry Pi's for Kubernetes clusters, and Matt agreed, but noted the potential issues with ARM architecture. Matt Currie shared his experience of replacing servers with Intel Mac Minis, which he found more efficient. The team also discussed the use of breach and attack simulation software, with Jason Newman inquiring about its use. Chris from Mandiant shared his experience with the security validation product. The team also discussed the potential of home labs for learning and the availability of lab resources on their site.

Certifications, Experience, and Hiring Challenges

In the meeting, Matt Alvarez discussed concerns about a potential private equity firm purchasing a company that provides the OSCP certification, fearing price hikes and a decline in quality. Jay and Shawn agreed that experience as practitioners is more valuable than certifications, and that certifications should be seen as a confirmation of reasonable intelligence rather than a definitive measure. Matt Currie noted that certifications like CISA are losing their shine due to the ease of obtaining them without practical experience. The team also discussed the challenges of maintaining certifications like CPES and the potential for internal referrals in the hiring process.

Networking for Career Success

In the meeting, Shawn emphasized the importance of networking and building connections for career success. Richard shared his experience of getting a job offer through a connection, highlighting the value of having a champion or sponsor. Matt Currie discussed the competitive job market and the need to stand out, while Matt Alvarez agreed. Sean shared his experience of not actively applying for jobs but having them come to him through networking. The team also discussed the importance of showcasing one's work and skills, and being helpful to others as a way to build a strong network.

Exploring Automation and Cloud Security

Aashay discussed his understanding of automation and cloud security, and sought suggestions for additional use cases to showcase his automation efforts. Matt Currie shared his approach to automation, focusing on process automation and removing manual effort. He emphasized the importance of identifying tasks that are a pain to do manually and automating them. Don added that automation can eliminate errors, save time, and increase efficiency. He also recommended the book "Automate the Boring Stuff" for further learning. The team also discussed the potential of integrating IPD and the value of automation in reducing manual effort and increasing efficiency.

Automation, Processes, and Team Updates

In the meeting, Matt Currie emphasized the importance of understanding processes rather than just coding, using Chat GPT as an example. He also highlighted the value of automation in streamlining tasks. Paul recommended Bash scripting for cloud security tasks, citing its simplicity and efficiency. San shared his experience as a keynote speaker on elevator pitches and offered help to those needing assistance in self-introduction. The group also discussed the upcoming 2,000 member milestone for their group and Matt Currie's upcoming move to Australia. Lastly, Shawn announced his upcoming surgery for prostate cancer and his temporary absence from the group, with Jay and others offering support.

Next steps

- Mario to organize a presentation on generative AI implementation in healthcare, addressing questions and concerns from the group. - Shawn to coordinate with Mario on scheduling the AI presentation for an upcoming Friday session. - Don to follow up with someone knowledgeable about Dvorak keyboards for a personal discussion. - All attendees to consider sharing their LinkedIn profiles in the chat for networking purposes. - Chris to reconnect with Fred at Whiz regarding potential job opportunities in Singapore. - Shawn and Chris to have an offline conversation about Chris's meeting with Dimitri.

Emotional Connection and Constant Love

Shawn expressed his feelings of loneliness and longing, emphasizing the importance of their connection. He acknowledged the changes that have occurred and reassured that his love for the other person remains constant. The conversation was filled with emotional and heartfelt expressions, with Shawn repeatedly stating "I am yours, you are mine, you are what you are."

Casual Conversation and Job Opportunity

Shawn and Chris have a casual conversation. Chris mentions he is still looking for work, and Shawn suggests he reconnect with Fred at Whiz, as Fred needs someone in Singapore where Chris is based. Chris agrees to pursue this opportunity. Shawn hints at an unusual interaction Chris had that they should discuss privately later. Chris has an upcoming food delivery so goes on mute briefly. Shawn alludes to purposefully challenging circumstances he is facing currently.

Shawn Listens to Music Quietly

Shawn appears to be listening to music and occasionally making comments or singing along with the lyrics. The transcript consists mostly of short phrases like "E aí?" (Portuguese for "What's up?"), "Música" (Music), and some English lyrics and fragments. No substantive discussion or decisions seem to have taken place during this segment.

Networking and Certifications Discussion

In the meeting, Shawn initiated a discussion about networking and encouraged everyone to connect on LinkedIn. Matt Alvarez then took the lead, inviting everyone to introduce themselves and share any topics they wanted to discuss. Alhaji shared his recent achievement of passing the Terraform Associate Exam and offered advice for others considering the certification. He emphasized the importance of hands-on experience and learning from failures. Kyle also shared his plan to take three beginner Google certifications offered for free by his school. The conversation ended with Matt Alvarez thanking Alhaji for his insights and encouraging others to share their thoughts and experiences.

Addressing AI Security Challenges

Alhaji initiated a discussion on AI security, specifically focusing on the safety and interaction aspects. Matt Alvarez suggested that securing AI infrastructure and generative AI models is a never-ending race due to the constant evolution of social engineering tactics. Neil disagreed, stating that it's a common challenge in security and that there are approaches to mitigate these issues. He mentioned the OWASP top 10 for large language model applications as a starting point for defenders. Neil also highlighted the work of Prompt Security, a startup focusing on AI security, and the importance of not training AI models on confidential data. Jay emphasized the importance of intermediate steps in the process, such as anonymizing data and tying AI models to business systems with user authorizations. The team agreed that while there are challenges, there are also effective ways to address them.

AI Tools and Security Concerns

In the meeting, Kimberly shared her experience with an AI tool, Loopio, which significantly improved their security questionnaires. However, she also mentioned concerns about the tool's ability to crawl internal data without proper controls. Shawn expressed his dislike for Loopio, stating it never provided him with a good answer. Neil discussed his experience with an AI tool, highlighting its limitations and the need for more training data. He also mentioned a conversation with a vendor who has fully embraced generative AI. Matt Currie shared his approach of using multiple AI agents to fact-check each other, which has improved the accuracy of their responses. Paul raised a question about the use of Bayesian statistics in AI models, which Neil responded to, explaining that Bayesian models are useful for tasks like image generation from a prompt. The team also discussed the potential of Microsoft Purview SDK to protect custom AI apps.

AI Applications and Governance Discussion

The team discussed the potential of AI and its applications, with a focus on its use in INFOSEC and network fault detection. They agreed that AI should be used judiciously and not as a replacement for human cognition. The team also discussed the importance of governance and assurance programs for AI, with a particular emphasis on ensuring that AI tools deliver what they are intended to. The conversation also touched on the potential for AI to be used for malicious purposes, but the team did not find substantial evidence to support this. The team also discussed the need for documenting the components of AI, such as its version, training data, and license structure, to ensure its reliability and security.

AI Hype and Misuse Concerns

The team discussed the topic of AI, with various perspectives shared. Chris and Matt Alvarez expressed concerns about the overuse and misuse of AI, while Jay suggested that AI might become a standard part of infrastructure in the future. Matt Currie shared his experience of using AI to improve efficiency in his team's operations. Kimberly compared the current AI hype to the 5G hype in the telecom industry, warning about the potential for overinvestment and disappointment. The team also engaged in light-hearted banter, with Chris joking about the need for more inclusive lighting in Zoom calls.

Exploring AI Benefits and Concerns

The team discussed the potential benefits and concerns of AI. Paul and Chris emphasized the importance of not being overly critical of AI, but also recognizing the need for guardrails. Shawn and Neil highlighted the usefulness of AI in note-taking and language assistance, respectively. Kimberly shared her positive experience with AI in creating a battle card, while Matt Alvarez offered to help address concerns. Mario, who has implemented generative AI in healthcare, offered to share his knowledge and experience. The team agreed to gather questions and concerns for a future discussion on AI implementation and risk mitigation.

Speed of Light and AI Discussion

In the meeting, Don initiated a discussion about the speed of light and its implications for internet speeds. Kyle clarified that the speed of light is a constant and cannot be surpassed, even with the use of undersea cables. The team also discussed the potential of quantum entanglement for faster communication. Matt Alvarez humorously suggested that he would figure out how to fold space and increase internet speeds. The team also touched on the topic of artificial intelligence, with Matt Currie emphasizing the need to use AI as a supplement to human teams, not a replacement. The conversation ended with David sharing his experience using OpenAI for his son's English exams and wishing everyone a happy holiday.

Next steps

- Shawn to follow up with the Azure expert to schedule their presentation in the coming weeks. - Alhaji to connect with David on Discord to discuss Azure complications. - Brad to assist Alhaji with Azure-related questions if needed. - Shawn to remind Patrick Maddox about joining a future meeting. - Shawn to prepare for next week's meeting with a planned presentation and content.

Incoherent Discussion With Shawn

Shawn appears to be speaking incoherently, making statements that do not form a comprehensible discussion. No decisions, alignments, next steps, action items, or open questions are discernible from his disjointed statements.

Shawn's Reflections and Read's AI Update

Shawn expressed his feelings about a past relationship, reminiscing about the person and the memories they shared. He also mentioned his desire for something tangible and his struggles with the changing seasons. Mary responded to Shawn's comments. The meeting also included a chat message from an unknown speaker, who mentioned that JL had added read.ai meeting notes to the meeting. The chat message also provided information about Read's AI-generated meeting summaries and how to disable or delete meeting data.

Christmas Celebrations and Newcomers

In the meeting, Shawn greets everyone and expresses feeling unwell. He opens the discussion for any topics. Neil and Shawn admit to feeling fuzzy-brained. Chris asks about Christmas celebrations, which Shawn had a rough week leading up to but hopes next year will be better. Chris shares that Christmas is not a big holiday in Singapore. David tries to show a Lego set but has technical issues. Waleed, a participant from Toronto, introduces himself and shares how he joined the group through a colleague. The group welcomes Waleed and Chris invites other newcomers to introduce themselves. He then opens the floor to discuss Christmas travels or celebrations.

AWS Services and Weather Experiences

In the meeting, Chris, Neil, Shawn, David, Mario, James, and others discussed their locations and experiences. Neil was in the mountains of North Carolina, while Shawn's sons were learning to drive in California. David shared his preference for Southern California's weather and his dislike for Ireland's cold. Chris and David discussed their experiences with Seattle's weather. Neil shared his recent experience at the Reinvent conference, where he met with AWS representatives and discussed their product roadmap. Shawn mentioned an interesting new release from AWS, a managed EKS, and a new incident response service framework. The team also discussed the challenges of being completely on AWS and the potential benefits of their new services.

AWS EKS, Windows Upgrades, and Ham Radio

In the meeting, Shawn discusses a new Amazon Web Services (AWS) offering that enables cost-effective use of Elastic Kubernetes Service (EKS) clusters for development and deployments. David and Matt share insights on Microsoft's approach to incentivizing upgrades from older Windows versions, while Neil provides context on extended security support costs for enterprises. Additionally, they touch on the adoption rates of Windows 11 and speculate on the reasons behind Microsoft's strategy. The conversation also includes a brief tangent about Shawn's interest in ham radio software that necessitates using Windows machines.

Operating System Preferences and Troubleshooting

The team discussed their experiences with different operating systems, with Shawn and Neil expressing their preference for Mac OS, while David and James shared their dislike for it. Shawn shared a story about how his Windows laptop was a running joke between him and Chris, and how he eventually switched to Mac after the release of the iPod. Neil shared his experience of using Linux at Microsoft and his transition to Mac after leaving the company. The team also discussed the troubleshooting tools available in Windows, with Neil recommending the use of Ms. Config and Task Manager. James shared his experience of supporting Windows NT and his preference for Mac for personal use. Mario mentioned an issue with his Windows laptop, which led to him needing to replace it.

IT Performance and Security Challenges

The team discussed various IT-related issues, including the performance of computers and the deployment of security software. David shared his experience of improving the startup time of a computer from 5 minutes to 7 seconds, highlighting the importance of efficient IT operations. The team also discussed the challenges of managing multiple security agents on a single device, with Neil mentioning a security incident where a company had to build their own SIM due to the complexity of available options. Matt expressed his preference for Linux over Windows, citing the need for specific gaming and anti-cheat software as the reason for his continued use of Windows.

Challenges in Vulnerability Management

Neil explains the challenges faced in vulnerability management due to the National Vulnerability Database (NVD) not providing updated vulnerability scores and information this year. With NVD essentially going offline, the industry had to scramble to find alternative sources for vulnerability scoring and details. Various organizations stepped up to fill the gap, leading to multiple data providers with different scores for the same vulnerabilities. This decentralization created confusion but also prevented a complete collapse of vulnerability management processes. While stability has been achieved currently, there are concerns about the future and determining an authoritative source of truth for vulnerability data moving forward.

Operating System Management in Corporations

In the meeting, Brad discussed the advantages and disadvantages of using Windows and Mac operating systems in a corporate environment. He emphasized the importance of corporate policy and centralized management, noting that Macs are more difficult to manage at scale. Shawn and Neil agreed, highlighting the need for group policy for effective management of a large number of users. Matt shared his experiences as a developer, noting the challenges of working with Windows due to company policies. The team also discussed the upcoming presentation on Azure, with Alhaji expressing interest in learning more about Azure subscriptions. The conversation ended with everyone wishing each other a Happy New Year.

Next steps

- Neil to continue monitoring developments with NVD and potential fragmentation of vulnerability scoring systems in 2025. - Jay to explore preventative controls and technologies like eBPF for addressing vulnerabilities earlier in the cycle. - Matt to research Gray Noise and similar proactive threat intelligence services for potential implementation. - Cloud Security Office Hours team to consider inviting speakers on topics like SSVC (Stakeholder-Specific Vulnerability Categorization) for future sessions. - Attendees to review and consider watching relevant CCC (Chaos Communication Congress) presentations discussed in the meeting.

Incoherent Transcript With No Discussion

The transcript seems to contain lyrics or poetry being recited, with no clear discussion or decisions captured. There is insufficient information to provide a meaningful summary based on the given guidelines.

Shawn Recites Song Lyrics

Shawn seems to be reciting song lyrics, mostly in English but also some phrases in Portuguese and Spanish. The lyrics mention someone going away, having a "ticket to ride", and not caring about certain things. Shawn also makes some comments about controlling someone with "moves like Jagger". However, without the actual context, it is difficult to determine the specific content being discussed. The transcript does not appear to contain any clear decisions, alignments, action items or open questions to summarize.

Shawn's Emotional Stream of Consciousness

Shawn shares a stream of consciousness, expressing a range of emotions including loneliness, love, and existential musings. He occasionally breaks into other languages like Portuguese and Spanish. At one point, someone in the meeting chat wishes everyone a Happy New Year and good morning. The transcript does not appear to contain any concrete decisions, action items or open questions from a typical meeting discussion.

Cloud Detection Engineering Presentation

Shawn initiated the meeting, welcoming participants and encouraging them to connect on LinkedIn. He introduced a special guest, Etay Haral from the threat research team, who would be presenting on cloud detection engineering. Shawn also mentioned that the meeting would be recorded for those who wished to participate without being recorded. Etay began his presentation, discussing his journey into detection engineering and his experiences at Gem and Whiz. He highlighted the challenges and opportunities he encountered in building and creating content for detection engineers and SOC teams. The meeting was open for questions and discussions.

Role Unchaining for Incident Investigation

Itay discussed the importance of role unchaining in AWS for SOC teams, highlighting its role in tracing activities back to the original actor. He explained that role chaining, where a user assumes multiple roles, can obscure the identity of the original actor, making it difficult to investigate incidents. Itay emphasized that unchaining is crucial for understanding what happened, investigating, and responding if necessary. He also mentioned two types of attackers: drive-by attackers who are noisy and easy to detect, and more sophisticated attackers who use role chaining to obfuscate their identity. The conversation ended with Itay outlining a process for role unchaining, which involves searching for an assume role event given a suspicious event to investigate.

Challenges in Unchaining AWS Access Keys

Itay discussed the challenges faced while trying to unchain the access keys in AWS. Initially, they found temporary access keys to be a useful breadcrumb for unchaining, but this method proved insufficient due to the console port quirk, which generates almost random temporary access keys for console sessions. Itay also mentioned the console conceal quirk, which allows attackers to use the AWS console for reconnaissance without their activities being logged with the relevant access key. However, Itay noted that attackers typically use the console for reconnaissance rather than to obfuscate their identity. Consequently, they had to find alternative breadcrumbs to unchain the role assumption chain. They discovered the identity tuple, which consists of the session name, role name, and session creation date, as useful breadcrumbs. This method has proven effective in unchaining across multiple accounts within an organization. Itay also clarified that external identity providers (IDPs) like Octa simplify the process of unchaining, as they restrict certain actions that attackers might exploit.

Cloud Monitoring and Log Analysis

In the meeting, Shawn and Itay discussed the operationalization of cloud monitoring and the importance of log analysis. They highlighted the need for a policy to react to events and the role of different teams in monitoring alerts. Itay emphasized the importance of role unchaining for investigation and detection, particularly in large-scale operations. He also discussed the benefits of unchaining in ingestion time, such as creating investigation breakdowns and building a detection engine. The team also touched on the cost implications of log collection and analysis, with Shawn noting that smaller operations might find Guard Duty useful but it becomes expensive and less useful in larger environments.

Parser Challenges in Cloud Investigations

In the meeting, Itay discussed the importance of parsers in creating a comprehensive investigation graph for understanding attack timelines. He highlighted the challenges faced with AWS and Azure, noting that AWS requires more complex parsing due to its event structure. Itay also shared a method of cross-referencing logs and inventory to build better timelines. Matt Alvarez asked about the difficulty of tracking actors across different cloud service providers, to which Itay responded that GCP is the easiest, followed by AWS, and then Azure. Jay agreed with Itay's assessment, noting that even Microsoft struggles with Azure.

Gratitude, Future Sessions, and Tech Impact

Shawn expressed gratitude for Itay's presentation and invited him to return for future sessions. Shawn then left the meeting to undergo a pet scan. The team wished Shawn good luck and expressed their appreciation for Itay's contribution. The team also discussed the upcoming changes in the administration and the potential impact on their work. Jay and Matt Alvarez discussed the interesting talks they had attended at the CCC conference, highlighting the political undertones and the impact of technology on society. They also discussed the recent appeals court decision striking down net neutrality rules, expressing concern about the potential consequences. Neil mentioned that NVD had enriched about 1% of all new CVEs in the last two weeks of December and that Cisco seemed to be backing away from them.

Vulnerability Management and Scoring Challenges

This segment discusses ongoing challenges and perspectives regarding vulnerability management and scoring systems like the NVD and CVSS. Neil expresses concerns about the fragmentation of vulnerability scoring approaches as NVD's role becomes uncertain, potentially leading to inconsistent prioritization. Jay suggests focusing more on preventative controls rather than chasing alerts. They acknowledge communication issues from NVD but debate whether a centralized vulnerability scoring system is truly necessary. The discussion highlights the difficulties smaller organizations face in keeping up with vulnerability remediation amidst an overwhelming number of alerts.

Gray Noise, Paid Intelligence, and Vulnerabilities

In the meeting, Matt Alvarez discussed the potential of Gray Noise as a proactive tool for detecting exploits, suggesting it could provide valuable context on exploitability. Neil expressed concerns about the increasing reliance on paid intelligence services, fearing it could widen the gap between those who can afford protection and those who cannot. Jay emphasized the importance of having a good backup strategy and being able to respond quickly to vulnerabilities, suggesting that early detection may not always be the most crucial factor. The team also discussed the challenges of balancing the need for intelligence with the need to protect the ecosystem as a whole.

School District Network Security Challenges

In the meeting, Matt Alvarez shared his experiences working in school district networks and the challenges faced by school districts in maintaining security. He mentioned his father's experience with a ransomware attack that resulted in the loss of data. Jay shared his experience with a university's network team, highlighting the issue of alert fatigue. Matt also shared his experience working at a hotel during its construction, where he encountered alert fatigue due to frequent fire alarm tests. The team discussed the importance of regular drills and procedures to prepare for emergencies. Neil shared his experience participating in the Polar Bear Plunge in Coney Island on New Year's Day. The team ended the conversation with well wishes for the upcoming weekend.

Next steps

- Tyler to schedule a presentation on HashiCorp for a future Cloud Security Office Hours meeting. - Kyle to connect with Tyler on LinkedIn for potential mentorship opportunities. - Mario to give a presentation at next week's Cloud Security Office Hours meeting. - Shawn to continue sending out email reminders just before the weekly meetings to increase attendance.

Shawn's Bizarre Warm-Up Session

In this bizarre transcript, Shawn appears to be reciting song lyrics and random phrases, with occasional short exchanges with Ian. There are no clear decisions, alignments, next steps or open questions discussed. The transcript seems to capture Shawn warming up for a meeting or presentation by singing song snippets, while Ian confirms he is ready to present a 21-slide deck. However, the actual content of the meeting is not present in this segment.

Azure Cloud Community Leader Presentation

In the meeting, Shawn welcomed everyone and introduced Ian McCree from Cis, who was to present a presentation. The meeting also saw new faces, including Tyler Lynch from Hashicorp and Roland from 40 net. Tyler was identified as a potential future presenter. They were identified as a potential future presenter. The group also discussed the importance of networking and making connections, with links to their Discord and Telegram channels shared. Ian then took over to present on his role as the Azure Cloud Community Leader at Cis, sharing his background and expressing hopes for engagement and volunteer opportunities.

CIS Benchmarks and Secure Configurations

Ian provided an overview of the Center for Internet Security (CIS) and its benchmarks. He explained that CIS was founded in 2000 to help state, local, tribal, and territorial organizations build appropriate defenses against evolving threats. The CIS benchmarks are prescriptive, providing actionable guidance for secure configurations in various platforms. Ian emphasized the importance of secure configurations, noting that misconfigurations are the third most common attack vector for cloud platforms. He also discussed the development process of the CIS benchmarks, which involves community engagement, consensus building, and iterative refinement. Finally, Ian gave an example of a benchmark recommendation, explaining its components such as numbering system, title, profile, applicability, and rationale.

CIS Cloud Benchmarks and Volunteering

Ian discussed the CIS Cloud Benchmarks, which are free and widely followed for their broad impact on cybersecurity. He explained that the benchmarks are divided into two types: foundational benchmarks applied at the tenant or subscription level, and service category benchmarks for specific products. Ian also mentioned that the benchmarks are mapped to other frameworks and are intended to provide a base level of security. He encouraged the team to contribute to the benchmarks, even if they lack extensive cybersecurity experience, as it would help them in their professional journey. Tyler suggested that newcomers could start by registering as a volunteer, asking for a mentor, and learning through the meetings they attend. Shawn and Tyler also emphasized the value of volunteering for early career professionals, as it demonstrates involvement in the industry and can be beneficial for future career opportunities.

Community Input and Automation Discussion

In the meeting, Jay asked about the relationship between the providers and the community, specifically if there's an established pipeline for suggestions on how to configure the landscape. Ian clarified that the most active input comes from the community, with independent vetting of all submissions. He also mentioned that the community has different calls and discussions, and that Microsoft and other providers have been active in his community. David Gargan raised the idea of using RPA bots for implementation and suggested that the CIS team could potentially close a commercial gap by automating assessment and remediation. Ian acknowledged this and mentioned that they have a basic platform for automated assessment, but not for cloud communities. Mischa expressed gratitude for the work done by the CIS team and asked about the process of deciding whether to provide coverage for a new product. Ian explained that it depends on pre-existing coverage, popularity, and severity of vulnerabilities. Tyler offered to help with one-on-one mentoring and Shawn shared the good news that his cancer is not metastatic.

Firewalls, VPNs, and Enterprise Security

In the meeting, Neil discussed the ongoing issue of firewall and VPN vendors getting compromised, citing a recent example of a ticketing website hack. He also shared a past experience of a security incident at a large organization, where a widely shared service account was used to gain domain admin privileges. The team also discussed the challenges of balancing risk and cost in security, with Jay emphasizing the importance of considering the overall enterprise business risk. Shawn thanked everyone for attending the meeting and encouraged them to look for the meeting invite from the previous week. The team also discussed the importance of security vendors vetting their processes and the challenges of updating systems without causing operational downtime.

Next steps

- Shawn to schedule a resume review session for job seekers and those looking to improve their resumes. - Interested participants to send their resumes to Shawn or post them on Discord for the upcoming resume review session. - Attendees to join next week's open session for stream-of-consciousness sharing and discussion. - Attendees interested in learning more about AI to explore open-source projects and join AI-related communities for practical experience. - Nathaneal to provide tips on creating an AI chatbot with RAG to interested attendees via Discord.

Nonsensical Transcript Discussion

The transcript appears to be mostly nonsensical phrases and lyrics rather than a real meeting discussion. Therefore, it is not possible to provide a meaningful summary following the given guidelines.

Incoherent Rambling With No Decisions

Shawn appears to be rambling incoherently, repeatedly saying phrases like "Vocês vão", "E aí?", "Eu acho", and "Legenda: Adriana Zanotto". There does not seem to be any substantive content or discussion occurring. Without any clear decisions, alignments, or action items mentioned, the summary is that there was no meaningful conversation captured in this transcript segment.

Provocative Lyrics in Meeting

Shawn appears to be singing lyrics, possibly freestyle rap, that contain provocative and suggestive language involving control, attraction, and intoxication. The lyrics do not seem to convey any clear decisions, alignments, action items or open questions relevant for a meeting summary.

Shawn's Multilingual Song Lyrics Discussion

Shawn appears to be singing song lyrics and making remarks in multiple languages, including Portuguese, Spanish, and English. The lyrics cover themes like love, God, and music. At one point, an unknown speaker joins and comments on the lyrics Shawn is generating. There does not seem to be a coherent discussion or any decisions, alignments, or action items emerging from this transcript segment.

Welcome and AI Presentation Discussion

The meeting began with greetings and introductions, including a welcome to new members. Shawn expressed gratitude for the team's participation and mentioned the group's 2-year anniversary. A LinkedIn thread was shared for networking purposes. Mario then presented a topic related to AI, and the meeting was recorded for future reference. Katie, a new member from Oxford, introduced herself and shared her interest in cloud security. The conversation ended with Mario's presentation on AI.

Protecting Enterprise Data Privacy With LLMs

The meeting discusses the importance of protecting enterprise data privacy from threats posed by large language models (LLMs) like ChatGPT. Mario and Walid highlight that 21% of data shared with LLMs is private, with 27% of employee-shared data being confidential. They emphasize upcoming AI data privacy regulations across the US, mandating data preprocessing, removing personal identifiable information, and robust data classification before LLM interaction. Noncompliance can lead to significant fines up to 4% of global revenue or $20 million. The speakers stress the need to address data privacy as a pressing requirement given the increasing adoption of LLMs and the risks of exposing sensitive information inadvertently.

AI Model Security Risks Discussed

Mario discussed the top 10 security risks associated with AI models, with prompt injection being the most significant. He explained two types of prompt injection: direct, where users bypass security controls by manipulating data, and indirect, where users trick the AI model into revealing confidential information. Mario also highlighted the challenges of undoing these actions once they've been done, given the significant investment in creating the AI models. He further discussed the risks of data loss prevention, code injection, and the use of AI agents for software development. Lastly, he touched on the potential risks of multimodal AI, which includes voice and image inputs. The conversation ended with Mario preparing to demonstrate a website that can be used for indirect injection.

Private LLMs for Sensitive Data

The team discussed the potential risks and benefits of using private versus open-source language models (LLMs) for sensitive data. They agreed that owning a private LLM in an air-gapped environment is the most secure way to handle confidential information. However, they also noted that running a private LLM can be expensive and complex. The team also discussed the idea of fine-tuning a base model on a specific task to enhance its performance and security. They concluded that the best approach is to not send sensitive data to an LLM in the first place, but to obfuscate or mask the data before sending it to a third-party LLM. The team also touched on the topic of RBAC and RAG, but did not delve into detail.

Training AI for PII Masking

Walid discussed the process of training an AI model to identify and mask critical personal information (PII) for businesses. He explained that the model could be fine-tuned on specific PII types, such as names or addresses, and then deployed to mask data before it's sent to an LLM. Walid also demonstrated how to use the Ubi platform to upload a dataset, label it, and fine-tune a model. He emphasized the importance of achieving high accuracy in the model's performance and suggested ways to improve it. The conversation ended with Walid demonstrating the model in action, anonymizing data before sending it to an LLM.

Protecting Data With LLMs and AI

The meeting discussed a technique for using large language models (LLMs) without exposing sensitive data. Walid and Mario presented a multi-step process where an entity recognition model first identifies and masks sensitive information like names and account numbers in the input text. This masked text is then sent to an LLM which generates a response without ever seeing the actual sensitive data. Finally, the sensitive information is de-anonymized and inserted back into the LLM's response. This allows utilizing LLMs while protecting private data. The discussion also touched on topics like prompt engineering for controlled data access, joining open-source AI communities for learning, and the need for systems-level orchestration skills in the AI field.

Next steps

- Keep monitoring developments with CISA and potential impacts on cybersecurity policies. - Continue following the OpenGrep project and its implications for open-source security tools. - Stay informed about the ongoing Wordpress management situation and potential security implications. - Share updates on the Powerschool breach and its impact on school district cybersecurity in future meetings. - Schedule presentation from Dustin's daughters for March.

Shawn's Diverse and Complex Statements

Shawn makes a series of seemingly unrelated statements, covering topics such as the academic world, eyes being on something, not wanting others to possess bodies, songs, fashion, sharing, stigma, shame, explaining things, following roads, being on the ground, freedom, family, dreams, industry, caves, patrols, blame, games, prices, fairness, taking someone somewhere, care, reason, opening eyes, and bodies hitting the floor. He also mentions various concepts like nothing being wrong, something having to give, letting go, consuming fear, good girls, America, horses, boyfriends, free ways, breaking things, family pirates, bad boys, shadows, the good, the one, riding names in the sky, and going out into nothing.

Cryptic Statements and Creative Writing

Shawn discusses various cryptic statements and phrases in a stream of consciousness style, potentially referring to lyrics or creative writing. No clear decisions, alignments, or action items are discernible from the transcript.

Betrayal, Loss, and Desire for Revenge

Shawn expressed his feelings of betrayal and loss, mentioning a past relationship that soured and a sense of orphanhood. He also touched on the theme of friendship, suggesting that he had been deceived by someone he trusted. Shawn also mentioned a sense of anger and a desire for revenge, possibly against a person who had taken something from him. He ended the conversation with a reference to a son and a man, suggesting a complex and possibly tumultuous relationship.

Adriana Zanotto and Fragmented Discussion

In the meeting, Shawn led the discussion, with occasional interruptions from an unidentified speaker. The conversation was largely fragmented and lacked clear context. Shawn mentioned a person named Adriana Zanotto multiple times, but the reason for this was unclear. There was also a mention of a song or music, but the context was not provided. The conversation ended with Shawn welcoming everyone to the cloud security office hours and suggesting a few minutes of waiting time before starting the introductions.

Cybersecurity Concerns and Election Integrity

The team discussed the potential implications of the current administration's actions on cybersecurity and election integrity. Kyle brought up the topic of the President's efforts to dismantle Siska, which could have significant impacts on national security and cybersecurity. Shawn and Neil agreed that the news was initially more alarming than necessary, and that it was too early to panic. They also discussed the potential effects on CISA and NVD, emphasizing the need to carefully monitor the situation. Jay added that the team is lucky to have someone tracking these developments, and that the situation is complex due to the involvement of other people behind the President's actions. The team agreed to continue monitoring the situation and to be prepared for any changes in the cybersecurity landscape.

New Members Join and Discuss Format

The meeting began with Shawn welcoming new members to the group and encouraging them to ask questions. New members introduced themselves, including Precious, a data analyst from Oklahoma City, and Aidan, a master's student at the University of Michigan. Shawn also mentioned that the group includes members from competitors Orca and Whiz, but they come together for the community. The conversation ended with Shawn describing the typical format of their sessions, which include open discussions and occasional presentations.

NYU Cyber Security Master's Program

Paul discussed his enrollment in a new course at NYU's Cyber Security master's program, focusing on global perspectives in technology. The course includes a required travel component to London and will study the geopolitical, societal, and historical differences between major countries and how they affect technology and cybersecurity. The group also discussed the potential for avoiding politics in cybersecurity, with Shawn and Matthew sharing their experiences of managing permissions and secrets in their work. Jay and Neil shared their experiences of dealing with political and legal issues in their roles, particularly in incident response and investigations. San and Brandon discussed the importance of understanding the unspoken rules in certain countries and the limitations of cyber insurance in conflict zones. The conversation ended with a topic change suggestion by Brandon.

Open Source Software in Cybersecurity

The team discussed the challenges and opportunities of open source software in the context of cybersecurity and insurance. Jay clarified that the insurance industry has become more selective in offering cyber insurance, vetting potential clients and their security programs before providing coverage. Brandon raised a question about policyholders in war zones, while Neil discussed the recent fork of Semgrep and its implications for open source software. The team also discussed the potential for monetizing open source software through services and products built on top of it, and the importance of learning tools through community editions. The conversation ended with Matt emphasizing the value of open source software in enabling people to learn and potentially use a tool in a professional setting.

Open Source Software Security Concerns

The group discusses open source software, its benefits and challenges. Neil shares that 10% of new CVEs in 2024 came from the Linux kernel and Wordpress plugins, highlighting security concerns. Josef cautions against companies offering both open source and paid versions due to potential conflicts of interest. The group debates the definition of open source and whether commercial use is allowed based on licensing. There is also discussion around providing free trial versions versus fully open source products, weighing costs versus risk. Towards the end, Shawn mentions two young girls who found security bugs in Google products and got paid through the bug bounty program, serving as an example of "advanced persistent teenagers." The group seems interested in having the girls present at a future meetup.

Next steps

- Mario to lead a future discussion on preparing careers for AI-driven changes in the job market. - Paul to propose a dedicated meeting topic on AI's impact on critical thinking skills, particularly for youth in education. - All participants to consider ways to integrate AI tools safely and effectively in their work processes. - All participants to focus on developing and maintaining human skills that complement AI capabilities, such as critical thinking, problem-solving, and interpersonal communication. - Shawn to follow up on upcoming presentations, including one from Philip.

Incoherent Song Lyrics and Text

This transcript appears to be a collection of song lyrics and other fragmented text, rather than a meeting transcript. Since it does not contain coherent discussion or dialogue about any specific topic, it is not suitable for summarization according to the guidelines provided. There are no decisions, alignments, next steps, action items or substantive discussions to summarize.

Shawn's Song Lyrics and Greetings

Shawn recites lyrics from various songs, including themes of travel, partying, and romance. The conversation includes a mix of English and Portuguese phrases, with no clear discussion topics or decisions made. Two brief chat messages from unknown speakers greet the participants with "Good Morning."

Cloud Security Professionals Network

The meeting was a gathering of professionals from various backgrounds, primarily in cloud security. The attendees included David, a former pen tester, Afrida, a recent graduate with a focus in cyber security, Edmond, a senior cloud engineer, Umang, a cloud security architect, Thomas, a senior cloud security engineer, and Brad, a security professional looking to transition into cloud security. The group discussed their experiences and interests in cloud security, with many expressing a desire to network and learn from each other. The meeting also saw the introduction of new faces, including David and Afrida, who shared their backgrounds and aspirations in the field. The group also discussed the potential for future meetups and collaborations.

DeepSeek Security and Motivations

The meeting began with Tim and Neil reminiscing about their time at Microsoft. Shawn then emphasized the importance of participation in the meeting, encouraging everyone to ask questions and engage in discussions. The group discussed the recent security issues with DeepSeek, an AI database, with some members expressing concerns about the app's potential to collect sensitive data. Jay and Neil clarified that the main issue was with the app, not the model itself, and that the model could be run locally without significant security concerns. The conversation ended with a discussion about the potential motivations behind the release of DeepSeek, with some speculating about the involvement of hedge funds.

AI's Impact on Job Roles and Skills

The team discussed the potential impact of AI on job roles and the need for individuals to adapt to the changing landscape. Matt Alvarez expressed skepticism about the extent to which AI will replace jobs, while Tyler emphasized the importance of using AI safely and responsibly. Mario led a discussion on how to prepare for a future where AI plays a larger role, and David Gargan suggested focusing on human skills like empathy and communication. The team also discussed the importance of staying ahead of the curve in the face of technological changes, with Neil emphasizing the need to find paths that work for each individual. The conversation ended with a discussion on the potential for AI to become sentient and the need for caution in its use.

AI's Role in Security and Development

The team discussed the role of AI in enhancing security and development practices. Tyler highlighted the potential of AI to improve security posture by providing secure recommendations and reducing incidental errors in code development. However, Jay expressed skepticism about the effectiveness of AI in complex tasks, citing past experiences with tools like Sonar Cube. Shawn suggested that AI could serve as a virtual extension of one's skill set, while Patrick emphasized the need for caution in adopting AI tools due to the hype cycle surrounding them. David shared his positive experience with AI in triaging vulnerabilities, but noted its limitations in generating code. Neil stressed the importance of understanding AI security, highlighting the need for deeper knowledge in this area. The team agreed that AI has the potential to improve security, but also acknowledged the need for caution and further exploration of its capabilities.

AI's Impact on Web Development

The team discussed their concerns about the use of AI in web application development. Brian expressed worry about AI potentially hollowing out the bottom of the developer spectrum, as junior developers might rely too heavily on AI tools, leading to a lack of senior developers with experience. Matt Alvarez shared similar concerns, highlighting the potential for AI to ruin early career cognition and the cost-benefit analysis of investing in AI. The team also discussed the environmental impact of AI, with Ramy and Tyler expressing concerns about energy consumption. The conversation ended with Jay suggesting that the trajectory of AI use might follow a similar pattern to other technologies, with a shift in focus as new technologies emerge.

AI's Impact on Work and Skills

The team discussed the impact of AI on their work and the future of technology. They acknowledged that AI is already changing the way they work, with some tasks being automated, and expressed concerns about the potential loss of certain skills. However, they also recognized the benefits of AI, such as its ability to help with writing and translation tasks. The team agreed that while AI may replace some tasks, it will not replace the critical thinking and problem-solving skills required for their roles. They also discussed the importance of adapting to technological advances and ensuring that their value lies in areas that cannot be easily automated. The conversation ended with a discussion about the need for good systems engineers to think holistically about the impact of technology on their work.

Next steps

- Plan and prepare for a future session on leveraging AI/LLM in daily work. - Use Google's Notebook LM to translate English content to Spanish for the church's mental health program for adolescents. - Have native Spanish-speaking teachers at the church review the translated content for accuracy.

Career Pivot Challenges and Networking

Shawn discusses the challenges of making a career pivot, particularly in fields like cloud computing and cybersecurity. He recommends joining the Cloud Security Office hours, a weekly community gathering he helps organize, for networking and knowledge sharing. Shawn emphasizes the importance of connecting with experienced professionals in the desired field for guidance and perspective.

Open Forum and Industry Updates

The meeting began with Chris welcoming everyone and discussing the agenda for the day, which was an open forum for any burning topics or questions. Chris also mentioned that they might be a little light this week due to some folks being out on vacation. The floor was then opened for new folks to introduce themselves, with Ariel, Martin, and Kimberly sharing their backgrounds and experiences. The discussion then shifted to various topics, including sports, specifically basketball and soccer, and the recent 40 gate issue. The team also discussed the use of Fortinet products in their respective industries and the potential vulnerabilities associated with them. The conversation ended with Chris thanking everyone for their participation and encouraging them to continue sharing their thoughts and experiences.

Managing Multiple Microsoft Cloud Platforms

The group discusses the challenges of managing and securing multiple Microsoft Cloud products and other SaaS platforms. Ross raises the question of how to manage the various Microsoft Power platforms that are not interrelated. Jay mentions using as little as possible of these platforms, focusing mainly on Azure for infrastructure. Shawn explains that this is a significant problem in the industry, with security controls now merging between traditional SaaS and cloud infrastructure solutions. The discussion touches on the importance of managing data across platforms, identity as a perimeter, and the need for tools to stitch together information from various sources. David Bravo brings up the perspective of offensive security testing in this context, while David Gargan emphasizes the importance of centralized identity providers and governance guardrails when integrating multiple cloud services.

Identity Management and Insider Threats

The team discussed the challenges and solutions related to identity management and insider threats in the context of cloud security. David Gargan highlighted the need for a comprehensive approach to identity management, involving people, process, and technology. Chris and Shawn discussed the importance of role-based access control and limiting the blast radius of sensitive information. Kimberly shared her experience with Lookout, emphasizing the need for reliable demos and the importance of security in the development process. The team also discussed the potential risks of insider threats, particularly in the context of cloud security platforms like Wiz. The conversation concluded with a suggestion for a future session on securing Cloud Security Posture Management (CSPM) tools.

AI's Impact on Cybersecurity Jobs

The team discussed the impact of AI on the job market, particularly in the cybersecurity field. They debated whether AI would replace jobs or create new ones, with some members expressing skepticism about the long-term viability of AI. The conversation also touched on the potential for AI to automate certain tasks, such as malware creation, and the need for human involvement in the process. The team also discussed the concept of "The Magic Box," a term used to describe the potential of AI to revolutionize various industries. The conversation ended with a discussion about the potential for AI to impact coding jobs and the need for a holistic approach to cybersecurity.

AI's Impact on Workforce and Security

The meeting discussed the potential of AI and its impact on various sectors. Kyle expressed his concern about the security threats posed by AI, suggesting that it could be more effective to jailbreak a chat GPT than to use it. Mario emphasized the importance of human involvement in AI processes, stating that AI can self-serve tasks like password resets, but human judgment is necessary for tasks that require compassion and understanding. He also highlighted the potential of AI as a workforce multiplier. Kimberly shared an example of AI being used for early detection of fires in San Diego, which Mario agreed was a good use of AI as a force multiplier. Matt agreed with Mario's points and emphasized the distinction between AI and large language models, noting that while large language models can automate tasks like password resets, they are already being automated through other means. The conversation ended with a suggestion for a future topic on how everyone is leveraging AI in their daily work.

Automation, AI, and Language Translation

The team discussed the potential impact of automation on the labor market, with Matt expressing skepticism about the large language model front. Mario suggested that the shift from mundane tasks to more cognitive and reasoning-based tasks could be beneficial for those who can redesign and reimagine things. The team also discussed the use of AI for translation, with Kimberly seeking recommendations for translating content from English to Spanish. The team agreed that while AI can be useful, it should be verified by a native speaker for accuracy. The conversation ended with Chris encouraging the team to use the Discord channel for casual chats and expressing gratitude for everyone's participation.

Next steps

- Shawn to post AI-generated summary of the meeting in the group's communication channels. - Chris to start doing weekly video call-outs for the Cloud Security Office Hours call and solicit topic suggestions in the comment sections. - Group members to submit resume review requests to resume@csoh.org for future resume review sessions. - Group members to check out and contribute to the new subreddit for Cloud Security Office Hours. - Group members to suggest topics for future discussions by emailing shawn@cshcsoh.org, posting in Discord, or commenting on the subreddit. - Philip Bogaritas to give a presentation at next week's meeting.

Incoherent Conversation With Shawn

Shawn had a conversation, but the transcript was largely incoherent and difficult to understand. There were repeated phrases and names, such as "Adriana Zanotto" and "Eu acho que," but the context and meaning were unclear. It was impossible to discern any decisions, alignments, next steps, action items, or open questions from the conversation.

Lively Discussion With Sports References

Shawn led a lively discussion, filled with music, sports, and personal greetings. The conversation included references to various sports, including a mention of a "high surf advisory" and a "Tarantinoesque killing spree." There were also personal greetings and acknowledgments, with Shawn expressing gratitude to various individuals. The conversation ended with a discussion about a "Cloud Security Love Music" list for Securitines Day, with Richard and D contributing to the conversation.

New Members Join Cloud Security Office

In the meeting, Chris, the host, welcomed new members to the Cloud Security Office Hours and encouraged them to introduce themselves and share their experiences. Paul, a new member, introduced himself and shared how he found the group. Chris and Neil discussed the recent award won by Patrick, highlighting his dedication and contributions to the team. Pulkit, another new member, introduced himself and expressed his interest in learning more about security. The group also discussed the idea of a resume review session, with Shawn explaining the benefits of having a diverse group review resumes to provide valuable feedback. The conversation ended with Richard mentioning the topic of social events and navigating them.

Professionalism, Mentorship, and Career Development

In the meeting, the team discussed various topics including the importance of maintaining professional boundaries at work events, the potential consequences of excessive drinking, and the importance of mentorship and networking for early career professionals. Neil emphasized the need to avoid bad behavior and peer pressure, while Matt Currie shared his experience as a chef and the importance of setting limits when drinking. Chris and Yashesh also highlighted the importance of having mentors and coaches in one's career. The team also discussed the importance of being cautious when searching for job opportunities on LinkedIn. Towards the end of the meeting, the team agreed to start a resume review session.

Resume Formatting and Quantifiable Data

In the meeting, the team discussed the formatting and content of a resume. They agreed that the current format was not ideal and suggested improvements such as indenting certain sections and using a more readable font. They also discussed the importance of quantifiable data in resumes, with Tyler emphasizing the need for specific metrics to support claims. The team also discussed the potential for tailoring resumes to specific job applications. Alhaji shared that he has multiple versions of his resume, tailored to different job applications. The team also discussed the challenges of measuring security improvements and the importance of storytelling in explaining metrics.

Resume Writing and Careerio Discussion

In the meeting, James suggested using Careerio for resume writing, highlighting its time-saving benefits and customizable templates. Tyler emphasized the importance of investing in oneself, even if it means spending money on tools like Careerio. Alhaji asked about the relevance of mentioning non-technology experience in a cybersecurity resume, and the group agreed that it could be beneficial if it showcases transferable skills or personal projects. The team also discussed the importance of personalizing resumes and using tools like Chat GPT to ensure the right keywords are included. The conversation ended with a review of a sample resume, with Tyler providing feedback on its formatting and data specificity.

Resume Consistency and Career Progression

In the meeting, the team discussed the importance of consistency in fonts and font colors on resumes. They also discussed the placement of certifications on resumes, with the consensus being that they should be placed towards the top. The team also discussed the handling of layoffs on resumes, with the general consensus being that it's better to be open about it rather than omit it. The team also discussed the possibility of having more career progression stories shared in future meetings. Lastly, the team discussed the idea of having a highlight series where individuals share their career paths and experiences.

Next steps

- Mario to expedite the approval process for the April 11th or April 4th ask. - Mario to transition PM duties to Mark Weis over the next 1-2 weeks. - Mario to arrange an introductory call with Mark Weis. - Team to provide additional test data for edge cases. - Team to complete face enhancements and work on the updated model design. - Team to revise the operating manual and create FAQs including edge cases. - Mario to rearrange next week's schedule due to his absence on February 27th, 28th, and March 3rd. - Mario to extend Wednesday office hours. - David to prioritize addressing the UIPath versioning issue. - Mario to join the office hour session on Tuesday, February 25th at 11 AM EST to discuss timelines and activities. - Mario to introduce Mark Weis via email and CC him on meeting discussions. - Mario to send out meeting minutes.

Request Timeline and PM Transition

Mario discusses the timeline for making a request on April 11th, with a fallback date of April 4th if needed. He has already obtained alignment from Chris and expects approval. Mario is transitioning his PM duties to Mark Weis but will remain available if issues arise. The team is on track for the February 28th PDF target, and Mario recommends gathering additional test data to handle edge cases. He suggests using a rubric to evaluate enhancements based on ease of use, impact, and confidence in meeting requirements.

Discovery Enablement Presentation Overview

Justin and Ben are presenting on discovery enablement to a group of employees who are not attending a company event. Mario introduces the meeting, noting that it is being recorded and that they have a substantial amount of material to cover. Justin begins the presentation by introducing himself.

New Features in Discovery Tools

Mario presented on the new features in the discovery tools, specifically task mining and process mining. He explained the process of extracting data from IT systems, transforming and uploading it into the process mining app, and visualizing the data to gain insights. He also discussed the integration of these tools with automation hub and task mining, and the new features such as the process inefficiencies button and automation potential dashboards. These features are designed to help identify areas for process improvement and automation potential.

Next steps

- Paul to compile a list of current and future AI-related job roles in areas like AI ethics, privacy, and security. - Neil to reach out to a legal contact about potentially joining a future meeting to discuss AI-related lawsuits and legal implications. - Mario to prepare a talk on AI data privacy, anonymization techniques, and risk mitigation for a future meeting.

Shawn's Disjointed Thoughts and Greetings

Shawn appears to be speaking in a stream of consciousness, mixing English and Portuguese. He mentions various disconnected thoughts, including feelings of wanting to leave or stay, and references to music. The conversation ends with repeated Portuguese phrases and greetings.

Shawn's Multilingual Song Medley

Shawn performs a medley of popular songs, including covers of "Tennessee Whiskey" and "Ticket to Ride." The performance includes various genres such as rock, country, and pop. Shawn occasionally switches between English, Portuguese, and Spanish lyrics. The transcript primarily consists of song lyrics without significant discussion or conversation.

Understanding Acronyms and Cloud Security

The meeting began with a casual greeting and introductions from the participants. Neil, the host, encouraged everyone to introduce themselves, especially those attending for the first time. Chris and Neil discussed the importance of understanding acronyms in their field, with Neil sharing a personal experience about the confusion caused by the term "ICP". The meeting also included a discussion about the journey of transitioning from on-prem to cloud security, with Ryan Maltzen sharing his background and experience in the field. The conversation ended with Neil starting a discussion on a question from a friend, which he didn't have an answer to.

Deepening Cloud Security Knowledge

In the meeting, Neil discussed the goal of a new account executive who wants to deepen her understanding of cloud security technology. The team provided various suggestions including scheduling time with engineers to discuss frameworks, participating in product demos, attending cloud security conferences, and obtaining certifications like the AWS practitioner certificate. They also emphasized the importance of understanding business acumen and knowing one's customer for an account executive role.

AI Discussions and Security Concerns

Mario introduces the topic of AI discussions, mentioning three main themes: bulletproofing careers with AI, upskilling, and AI threats. Brian expresses interest in understanding the potential for AI breakthroughs and how prone the ecosystem is to fundamental changes. Alex clarifies that some AI advancements, like DeepSeek, leverage existing models to reduce costs. The group discusses the future of AI development, including potential parallels to Moore's Law and the evolution of AI security. Tyler emphasizes the importance of AI lifecycle management and security in model training and deployment. Neil brings up concerns about data management in AI, citing a recent incident with GitHub Copilot exposing private information. Mario mentions recent AI regulations in the EU and various US states, highlighting the potential for future lawsuits related to AI privacy infractions.

Data Classification and AI Consequences

The team discussed the potential consequences of companies leaking data, particularly in relation to AI technology. San shared his expertise in digital ownership and the potential legal repercussions of leaking proprietary information. He advised against using AI to fix policy documents, as this could expose a company. The team also discussed the importance of data classification and the potential for future roles in AI ethics, privacy, and security. Neil noted that while penalties for breaches have been significant, they have not always been lasting, and the pendulum of regulatory response is likely to continue swinging. The team agreed that data classification is a crucial practice, but acknowledged that it can be challenging to programmatically recognize the mix of confidential, sensitive, and public information in training data sets.

Addressing Data Breaches and Policy

Matt expressed concern about the lack of concern from companies and end users regarding data breaches, attributing it to the prevalence of breaches and the perceived cost of prevention being higher than the cost of recovery. San discussed the need for more people with technological knowledge to enter the legal and policy-making fields to influence change. Neil suggested that the increasing cost of cyber risk insurance could be a positive influence on companies to implement better security measures. Matt also highlighted the issue of outdated lawmakers who lack understanding of technology and its implications, suggesting that replacing them with younger, tech-savvy individuals could lead to better policy-making.

Security, Regulation, and Risk Appetite

The team discussed the differences in security and regulation between the US and Europe. Jay emphasized that Europe's approach is more principle-based, while the US is more lobbyist-driven. He also highlighted the importance of transparency in security, with customers making better purchasing decisions based on how well a company keeps their data safe. The team also touched on the topic of risk appetite, with Matt expressing concern about companies accepting risks without facing consequences. The conversation ended with a discussion about the importance of admitting breaches and the role of incident response in handling such situations.

Next steps

- Dave Gargan to reach out to Gilmar for mentoring on transitioning into cloud security. - Attendees to check out the Cloud Security Office Hours Discord channel and website for additional resources.

Incoherent Song Lyric Discussion

The transcript appears to be a collection of song lyrics and musical phrases, possibly from a recording session or a performance. Shawn sings various lines in English and Portuguese, covering themes of love, self-reflection, and travel. The content is largely fragmented and repetitive, without clear decisions, alignments, or action items being discussed. No meaningful summary can be provided as there is no coherent meeting or discussion taking place in this transcript.

Gathering and Tech Issue Discussion

Shawn opens the meeting with music, and attendees greet each other in the chat. YHL mentions a technical issue with a cable, while others discuss the music selection. The meeting officially begins with Shawn welcoming everyone, followed by greetings from Dave and Alex. Richard notes it's afternoon in his time zone.

Cloud Security Office Hours Overview

Shawn introduces the Cloud Security Office Hours, describing it as a weekly gathering of experts in cloud security where participants can ask any questions related to the field. He emphasizes that the group is open to people transitioning from other careers into cloud security, highlighting the value of diverse skills and backgrounds. Neil adds that many successful professionals in the field have come from different backgrounds. Gilmar, a new participant from Brazil with a background in IT engineering, introduces himself and shares his journey of focusing on AWS security, obtaining certifications, and working on hands-on projects. He expresses feeling overwhelmed and seeks guidance on his next steps in pursuing a career in AWS cloud security.

Cybersecurity Career Path Discussions

In the meeting, Shawn welcomed new participants including Heather from Marriott 360, Jarrielle from Fairfield, California, and Pavel from Poland. Heather expressed her interest in the field of cybersecurity, while Jarrielle is considering a transition from sales to real estate. Pavel shared his background in technical account management and his interest in offensive security. The diverse backgrounds and interests of the participants were acknowledged. Shawn also highlighted the competitive nature between his company, Wiz, and Orca, but assured that the group remains neutral ground for learning and discussing cybersecurity.

Abdullah's Network Security and Transition Plan

Shawn discussed his upcoming absence for three weeks and handed over to Abdullah. Troy, a new participant, expressed interest in transitioning from DevOps to Security, viewing the role as a security champion. Shawn and Jay emphasized the importance of roles in ensuring security's effectiveness, likening it to good governance. Abdullah, a network security engineer, shared his experience in AWS and his plan to transition to Google Cloud.

Emphasizing Security Expertise Outside Security Teams

The group discusses the importance of security champions and building security expertise outside of dedicated security teams, especially in cloud environments. Neil highlights how cloud adoption has diffused security responsibilities, requiring developers to be more involved in addressing vulnerabilities. Heather emphasizes the need for training and explaining security issues to create a security-focused culture. David shares his approach of using cross-functional working groups to implement new technologies and manage ongoing operations. The conversation also touches on the comparison between Security Onion and Splunk, with Heather noting Splunk's high cost as a significant difference.

Security Tools and Incident Response Challenges

The group discusses the use of security tools like Security Onion, Splunk, and ELK Stack, comparing open source and commercial solutions. They explore the challenges of implementing and maintaining security systems, including cost considerations and the need for skilled personnel. The conversation touches on the transition from open source to paid solutions as organizations grow. Neil shares insights from his incident response experience, highlighting common issues like mismanaged service accounts. The group also discusses the stress and burnout associated with incident response work. Jay mentions submitting feedback to the Australian government on zero trust principles, emphasizing that many organizations may be better off outsourcing their security needs to trusted partners.

Next steps

- Neil to prepare and present a demo on open-source vulnerability management tools like Trivy and OpenGREP in a future session. - Shawn to modify and re-run the poll for future session topics to clarify ranking instructions. - Matthew to set up a suggestion box for future meeting topics. - Carley to research and share information on AI-based approaches to Static Application Security Testing (SAST). - D to post in the Discord general channel about forming a team for Capture The Flag (CTF) competitions. - Don McQueen to consider running a cloud-based CTF in an upcoming meeting. - Kimberly to prepare a presentation on her new role in the VCISO space for MSPs and MSSPs once she's up to speed.

Incoherent Song Lyrics and Phrases

This transcript appears to be a collection of song lyrics, random phrases, and some Portuguese text without any coherent discussion or meeting content. There are no decisions, alignments, next steps, action items, or open questions to summarize. The text does not represent a typical meeting transcript and lacks any meaningful content to summarize according to the given guidelines.

Lively Discussion With Music and Camaraderie

In the meeting, Shawn led a lively discussion, which included a rendition of the SOC Anthem and a song about Tennessee whiskey. The attendees participated enthusiastically, with some even joining in the chorus. The conversation ended on a positive note, with everyone seeming to enjoy the music and camaraderie.

Upcoming Activities and Team Updates

The group discusses upcoming activities and updates. Shawn announces that the group has reached over 1,900 members. D, who is graduating soon, expresses interest in organizing Capture the Flag (CTF) events, and several members show interest in participating. The group also discusses the possibility of running a CTF during an upcoming meeting. Kimberly shares that she has secured a new job as a Channel Systems Engineer at Cynomi, a vCISO platform. The conversation touches on various topics including malware analysis, certifications, and Kubernetes training.

Cloud Platform Selection Challenges

The group discusses challenges and trends in cloud platform selection, particularly in Europe. Jay mentions nervousness about changing cloud providers due to political changes, with some organizations considering repatriation to European providers or on-premises solutions. Shawn notes that many customers are stuck with multiple clouds due to mergers and acquisitions, but some are using sovereign versions of clouds in different regions for data governance. The conversation then shifts to technical aspects of Kubernetes, including workload placement across different node types and geographies. Neil and Mischa explain that modern practices involve creating smaller, purpose-specific clusters rather than large, shared ones, making geographic routing easier. Dane shares that his company sets up jurisdiction-specific clusters, labeling everything with the jurisdiction, primarily driven by EU GDPR requirements.

Political Instability and Corporate Security

The team discussed the intersection of politics and corporate security, noting that political instability could influence business decisions. They highlighted the need to protect against adversaries regardless of their political affiliations. The conversation also touched on the importance of threat research, the potential impact of government layoffs on cybersecurity, and the role of standards in maintaining security. The team expressed concerns about the future of security in the face of political changes and the potential for less secure environments.

Apple's Encryption Decision and Quantum Security

The group discusses Apple's decision to remove encryption for UK users, with Matt arguing it's a reasonable response to avoid giving a false sense of security. Shawn clarifies that the encryption being removed is an opt-in feature not widely used. The conversation then shifts to quantum security, with Jay mentioning it's part of longer-term planning for cloud providers. Robbie introduces himself as a former fisherman now working in cybersecurity. Shawn conducts a poll to gauge interest in future session topics, with product demos and guest speakers emerging as top choices.

AI in SAST: Challenges and Viability

The group discusses the potential for AI in SAST (Static Application Security Testing) and its current limitations. Neil offers to demonstrate open-source vulnerability management tools like Trivy and Grep in a future session. The conversation shifts to the challenges of AI-powered tools, including false positives and the need for human intervention. Participants express concerns about the economic viability of AI solutions, with Matt and Matthew discussing the current "race to the bottom" in pricing for AI services. Jay points out that AI adoption depends on its perceived value and effectiveness, while Junninho mentions Google's struggle to sell AI add-ons for their workspace products.

AI Applications and Limitations Discussed

The group discusses various applications and limitations of AI technology. Jay expresses skepticism about many current AI use cases, calling them trivial. Neil mentions Apple's delayed rollout of more advanced AI features, suggesting these are harder to implement than expected. Matt criticizes Apple's AI suggestions in messaging as unhelpful. Dane argues there are still many untapped opportunities for AI to improve business workflows. Robbie sees value in AI correlating data across enterprise tools. Jay cautions against viewing AI as a magic solution without proper processes and data in place. Kimberly shares a positive experience using AI to analyze her child's educational documents and generate insights.

Next steps

- Paul to share findings about London's environmental monitoring and open data sharing practices after his trip. - Nathaneal to continue exploring best practices for balancing dependency upgrades and stability in his company's GitHub Actions setup.

Wiz Acquisition and Shawn's Recovery

In the meeting, Shawn shared updates about his recent surgery and recovery, as well as the acquisition of Wiz by another company. Matt Alvarez expressed surprise at the news, while D shared his initial concerns about the potential impact on Wiz employees. Neil, who was not aware of the acquisition, was informed by Shawn. The conversation ended with Shawn's intention to stay out of the acquisition discussion.

Acquisitions and Employee Impact Discussed

In the meeting, Shawn discussed his personal experiences with acquisitions and their impact on employees. He expressed optimism about the potential acquisition of Wiz, despite the usual concerns. Neil shared his concerns about acquisitions, citing past experiences where employees were negatively affected. He emphasized the importance of considering the impact on employees during acquisitions. Jay raised a question about the motivation behind the acquisition, expressing confusion about the company's existing portfolio.

Google Acquires Wiz for Security Competition

In the meeting, Shawn speculated that Google bought Wiz to compete with Microsoft's Security Office offering, which is getting good with Defender and Defender for Cloud. He also mentioned that Google wants to be known as security for everybody, not just GCP. Matt Currie suggested that the acquisition could lead to targeted advertising and sales attempts to move people from other cloud providers to Google. Neil agreed with Shawn's theory and added that Google's feeling pressure to compete with Microsoft is fair. He also mentioned that Google has failed to capitalize well on their previous acquisitions. Paul asked if Wiz would retain its name after the acquisition, but Matt Alvarez clarified that they wouldn't be allowed to comment on anything outside of an official channel or press release. Juninho speculated that Google would keep the Wiz name due to its brand recognition and would likely do the same with Mandiant.

Wiz Acquisition and Employee Impact

In the meeting, Matt Currie congratulated the Wiz team on the potential acquisition by Google, acknowledging their hard work. James, a former Wiz employee, shared his perspective on the acquisition, noting that some of the reported figures were inaccurate. Shawn also commented on the acquisition, emphasizing that the deal was not yet finalized and that the media often reported speculative numbers. The team discussed the potential impact of the acquisition on employees, with Matt Alvarez noting that it would depend on the candidates' preferences. The conversation ended with a brief mention of a GitHub action incident, but no further details were provided.

Supply Chain Attack Risks in Open-Source

The discussion focuses on the increasing risks of supply chain attacks, particularly in open-source projects and GitHub Actions. Matt Alvarez points out that the barrier to entry for impactful supply chain attacks is lowering, with even small projects becoming potential targets. Neil adds that despite awareness since the SolarWinds incident, practical solutions like SBOMs have been implemented without clear understanding of their utility. The conversation also touches on the challenges of maintaining security in open-source projects, including the need for pinning actions, the potential for GitHub to enforce security measures, and the legal implications of such enforcement. Mischa highlights the risk of maintainers abandoning projects due to annoying contributors, while Neil discusses the challenges of relying on abandoned or poorly maintained open-source libraries.

Open Source Software Commercialization Challenges

The discussion covers the future of open source software, its commercialization challenges, and the risks associated with using open source in commercial products. Matt Alvarez notes that organizations are becoming more reliant on open source tools. Jay suggests that increased scrutiny of software supply chains might lead to better evaluation of open source or a retreat from it. Matthew and Matt Currie highlight licensing risks and potential legal issues for companies using open source. The conversation then shifts to open data in government, with Paul mentioning environmental monitoring projects. Nathaneal asks about balancing dependency updates, and Neil emphasizes the importance of automated testing in managing updates safely.

Next steps

- All attendees to rotate credentials for Oracle Cloud accounts as a precautionary measure. - All attendees to review and ensure familiarity with credential rotation processes for their systems. - All attendees to consider suggesting potential guest speakers for future Cloud Security office hours sessions.

Disjointed Monologue With Song References

The transcript appears to be a stream of consciousness monologue or song lyrics recited by Shawn, mixing English and Portuguese. It contains fragmented thoughts, song references, and repetitive phrases without a clear topic or coherent discussion. No decisions, action items, or meaningful content can be summarized from this disjointed text.

New Members and Surgery Update

In the meeting, Shawn led the discussion and welcomed new members Amine and William. Shawn shared his recent surgery experience and the positive pathology report. He then handed over the meeting to Neil. Neil mentioned that it was an open session and he had a couple of topics to discuss. However, he also asked if anyone else had any topics they wanted to discuss or questions they wanted to ask.

Identity and Access Management Challenges

In the meeting, William expressed his concern about the challenges customers face with identity and access management (IAM) despite the availability of numerous tools. Paul suggested that the move to the cloud has prioritized velocity and efficiency over security, leading to the complexity of IAM. Neil pointed out that the problem has become too large for humans to handle and requires technological solutions. Mischa and Matthew discussed the challenges of determining the necessary permissions for roles and the potential for role sprawl. Dane and Tyler emphasized the importance of least privilege and the need to lock down services, not just for people but also for the services that operate.

Cloud Security and Vulnerability Management

The discussion covers several aspects of cloud security and vulnerability management. Neil shares a story about a service account with excessive permissions leading to a major security incident. The group discusses the challenges of managing permissions in cloud environments, with Tyler noting that cloud providers offer least-privilege role examples but implementing them at scale is complex. William mentions customers struggling to reduce overly permissive roles after initially granting broad access for rapid deployment. The conversation then shifts to a recent vulnerability in CrushFTP, where Vulncheck, a CVE numbering authority, unusually generated a CVE for the vulnerability when CrushFTP delayed doing so. This action is seen as potentially pushing companies to be more responsive in vulnerability disclosure. Jay notes that the response to vulnerability reports can vary greatly depending on the organization's sophistication and industry.

Ransomware Evolution and Cybercrime Strategies

The discussion covers the evolution and professionalization of cybercriminal enterprises, particularly in ransomware. Neil explains how ransomware operations have become sophisticated since 2013, with criminals providing customer support, conducting A/B testing, and innovating their techniques. Matt draws parallels to online gaming piracy, emphasizing the importance of reputation in these illicit markets. Jay mentions the alarming trend of using cloud encryption services for ransomware. Tyler discusses the challenges faced by encryption service providers in addressing this threat. The conversation then shifts to the importance of immutable backups and ransomware restoration plans, with Neil noting that Microsoft now prioritizes discussing backups over protection. Matt observes a potential shift in the cybercrime landscape from ransomware-as-a-service to credential stealing and data selling.

Oracle Cloud Breach and Precautions

Neil summarizes the recent reports of a potential breach in Oracle Cloud's authentication infrastructure. He explains that a threat actor claims to have compromised Oracle's systems and exfiltrated data, with some customers confirming the authenticity of the leaked information. Despite Oracle's denials, Neil advises customers to take precautionary measures such as rotating credentials. He notes that while the extent and timing of the breach remain unclear, there is enough evidence to suggest a security incident occurred.

Oracle Security Breach Discussion

In the meeting, the team discussed a potential security breach involving Oracle. They debated the credibility of a cryptic video and the possibility of insider threats. The team also discussed the importance of credential rotation and the need for familiarity with the process. There was a discussion about the difference between a breach and an incident, with the team agreeing that the term "breach" should be used cautiously. The conversation ended with a suggestion to invite a guest speaker for a future session.

Next steps

- Shawn to seek volunteers from the group to present on cloud topics, Kubernetes, or related subjects at future meetings. - Dave and Neil to offer assistance to anyone interested in creating and presenting a deck for the group. - Shawn to schedule special guests (two young girls who participated in Google's bug bounty program) for a future meeting. - Group members to consider sharing questions about cloud security or adjacent topics during future meetings. - Shawn to find and share the article about cloud native firewall testing results for discussion at a future meeting.

Shawn's Recovery Update and Team Discussion

Shawn opens the meeting, greeting attendees and providing an update on his recovery from surgery. He mentions feeling better and plans to return fully next week after attending a President's Club event in Mexico. The group is smaller than usual, with only 22 participants. Neil briefly mentions working on something related to a "dark blockchain" but doesn't provide details. Dave notes that Shawn's audio sounds distant, which Shawn attributes to his cat moving the microphone. Kaye joins and expresses happiness at seeing Shawn, who elaborates that his recovery has been more challenging than expected but he's over the worst of it.

Oracle Security Breach Concerns Discussed

In the meeting, the team discussed the recent Oracle security breach. They expressed concerns about Oracle's handling of the situation, particularly their initial denial of the breach. The team agreed that Oracle's response was poorly managed and could damage their reputation. They also discussed the potential impact of the breach on Oracle's customers, particularly those using Oracle Cloud. The team noted that Oracle's market share is significant, and the breach could have serious consequences for their business. They also discussed the importance of having a well-prepared incident response plan in place to handle such situations effectively.

New Members Introduce Themselves

Shawn led the meeting, encouraging new participants to introduce themselves and share their interests. Dave offered to help new presenters create their decks and practice their presentations. Tomislav, a new member, shared his background and expressed interest in security topics. The group also discussed the possibility of running a tabletop exercise as a topic.

Google Autopilot Limitations and GKE Maintenance

Neil discussed his experience with Google's autopilot feature for Kubernetes, noting that it was user-friendly but had limitations for larger organizations. Tomislav mentioned that Google Kubernetes Engine (GKE) standard does not perform node maintenance, which can lead to issues over time. Shawn suggested exploring garden.io, a tool set for CI pipelines, and emphasized the importance of asking questions, even if they seem trivial.

Improving Vulnerability Management Strategies

Neil discusses three approaches to improve vulnerability management beyond the current 10% patching rate. The first approach focuses on targeting the most critical vulnerabilities using asset context and risk data. The second approach, exemplified by EPSSG, aims to group and fix multiple vulnerabilities simultaneously for better efficiency. The third approach, represented by ChainGuard, involves starting with more secure base images to reduce the number of vulnerabilities introduced into systems. Shawn adds that prioritizing fixes with the highest payoff across multiple applications is another effective strategy. Jay emphasizes the importance of considering environmental factors like deployment frequency and attack paths when prioritizing vulnerabilities. Mischa notes the challenges of explaining complex vulnerability management approaches to auditors and the value of using hardened images to reduce overall vulnerability exposure.

NVD Vulnerability Data Challenges Discussed

The group discusses recent developments with the National Vulnerability Database (NVD). NVD announced they will no longer maintain vulnerabilities published before 2018 and the number of vulnerabilities awaiting analysis has increased significantly. This is causing stress in vulnerability management as many organizations rely on NVD data. The discussion touches on alternative approaches, including private companies filling the gap and the potential need for a new consortium to tackle vulnerability data. They also briefly discuss challenges with vulnerability scoring systems like CVSS and EPSS, as well as approaches to detecting anomalous behavior in SaaS applications.

Next steps

- Mario to prepare a presentation on implementing AI agents in highly regulated environments for a future session. - Matt to demo the AI agent he's building to the CISO in about a week. - Interested participants to reach out to Mario on LinkedIn or Discord with questions about AI agents and chatbots. - Dave to continue exploring and demonstrating Copilot and Copilot Studio to potential customers. - Walid to follow up with consultants or experts to resolve ongoing issues with DLP and Microsoft Azure implementation.

Security Officers' Open Discussion Meeting

Dave welcomes everyone to an open session of the security officers' meeting. He encourages participants to ask questions or discuss any challenges they're facing in their security, cloud, or infrastructure journeys. Dave mentions that the group includes members with various levels of experience who are willing to help. He also notes that participants can present their work for feedback or discuss CVs if needed. Dave then opens the floor for anyone to raise a topic or ask questions.

Building Cloud Stack for Home Lobbying

Dave and D discussed the challenges of building a cloud stack for home lobbying. D expressed interest in learning from others who have experience in this area. Dave shared his experience of accidentally incurring a large cost due to a simple mistake and emphasized the importance of considering the architecture and cost before building. He suggested using controlled error and setting up billing alerts to avoid unexpected expenses. Connor added that setting up billing alerts can help prevent large bills due to forgotten resources.

AWS and Cloud Technologies Essentials

Connor and Neil emphasize the importance of having a specific project or goal in mind when learning AWS and cloud technologies. They suggest starting with simple tasks like setting up an EC2 instance to host a WordPress site, which provides experience with EC2 and networking components. Connor recommends learning Terraform, as it's versatile and transferable between different cloud environments. He cautions that Terraform is best for standing up resources, while tools like Ansible are better for configuring servers. Matthew adds that Terraform can orchestrate resources after creation using specific providers. Dave mentions using Terraform to capture existing infrastructure as a baseline. Walid asks about tools to convert existing infrastructure into Terraform configurations, and Dave suggests using Terraform's generate-config feature for networking configurations and exploring export options in Azure and AWS.

DLP and AIP Challenges in Azure

Dave and Walid discuss the challenges of implementing Data Loss Prevention (DLP) and Azure Information Protection (AIP) in Microsoft Azure. Walid shares his frustrating experience with deploying these services, particularly with document labeling and access issues across SharePoint, Exchange, and other Microsoft services. Dave suggests a more gradual approach, recommending starting in monitoring mode and working with consultants to establish best practices before full implementation. The conversation highlights the complexity of DLP and AIP integration across different Microsoft services and the difficulties in getting effective support for cross-service issues.

Effective Support for Complex Technical Issues

Dave and Neil discuss the challenges of getting effective support for complex technical issues, particularly from Microsoft. Dave recommends booking dedicated time with consultants or using platforms like Upwork to find experts who can teach and document solutions. Neil shares his experience with a specialized Microsoft support team that was designed to handle difficult cross-product issues. Both agree that paying for external help is often more efficient than relying on standard support channels. They also touch on the importance of proper licensing and documentation for new products like Copilot Studio. The conversation then shifts to a recent article about supply chain vulnerabilities, with Neil emphasizing the importance of security considerations when using code samples from sources like Stack Overflow.

Addressing Software Supply Chain Vulnerabilities

Neil discussed the importance of understanding and addressing vulnerabilities in software supply chains, using the example of a recent supply chain attack. He emphasized the need for organizations to be proactive in identifying and mitigating potential issues, rather than just following compliance requirements. Matthew raised the issue of balancing security with the need for flexibility in software dependencies, and the potential for AI solutions to address this. David B shared his experience of conducting security assessments for large software companies, highlighting the challenges of scaling security measures for smaller companies. The team also discussed the potential of tools like Trivy and Semgrep in identifying vulnerabilities and improving security.

AI Agents for Internal Tasks

Matt is building an AI agent for his company's internal use, similar to the app Gleam but at a lower cost. The agent will be able to assist employees with various tasks such as submitting IT tickets, logging PTO, and providing information about equity and repositories. Matt plans to demo the proof of concept to the CISO in about a week. Meanwhile, Mario shares his experience implementing AI agents in regulated environments, including sales information querying, email issue escalation, and legal document processing. Both discuss the potential benefits and challenges of these AI implementations in their respective fields.

Automation Platform Access Control Discussion

In the meeting, Matt discussed the importance of segregating access to the automation platform to prevent potential issues. He emphasized the need for stringent access control, especially for high-level admin roles. Dave shared his experience with using the platform for its intended purpose and the importance of setting baselines and governance. Mario talked about his personal project involving digital twin creation and the implementation of techniques to de-identify data and reduce hallucination. Paul expressed interest in discussing competition and profitability in the AI agent development space. Dave highlighted the value of human connection in getting projects approved and the importance of understanding the needs of stakeholders. The conversation ended with Dave expressing his need to attend another meeting.

Next steps

- Shawn to send Dustin's address to Neil for sending swag to Camille and Corinne. - Shawn to share the recording of the meeting featuring Camille and Corinne with the group. - Shawn to find and share the link to the recent paper on LLMs and MCP failings. - Paul to share findings from his AI project for summarizing incidents in a couple of months. - Marcello to watch the recording of Camille and Corinne's presentation.

Dance, Tesla, and Hospitality Discussion

In the meeting, Shawn discussed various topics including a strong dance, a picture, and a train rolling in. He also mentioned a ticket to ride and a body set the floor. There was a discussion about a Tesla and its safety concerns, with some participants expressing their dissatisfaction with Elon Musk's handling of the issue. The meeting also touched on the topic of hospitality, with a mention of Greece. Towards the end, there was a conversation about a project involving a couple of guys from England.

Vulnerability Finders Share Bounty Experiences

In the meeting, Shawn welcomed everyone and introduced the special guests, Dustin and his daughters, Camille and Corinne, who are security vulnerability finders. The daughters shared their experiences of finding vulnerabilities in Google's Android Family Link and Google Chrome Chromecast, which led to them receiving bounties. They discussed their plans for investing the money and their future career aspirations. The conversation ended with a discussion about sending the daughters some swag as a token of appreciation.

AI Security Risks and Vulnerabilities

The group discusses their experiences with accidental hacking and early internet vulnerabilities. Tyler shares a story from their youth about unintentionally crashing a hosting provider by collecting passwords. Shawn recalls accessing the DMV database without authentication in the early days of networking. The conversation then shifts to the security challenges of AI agents and the Model Context Protocol (MCP). Tyler expresses concerns about machine identities having broad access, while Jay highlights the lack of centralized security standards for MCP. The group agrees that agentic AI poses significant risks, including potential data leaks and unauthorized changes to systems.

AI and LLMs in Security

In the meeting, Neil expressed his skepticism about the effectiveness of AI and LLMs, stating that he has yet to find one that is accurate and insightful enough to use. He questioned where others in the security space were finding LLMs that actually worked. Shawn shared his positive experience with an AI tool in the Whiz platform that provides a summary of an incident, which he found useful. Philippe discussed the potential dangers of LLMs reasoning over multiple tools and their ability to automate tasks. Tyler shared their experience with using LLMs at AWS to generate infrastructure as a code for simulation environments, which provided value by predicting attacker patterns and helping teams understand their behavior.

AI Surveillance and Marketing Acronyms

In the meeting, Ben discussed the use of AI for video surveillance, highlighting its ability to identify trespassers and deter them without human intervention. He also mentioned the potential for AI to search through recorded video and show specific events. Chris then opened the floor for new attendees to introduce themselves, with Marcello from Sailpoint joining the group. Paul expressed his concerns about the overuse of marketing terms and acronyms in the industry, while Tyler shared their perspective on the relationship between company size and the use of acronyms. The group also discussed the challenges of understanding new terms and the importance of learning in a no-dumb-question zone.

Developer Access to Security Tools

The group discusses various approaches to providing developers access to security tools and information. Shawn notes a trend of companies giving developers direct access to security platforms through role-based controls, citing examples of large organizations implementing this approach. Jay and Neil highlight the challenges of managing access for large numbers of users and the emergence of tools that aggregate data from multiple security platforms. The conversation also touches on early experiences with programming and hacking, with participants sharing anecdotes from their youth.

Next steps

- Ariel to post in the Discord channel to connect with new members and veterans for career advice and discussions. - Tyler to share lists of common places where secrets are found with the group asynchronously. - Nicolette to add her email address to the chat for people to connect with her. - New and early career members to reach out to veterans in the group for mentorship and guidance. - Attendees going to RSA to connect with Neil and Misha at the conference. - Interested attendees to register for the secret capture the flag event at RSA using the link shared by Shawn.

Disjointed Transcript Lacks Coherent Discussion

The transcript appears to be a disjointed collection of phrases, song lyrics, and multilingual snippets without a coherent discussion or meeting content. There are no clear decisions, action items, or meaningful exchanges between participants that can be summarized. The content does not represent a typical meeting transcript and lacks substantive information to create a useful summary.

Cloud Security Office Hours Meeting

Shawn opens the Cloud Security Office Hours meeting, welcoming attendees from various time zones. Chris mentions his upcoming trip to Japan, which leads to a brief discussion about travel destinations. The group reflects on the previous week's session with Corinne and Camille, praising their curiosity and problem-solving skills. Shawn announces that today's session will be open-format and suggests introductions if the discussion slows down. Neil brings up the upcoming RSA conference in San Francisco, and Mischa offers to bring some office hours pins as swag. Shawn mentions a secret capture the flag event happening during RSA, encouraging interested attendees to register.

Cold Calling Challenges in Cybersecurity

The group discusses the effectiveness and challenges of cold calling and outreach in sales, particularly in the cybersecurity industry. Neil and Shawn express frustration with poorly researched cold calls, while Marcello, a sales leader, explains the pressures on sales teams to meet quotas. Jay highlights issues with market segmentation and unrealistic growth projections in the cybersecurity industry. The conversation touches on the complexities of selling to different company sizes, the oversaturation of the enterprise market, and the need for more tailored approaches to sales outreach.

Cybersecurity Forum for Networking and Learning

The group discusses the importance of this forum for networking and learning in the cybersecurity field. Tyler encourages early career professionals and students to ask questions and seek mentorship from the experienced members. Several new participants introduce themselves, including Nicolette, who has a background in aerospace and defense, and Ariel, who recently transitioned into a system administrator role. Chris emphasizes that the group is a safe space for learning, where participants can ask about unfamiliar terms or concepts without judgment. He highlights the unique opportunity to connect with industry experts and encourages active participation from all members.

Kubernetes Security Concerns and Permissions

Neil and David discuss a recent article about security concerns in Kubernetes, particularly regarding permissions inheritance in pods. Neil explains that while Kubernetes authentication and authorization are complex, the trend towards smaller, team-specific clusters has made traditional role-based access control less critical for many organizations. However, the article highlights a more significant issue: the potential for pods to escape the cluster and access the broader cloud environment. David agrees, noting that he had previously focused on blocking access to the metadata service without realizing the full implications. Both emphasize the importance of looking at security issues with fresh eyes and considering their broader impact, even for experienced professionals.

Kubernetes Security and Container Risks

Tyler emphasizes that Kubernetes requires significant expertise to operate securely and warns against using it for those new to technology. They explain that container boundaries are not security boundaries and recommend bulkhead isolation for sensitive workloads. Neil suggests that with good operational hygiene, containers can come close to being a security boundary, though he wouldn't mix high and low sensitivity workloads in the same cluster. Jay advocates for cloud providers to offer more secure defaults and better role management. Tyler then shifts focus to the bigger security risk of how engineering teams deploy code, particularly the mishandling of secrets and credentials in container environments. They stress the importance of proper secret management, rotation, and least privilege access for container-based workloads.

Cybersecurity Challenges and Secure Operations

The group discusses various aspects of cybersecurity, focusing on the challenges of managing secrets and credentials. Tyler from HashiCorp shares insights on where secrets are commonly found and offers to provide a list of these locations. The conversation then shifts to the persistent problem of developers mishandling credentials, with Matthew expressing frustration at the lack of progress in this area. Neil suggests the need for a "secure operations lifecycle" to complement the existing secure development lifecycle. The meeting concludes with Mario sharing his recent experience of having to compromise on security testing due to business pressure, emphasizing the importance of documenting concerns and offering risk-based options to leadership.

Next steps

- All attendees to review the Verizon Data Breach Investigation Report (DBIR), particularly the section on insider threats. - All attendees to review the IBM and Institute for Business Value article on insider threats shared by Nicolette. - Dane to share more details from the DBIR report on the breakdown of different types of insider threats. - Stryker to share the GitHub study on AI code acceptance rates among junior and senior developers. - All attendees to consider and discuss strategies for effectively using AI to supplement human skills in coding and security practices. - All attendees to explore ways to improve code review processes when AI-generated code is involved. - Shawn to prepare and announce upcoming speakers for future sessions.

Cloud Security Office Hours Discussion

The meeting begins with informal conversation among participants, including jokes about identifying real people versus AI in video calls and North Korean workers. Shawn, the host, welcomes everyone to the Cloud Security Office Hours, emphasizing that it's an open forum for questions and discussions. He encourages new participants to introduce themselves, and RB, a security engineer from Omaha, Nebraska, does so. Shawn explains that the session is a safe space to ask questions, even "dumb" ones, and to interrupt for clarification on any unfamiliar terms or acronyms used.

Stryker's Cybersecurity Journey and Certifications

Stryker, a threat intelligence professional, discussed his journey into cybersecurity and the value of certifications in his field. He shared his experiences with various certifications, including the CCSP, and emphasized the importance of critical thinking skills in cybersecurity. Stryker also highlighted the need for people with communication skills in the industry. The group welcomed Stryker back and discussed the challenges of transitioning into cybersecurity from other industries.

CISA Certification and Security Auditors

In the meeting, Stryker discussed their experience with an exam and the benefits of the CISA certification. Shawn and Nicolette discussed the importance of security auditors and the need for more people in the field. Ryan introduced himself and expressed his interest in learning from the group. Nicolette shared an article about secret scanning and its importance in cybersecurity. Matthew brought up the issue of developers making the same security mistakes for years and the need for a solution. The group agreed that the problem of developers not writing secure code is a long-standing issue that requires a collaborative effort between academia and industry.

Balanced Approach to Cybersecurity Measures

The discussion focuses on the challenges of implementing effective cybersecurity measures in organizations. Jay argues that while fear can be a motivator, it can also lead to fatigue and loss of effectiveness if overused. He suggests that compliance requirements and regulatory frameworks can be more effective in communicating the importance of security to business leaders. Jay also emphasizes the need to prioritize threats and move from a culture of fear to a culture of risk, where ownership of risk is clearly defined within organizations. The group agrees that a balanced approach, combining compliance, risk management, and targeted awareness, is likely more effective than relying solely on fear-based tactics to drive security improvements.

US App Code Development Challenges

Ross and Stryker discussed the challenges of developing app code in the US, with Ross arguing that the US is more of a service industry and not focused on building things. Stryker countered that the US has the talent, but companies are not willing to pay for it, leading to offshoring. They also touched on the issue of security risks associated with offshoring app code development. The conversation ended with Shawn agreeing that there is talent in the US, but the cost of living and the desire for remote work make it challenging for companies to hire locally.

AI and Cybersecurity Risk Assessment

The discussion covers several topics related to AI, coding, and cybersecurity. Brandon explains how cyber insurance companies assess risk based on company size and revenue, emphasizing the importance of having appropriate controls in place. Jay adds that presenting a plan with cost estimates is crucial when addressing security issues to executives. Matt and Stryker express skepticism about statements made by CEOs of tech companies, particularly regarding AI and coding. They discuss the high costs associated with AI services and predict potential price increases in the future. Stryker raises concerns about the accuracy of AI-generated code, citing statistics on acceptance rates of GitHub's AI tool and highlighting the potential risks of relying too heavily on AI for coding, especially for less experienced developers. The conversation concludes with a question about the long-term implications of training junior coders primarily on AI-generated code.

AI in Coding and Insider Threats

The group discusses the increasing prevalence of internal security threats, particularly in healthcare, as reported in the recent Verizon Data Breach Investigation Report. They explore the various types of insider threats, including accidental, ignorant, and malicious actors. The conversation then shifts to the use of AI in coding, with experienced engineers finding it helpful for speeding up tasks, while junior developers may struggle to use it effectively. The group emphasizes the importance of having skilled professionals who can properly leverage AI tools rather than relying on them entirely without understanding the underlying processes.

Next steps

- Shawn to update csoh.org with Stryker's link to AI-generated song lyrics. - Chris to send Cloud Security Office Hours pins to Camille and Corinne. - Neil to present on AI and the law on May 23rd. - Matt Quixote to present on his journey from CISO to COO at Serbie on June 6th.

Cloud Security Office Hours Introduction

In the meeting, Shawn and Neil discussed the upcoming Cloud Security Office Hours. They also welcomed new attendees and encouraged them to introduce themselves. Stryker shared a personal project he had been working on, which involved using AI to create song lyrics. The team was amused by this and Stryker was happy to share his creation. The conversation ended with Neil suggesting that the discussion could be recorded and edited for future reference.

Neil's Transition and Vulnerability Management

Neil Carpenter discussed his recent transition from Orca Security to an early-stage startup called Minimus. He also shared his experiences in the vulnerability management space, highlighting the importance of meaningful approaches to managing vulnerabilities in container images. Neil emphasized the significance of relationships in career development and shared his journey from working in the marketing organization to sales and go-to-market roles. He also discussed the challenges and opportunities in the vulnerability management space, particularly in the context of container images.

Container Image Vulnerability Management

Neil Carpenter discussed the concept of container images and their vulnerability management. He explained that container images are built in layers, with each layer adding, removing, or modifying files. He used a Docker file to demonstrate how an image is built, starting with a base image and adding layers for each command. Neil also discussed the challenges of vulnerability management in containers, as each container is a copy of the gold image and cannot be patched individually. He emphasized the need for developers to patch, update, and fix vulnerabilities, rebuild the container, retest it, and redeploy it everywhere. Neil also mentioned the importance of scanning containers for vulnerabilities and the need to triage and manage them. He recommended using free scanning tools like Trivia, but noted that paid tools may be necessary for larger projects.

Vulnerability Exploitation and Reachability Discussion

Neil discussed the importance of understanding the likelihood of vulnerabilities being exploited, with about 10% of vulnerabilities being more than 2% likely to be exploited. He also mentioned the concept of reachability, where only about 10% of vulnerable code in containers is actually reachable. Neil suggested focusing on the most critical vulnerabilities and minimizing the amount of code being introduced to reduce the number of vulnerabilities to be addressed. He also mentioned the idea of fixing multiple vulnerabilities at once with minimal impact.

Building Resilient Container Images for Vulnerability Management

Neil Carpenter discussed the process of building and hardening container images for vulnerability management. He explained the use of multi-stage docker builds to create a more resilient and efficient image. Neil demonstrated how to build an image from a dev image, removing unnecessary components and reducing the image size significantly. He emphasized that the primary benefit of this approach is not just reducing vulnerabilities, but also reducing the workload throughout the entire life cycle. Neil also mentioned the use of Minimistio for testing and registering images.

Mini Cooper Drawing and Security Updates

The meeting discusses the upcoming drawing for a Mini Cooper, which Neil explains is actually a skills-based contest to comply with California regulations. Neil then provides information about Minimus, a company that offers minimal container images to reduce vulnerabilities. He explains that while this approach doesn't solve all security problems, it significantly reduces unnecessary issues and allows teams to focus on managing vulnerabilities they actually own. The group also discusses upcoming presentations, including one on AI and law, and mentions several upcoming security conferences that may be of interest to attendees.

Next steps

- Nicolette to coordinate with Dave on presenting about streamlining secure vendor management and contracts in a future session. - Jason Marco to present on AI law in next week's session. - All attendees to join next week's session for the presentation on AI law.

Team Celebrates Shawn's Medical News

Shawn shares emotional news about receiving positive medical test results after a week of anxious waiting. The team expresses relief and support for Shawn's good news. Neil mentions he has a topic to discuss if no one else has anything specific, and the group prepares to begin the meeting with Neil and Anil potentially leading the session.

Networking and Azure Strategy Discussion

The group discusses new members joining the call and introduces themselves. Shawn encourages participants to use the Zoom link for networking outside of scheduled meetings. A recruiter named Harry from Cyber Force introduces himself and offers to connect people with job opportunities in cybersecurity. The group then begins discussing a request for help with writing an Azure cloud governance strategy, including policies and standards for naming and tagging resources.

Azure Cloud Governance Implementation Plan

The group discusses implementing governance and security measures for cloud infrastructure, focusing on Azure. Dave recommends creating a cloud architecture document to define build standards, controls, and allowed services. Walid explains his plans to use Azure Landing Zones (ALZ) for compartmentalization and routing through a firewall. They discuss using infrastructure as code, with Dave suggesting Terraform for multi-cloud compatibility. Dave emphasizes the importance of a service catalog, working groups for enterprise architecture, and a release manager function. He offers to provide templates and guidance, recommending resources like the Phoenix Project book and TOGAF framework.

Modern Authentication Methods Discussion

The group discusses the relevance and effectiveness of password complexity charts in modern cybersecurity. Neil argues that such charts are outdated and do not address current threats like credential theft, phishing, and online attacks. He emphasizes that password uniqueness is more important than complexity. The conversation touches on various authentication methods, including two-factor authentication, passkeys, and federated authentication. Participants also discuss the challenges of implementing secure authentication for both enterprise and consumer environments, with some suggesting password managers and adaptive authentication policies as potential solutions.

AI Law and Security Tools

The group discusses upcoming presentations, including one on AI law by Jason Marco next week. Dave mentions using SASE and privilege access management tools for secure information protection. Shawn and others share positive experiences with Twingate for network access. The meeting concludes with Shawn sharing the good news that his recent blood test shows he is cancer-free, which is met with congratulations from the group.

Next steps

Next steps were not generated due to insufficient transcript.

Meeting Introduction and Presenter Overview

The meeting began with a casual conversation between Shawn and Tim, who arrived early and discussed the start time of an upcoming event. Shawn shared a humorous anecdote about receiving a voicemail from Donald Trump, who had called to check on his health. The meeting then transitioned into a more formal setting, with Shawn introducing the main presenter, Jay Seirmarco, and encouraging new participants to introduce themselves. Jay introduced himself and mentioned his role as the presenter for the day, expressing gratitude for the opportunity to share his background with the group.

AI and Legal Practice Collaboration

The meeting began with Neil introducing Jay Seirmarco, a lawyer with a background in technology, who was invited to discuss AI and its implications. Jay shared his experience working with early adopters of Linux and other technologies that laid the groundwork for modern web infrastructure. He emphasized the importance of collaboration between lawyers and technologists, highlighting the potential for AI to transform legal practices. The discussion also touched on the creation of a LinkedIn page for Cloud Security Office Hours, which will serve as a platform for sharing content and updates about upcoming sessions.

Data Privacy Compliance Challenges

Jay Seirmarco presented on the intersection of cybersecurity, contracts, and regulations, emphasizing the importance of understanding data processing purposes and the implications of synthetic and derivative data. He highlighted several case studies, including Grindr's insufficient user consent for data sharing and Amazon's retention of voice recordings for AI training, to illustrate compliance issues and enforcement actions. Jay stressed the need for clear data segmentation, purpose-based processing, and metadata documentation to ensure compliance with privacy laws and contracts. Neil asked for clarification on synthetic and derivative data, which Jay explained as data created from existing datasets using AI or other methods, emphasizing the importance of understanding the original data's source and consent to avoid legal issues.

AI Data Privacy Regulatory Challenges

Jay Seirmarco discussed AI regulation, data privacy, and the challenges companies face when repurposing data for AI training. He explained that while there may be preemption of state laws by federal AI regulations in the US, companies need to be mindful of data flows across jurisdictions and obtain proper consents. Jay Thoden asked about the understanding of international regulations in the Valley, to which Jay Seirmarco responded that while European data protection laws are more strictly enforced, US state laws have adopted similar terminology. The session concluded with a discussion on the challenges of drafting contracts that account for all possible uses of data, with Jay suggesting that contracts will need to specify very precise rights and limitations to protect against unforeseen AI capabilities.

Next steps

- Olivia: Send elevator pitch PowerPoint presentation to Shawn for sharing on CSOH website - Shawn: Upload Olivia's elevator pitch PowerPoint presentation to CSOH website as a resource when received - Olivia: Schedule a future session with Shawn to present on developing elevator pitches and communication skills

Casual Greetings and Music Discussion

The meeting transcript appears to be a disjointed conversation with a mix of English and Chinese phrases, primarily featuring Shawn engaging in casual greetings and exchanges. There were no clear decisions, action items, or substantial discussions captured in this transcript. The only notable content was an exchange about music preferences, where someone asked if there was anything better than surf music, to which the response was "No."

Cloud Security Office Hours Introduction

The Cloud Security Office Hours meeting began with introductions from the hosts, including Shawn, Neil, and Chris, who shared their backgrounds and experiences in cloud security. David Gargan and Jay Soda Valsa also introduced themselves, discussing their career journeys and reasons for joining the community. The meeting had no formal agenda, and participants engaged in casual conversation about various topics, including a potential software tool for LinkedIn and the time zone challenges faced during the meeting.

Career Paths and Networking Insights

The meeting featured a career discussion where Jay shared his progression from working at Business Objects to leading cloud security operations, highlighting the importance of networking in career advancement. Shawn emphasized the value of networking within the group, while Nick discussed his unconventional career path from studying psychology and art to finding his passion in IT support and human interaction. Neil shared a story about an intern who demonstrated curiosity and problem-solving skills by creating a custom solution for a technical task, which Neil highlighted as an important quality for hiring.

Passion and Curiosity in Interviews

The group discusses the importance of demonstrating passion and curiosity during job interviews, particularly in technical tasks. Shawn shares an example from Wiz where candidates were asked to build an EKS cluster, with those who used Terraform to create a reproducible and versionable solution standing out. Neil and Tyler comment on the evolving expectations in the industry. The conversation then shifts to introductions, with Dane Kantner and Brian Reich sharing their backgrounds and current roles. Brian, who leads a software team at a recently acquired company, explains their current focus on improving code security. Tyler encourages Brian to view the inherited challenges as an opportunity for career growth and leadership.

Enhancing Communication and Public Speaking

The group discussed communication and public speaking skills, with Paul asking for advice on improving articulation. Nick shared insights from Simon Sinek's "Start with Why" framework, emphasizing the importance of understanding one's purpose and mission. Jay advised considering the audience and practicing speaking in different contexts. Tyler suggested slowing down speech patterns and taking deep breaths to improve delivery. The discussion highlighted the value of practice, authenticity, and confidence in effective communication.

Enhancing Communication for Technical Talent

The group discussed challenges faced by a brilliant but communication-challenged developer on Brian's team. Jay shared his own experience of improving communication skills and emphasized the importance of being able to effectively present ideas, even if technical expertise is primary. Olivia suggested recording oneself to improve articulation and offered to share a PowerPoint on developing elevator pitches, which Shawn agreed to share on their website. The discussion concluded with agreement that communication skills are crucial for career advancement, even in technical roles.

Effective Communication and Leadership Strategies

The group discussed strategies for managing a developer with a challenging personality, focusing on the importance of understanding others' perspectives and building relationships. Nick emphasized the need to shift from "what" to "why" in communication, while Juninho shared his experience of learning to balance technical expertise with empathy at Google. The conversation highlighted the value of personal growth and professional development, with several participants, including Neil and Brian Reich, sharing their own experiences of evolving their approaches to leadership and collaboration.

Leadership and Communication Strategies

The meeting focused on leadership and communication skills, with Matt sharing his experience of learning to adapt his management style after losing 12 team members. Tyler discussed the challenges of dealing with an egotistical mentee, emphasizing the importance of maintaining professional relationships. Jay shared a story about a program manager who lost control during an executive meeting, highlighting the need to maintain composure in all situations. The group also discussed the importance of soft skills, such as reading the room and managing emotions, in professional settings.

Next steps

- Shawn: Post and share the recording of this session for those who couldn't attend - Rhys: Prepare and schedule a presentation about his journey to Wiz for a future Cloud Security Office Hours session - All attendees: Connect with Matt on LinkedIn for networking and potential mentorship opportunities - Shawn: Schedule Matt for another speaking engagement next year

Seeking Healing and Connection

Shawn had a conversation that included expressing feelings of wanting to leave and seeking healing, as well as discussing checking in with someone. They also mentioned birthdays and apologies, and there was a mix of English and Chinese phrases throughout the conversation.

Shawn's Poetic and Business Musings

Shawn recited a series of poetic and cryptic verses, often referencing themes of travel, adventure, and personal freedom. He mentioned going west, chilling with friends, and riding at night while sleeping during the day. Shawn also touched on business-related topics, mentioning downloading and purchasing items, as well as using WhatsApp and other platforms. The conversation included some personal reflections and interactions with others, but no clear decisions, alignments, or action items were established.

Disjointed and Unclear Meeting Discussion

The meeting transcript appears to be a disjointed conversation with fragmented sentences and unclear context, making it difficult to extract a coherent summary. The dialogue seems to jump between various topics including technology, personal interactions, and music lyrics, but lacks a clear focus or decision-making process. Without more context or a clearer structure to the discussion, it is not possible to provide a meaningful summary of the meeting's content or outcomes.

Disjointed Discussion on Various Topics

The transcript appears to be a disjointed conversation with many incomplete thoughts and unclear context, making it difficult to extract a coherent summary. The dialogue includes various greetings, thanks, and brief exchanges about topics like WhatsApp, budgets, and channels, but there are no clear decisions, action items, or substantial discussions that can be summarized meaningfully.

Cloud Security Office Hours Introduction

The meeting began with informal introductions and casual conversation about plants, with Shawn emphasizing the purpose of the Cloud Security Office Hours to help people transition into cloud security roles from diverse backgrounds. Rhys introduced himself as a new participant, sharing his background in computer networking and security at Cisco before joining Whiz as an SE. Shawn announced that Matt Chiodi, a returning speaker, would present a talk about his journey, but the recording was not started until after Matt began speaking.

Journey From CISO to COO

Matt Chiodi shared his career journey from being a CISO to COO, highlighting his transition from viewing operations as boring to seeing it as a lever for scale, trust, and innovation. He discussed his early experiences in cybersecurity, including his time at Deloitte and eBay, where he stepped away from cybersecurity to pursue real estate but eventually returned due to a lack of fulfillment. Matt emphasized his passion for building security solutions in startups, which led him to his current role at Serbi, where he has held various positions, including Chief Trust Officer and COO.

Mentorship: A Path to Growth

Matt Chiodi shared his experience with mentorship, highlighting the impact of having an advisor who helped him see operations as a path of continuous improvement rather than routine tasks. He discussed two key assessments that shaped his career understanding - Standout by Marcus Buckingham, which revealed his primary strength as a pioneer and secondary strength as an advisor, leading him to pursue more entrepreneurial roles. Shawn emphasized the importance of seeking mentors, sharing his own experience of being mentored by Dan Lynch who guided his career through challenging opportunities. Both speakers agreed that mentorship is invaluable and encouraged attendees to seek out mentors by reaching out to executives with genuine interest, viewing the exchange as a mutual value proposition.

CISO to COO Leadership Insights

The discussion focused on Matt Chiodi's transition from CISO to COO and his approach to leadership. Matt explained how he leverages his cybersecurity background to provide insights across the business rather than using authority, particularly in his work with R&D metrics and efficiency. He emphasized the importance of operations security and measurement in cybersecurity, noting that most security incidents stem from basic operational mistakes rather than sophisticated attacks. The conversation also touched on career transitions, with Matt sharing that he typically finds COO and CISO roles through networking rather than formal job postings, and Don inquired about the process of breaking into senior executive roles from outside the company.

Personality Assessments and Career Insights

Matt shared his personal journey of self-discovery through personality assessments like the Enneagram and Myers-Briggs, which helped him understand his natural tendencies as an "improver" or perfectionist. He emphasized the importance of intentional growth and the value of assessments as one of many signals in career decision-making, rather than a sole determinant. Paul inquired about the differences between cybersecurity analyst and operations analyst roles, and Matt explained that the titles can be used interchangeably but advised comparing job descriptions and seeking clarification from recruiters.

Organic Mentorship Dynamics and Value

The group discussed the dynamics and value of mentorship, with Neil sharing his experience of how mentoring relationships can be mutually beneficial, challenging assumptions and providing new insights for both mentor and mentee. Matt Chiodi highlighted that successful mentorship often happens organically rather than through structured corporate programs, which can sometimes feel artificial and lack genuine commitment from both parties. The discussion also touched on how corporate mentoring programs might be improved by focusing on short-term, specific goals rather than long-term career guidance, and Nicolette suggested using volunteer opportunities as a way to assess compatibility in mentorship relationships.

Next steps

- Paul: Work with Shawn on potential updates and new ideas for Cloud Security Office Hours website 3.0 version - Thomas: Follow up on organizing a CTF event for the Cloud Security Office Hours community - Community Members: Join and engage with the Cloud Security Office Hours LinkedIn page to increase visibility and networking opportunities

Disjointed Discussion on Various Topics

The meeting transcript appears to be a disjointed conversation with multiple speakers, including Shawn and others, discussing various topics. The dialogue includes greetings, thanks, and casual exchanges, but lacks clear decisions, action items, or substantial content that would warrant a meaningful summary.

Cloud Security Community Engagement

The Cloud Security Office Hours meeting welcomed new participant Aimee, who introduced herself as a 6-year cloud security professional transitioning into identity security. Shawn emphasized the group's focus on networking and learning, encouraging participants to share their LinkedIn profiles and engage with the Cloud Security Office Hours LinkedIn page. Thomas volunteered to organize a Capture the Flag (CTF) event to promote community growth, which Shawn supported, mentioning existing Wiz CTF resources that could be leveraged. The discussion also touched on recent technical issues, including a Cloudflare outage affecting internet services, particularly in Spain due to legal actions against football match piracy.

Cloud Outages and Authentication Challenges

The team discussed recent cloud outages, including Cloudflare and Google Cloud Platform, which impacted their services. Neil shared an article from Tailscale about the dangers of frequent re-authentication, explaining that it often solves the wrong security problems and can be more annoying than protective. The group explored different authentication methods, with Neil and Matt Alvarez highlighting Apple's approach of using device possession and attention to enhance security without disrupting user experience. They also discussed the challenges of re-authentication for enterprise platforms, with Matt Currie noting that some systems require re-authentication even after deactivation, potentially allowing access for up to 30 days.

Security Practices and AI Concerns

The group discussed various security requirements and practices, including complex password policies, session expiration, and federated authentication. They expressed frustration with overly restrictive security measures that often fail to provide actual security, such as requiring special characters without proper input sanitization. The conversation touched on the evolution of password storage and the potential for AI to analyze personal data, with concerns raised about privacy and government regulation of AI. Matt Currie announced his plans to move out of the country, sparking a discussion about the current state of politics and cybersecurity.

Palantir: Ethics and Surveillance

The group discussed Palantir, a data analytics company, with mixed opinions on its ethics. Shawn explained that Palantir ingests large amounts of information and connects dots, citing examples like the Boston bombers case. Jason recommended watching Palantir's AI conference videos to see real-world applications. The conversation touched on Palantir's surveillance capabilities and its association with Peter Thiel, leading to a discussion about the ethical implications of technology and its use by different entities.

Silicon Valley's AI Development Challenges

The group discussed the state of AI and technology innovation, particularly comparing Silicon Valley's approach to technology development versus other regions. Jay noted that while Silicon Valley excels at technology, they are less effective at identifying practical use cases, citing examples like Uber and Lyft. The discussion explored how companies like Deep Seek have challenged conventional wisdom about AI resource requirements, while Matt Currie and others discussed how easy access to capital in the US has sometimes stifled innovation by reducing the need for efficiency. The conversation concluded with observations about how General AI has overshadowed other forms of AI that have proven more practical and useful in real-world applications.

Disney vs Midjourney Copyright Lawsuit

The group discussed a recent lawsuit where Disney is suing Midjourney for copyright infringement, specifically regarding their use of copyrighted visual content without proper licensing. Matt Alvarez explained that under US copyright law, any created content inherently belongs to the creator unless explicitly licensed, and raised concerns about the implications for AI models that scrape and use copyrighted material. The discussion also touched on Apple's research report "The Illusion of Thinking," which highlighted limitations in AI reasoning capabilities, particularly for complex tasks.

Next steps

- Alhaji to schedule a session to share his journey transitioning into cloud security and his new role at Wiz. - Patrick Burke to consider giving a presentation on chain guard and cloud security in 6-7 weeks, after checking with management. - Neil to ensure he packs his remaining lapel pin for DEF CON. - Alhaji to invest in a note-taking system for his new role at Wiz. - Amy to maintain and update the Cloud Security Office Hours LinkedIn page.

Friendly Greetings Between Shawn and Milos

The transcript appears to be a series of greetings and pleasantries exchanged between Shawn and Milos, with Shawn expressing welcome and enjoyment multiple times. The conversation consists mainly of positive exchanges and does not contain any substantial decisions, action items, or meaningful content that would warrant a summary beyond noting the friendly interaction.

Cloud Security Community Networking Event

The meeting began with Shawn celebrating his 60th birthday and welcoming new participants, including Ardy from Orca Security and Lara from Germany who is transitioning into the security field. The group discussed potential topics for future presentations, with Patrick Burke expressing interest in presenting on Chain Guard in 6-7 weeks, though keeping it vendor-neutral. The meeting served as a networking opportunity, with Shawn emphasizing the importance of connecting with others in the cloud security community, and several members shared their backgrounds and current roles in the field.

Alhaji's Cloud Security Career Journey

Shawn led a Cloud Security Office Hours meeting where Alhaji announced he would be joining Wiz as an associate technical account manager on July 7th after a 3-month intensive job interview process. The group celebrated Alhaji's success, with Chris and Shawn noting that his persistence and networking within the community played key roles in his achievement. Shawn invited Alhaji to share his journey in a future session to inspire others, and Alhaji expressed willingness to help others navigate their career paths in the challenging market.

Scattered Spider Security Countermeasures

The team discussed security measures against the Scattered Spider threat actor, with WalidYaqoobi sharing insights from a previous incident where the group targeted infrastructure. Walid recommended implementing FIDO authentication, device trust, and out-of-band communication, while Neil emphasized the importance of zero trust methodology and supply chain security. The discussion highlighted the need for better security hygiene, including limiting user access and securing document sharing, though Stryker noted challenges in implementing these practices due to organizational resistance.

Zero Trust Implementation Challenges

The group discussed challenges and strategies around zero trust implementation, with Stryker expressing concerns about the theoretical appeal of zero trust versus practical challenges. Neil shared insights from his experience, emphasizing that zero trust is a journey rather than a destination, and highlighted contrasting examples between Microsoft and Cloudflare's security incidents. Mario contributed an analogy about the "Dyson syndrome" in change management, advocating for clear visibility of risks to help drive security awareness and action. The conversation concluded with a lighthearted discussion about upcoming security conferences, including DEF CON and Black Hat, and plans for potential meetups.

Cloud Security Role Onboarding Advice

The meeting focused on providing advice to Alhaji, who is starting a new role in cloud security. Matt, Shawn, Tyler, Neil, and Don shared their experiences and recommendations, emphasizing the importance of learning, asking questions, and managing personal responsibilities during the first 90 days. They advised Alhaji to focus on self-directed learning, take notes on everything, and pay attention to soft skills in customer interactions. The group also discussed the psychological challenges of support roles and the benefits of maintaining a LinkedIn page for the group.

Next steps

- Shawn to respond to Sam's email. - Attendees to put their LinkedIn profiles in the chat for networking purposes. - Attendees to suggest potential speakers for future meetings to Shawn via email (shawn@was.org).

Making Choices and Taking Initiative

Shawn engaged in a series of affirmations and reflections, expressing a sense of choice and the ability to make selections both online and offline. Shawn emphasized the importance of being cautious and highlighted that there had never been a need for reversals in certain situations. Matthew encouraged taking initiative, referencing a recent study, but the specifics of the study were not discussed.

Cloud Security Office Hours Update

Shawn welcomed attendees to Cloud Security Office Hours, emphasizing its purpose as an open forum for discussion and networking. He encouraged participants to ask open-ended questions and introduced a new attendee, Hiji. Matt shared news about the arrest of a threat actor known as Intel broker, who was apprehended after a FBI-controlled cryptocurrency transaction led to his identification. The discussion briefly touched on the challenges of maintaining anonymity in cyber activities and the increasing difficulty of evading law enforcement in the digital age.

Ransomware Evolution and Security Trends

The group discussed the evolution of ransomware, with Neil explaining that cryptocurrency enabled more efficient attacks compared to earlier methods requiring credit card payments. Matt shared memories of early ransomware targeting personal computers, while Shawn raised questions about Bitcoin ATMs and their actual usage. The conversation concluded with discussions about AI security risks, a recent report from Latio, and Neil's observations about analyst James Spurthoddy's unique background in cloud security.

AI Security: Challenges and Extensions

The group discussed AI security and the findings of an IDC report on CNAPP 2025, which concluded that AI security is an extension of existing security tools rather than a standalone category. Neil shared insights from a recent PR request about a tech report, emphasizing that organizations should wait for their existing security vendors to extend their capabilities into AI security. Jay highlighted the unique challenges posed by generative AI, including prompt injection and output sanitization, while Alhaji raised questions about incident response and forensics in AI-specific attacks. The discussion touched on the need for organizations to proactively address AI security through threat modeling, tabletop exercises, and data collection for investigation purposes.

AI Adoption: Challenges and Implications

The group discussed the challenges and implications of AI adoption, comparing it to the early days of cloud computing. Shawn highlighted the parallels between AI and cloud, noting that organizations often lack understanding of the technology and its risks, leading to potential security issues. Jay emphasized that AI adoption is often driven by hype and the desire to reduce costs, rather than a clear understanding of use cases. The conversation also touched on the ethical concerns of using AI, with Neil warning about the dangers of using AI to create and spread false information. The discussion concluded with a mix of skepticism and optimism about AI's future impact, with some participants expressing concerns about overhype while others remained optimistic about its potential benefits.

LLM Challenges and Misuse Concerns

The group discussed the limitations and challenges of using Large Language Models (LLMs) in various applications, with Aaron expressing frustration over their misuse as complete workflows and highlighting security issues when used with cloud infrastructure. Neil shared his experience with an LLM tool for competitive intelligence, noting its ineffectiveness and the contrasting reactions from technical and non-technical users. Alex emphasized the need for human oversight in AI applications, particularly in security, and viewed AI as a tool with significant limitations, while Alhaji and Juninho discussed the risks of organizations rushing into AI adoption due to competitive pressure, potentially incurring technical debt.

AI Security and Privacy Challenges

The group discussed concerns about AI and agentic AI, including security and privacy issues, with Paul sharing insights from Meredith Whitaker about the need for careful consideration of these challenges. They explored how developers are addressing these concerns through technical solutions like browser lists and ephemeral credit cards, and debated the intrinsic limitations of LLMs and their hallucinations. The conversation shifted to a study showing that using LLMs for cognitive tasks can make people less engaged, and Jay suggested that this could lead to a resurgence of authentic, human-generated content as a valued commodity. Neil shared a positive use case from Wiz, highlighting how small language models can effectively detect secrets in code, demonstrating a practical and beneficial application of AI technology.

AI's Impact on Education Concerns

The group discussed concerns about the impact of AI and LLMs on education and cognitive development. San and Fernando shared experiences about how AI tools are being misused in academic settings, with San noting that AI detection systems sometimes flag legitimate submissions due to common words. The discussion highlighted how reliance on AI tools for writing essays and solving problems may be leading to decreased critical thinking skills and a generation of students who don't fully understand the material they're learning. The conversation ended with Shawn requesting participants to share their LinkedIn profiles and encouraging suggestions for future speakers.

Next steps

- Alhaji to prepare slides and share his story about joining Wiz for next week's Cloud Security Office Hours meeting. - Shawn to tentatively schedule Alhaji as the speaker for next week's meeting. - Shawn to consider recording Alhaji's presentation for promotional purposes.

Disjointed Discussion Without Clear Context

The transcript appears to be a disjointed collection of phrases and words without a clear context or coherent discussion. It does not contain any decisions, alignments, action items, or open questions that can be summarized.

Meeting Attendance and Group Dynamics

Shawn led a casual meeting with Neil and Jay, discussing attendance patterns and the effectiveness of email notifications for meetings. They noted that sending emails the night before often resulted in lower attendance, while sending them during the hour of the meeting seemed to increase participation. Alex joined later, mentioning their preference for smaller group discussions over larger ones, as they believed smaller groups fostered better conversations. The conversation ended with Shawn and Alex discussing the benefits of smaller group dynamics, while Neil was present but not actively participating in the conversation.

Cross-Location Weather Discussion Meeting

The group discussed weather conditions across different locations, with participants from California, New York, Chicago, and Ontario sharing their experiences. Alan joined the call from Boston, and Alhaji was congratulated for his recent success at Wiz, with plans to document his story. Jay mentioned he would provide a recap of a recent event called "Reinforce," noting that his report would be internal to SAP and contain his personal opinions.

AWS Cloud Security Conference Review

Jay attended AWS's Annual Cloud Security Conference, which had about 5,000 attendees focused on topics like sovereign cloud, security at scale, and alert fatigue. The keynote, delivered by new CISO Amy Herzog, emphasized AWS's use of AI in security but received a muted response when transitioning to AI topics. Jay noted that many announcements, such as extended threat detection and new security features, were incremental and already in use by some customers, though AWS's security offerings remain mature overall.

European Cloud Sovereignty Debate

Jay discussed the European Union's approach to cloud computing, highlighting AWS's plan to build parallel cloud regions in Europe for guaranteed data control and compliance with EU laws. He noted that while this addresses European concerns about data sovereignty, there is skepticism about its sufficiency, as individual EU countries may want their own sovereign clouds. Bartek emphasized that the issue is primarily political, with a need for a strong European hyperscaler to reduce dependency on US-based companies, but he expressed frustration with the lack of innovation in European cloud alternatives.

Sovereign Clouds: Control and Efficiency

Shawn and Jay discussed the concept of sovereign clouds, with Shawn explaining that their primary purpose is to give sovereign states control over data stored within their borders. Jay suggested that encryption key control is more important than physical data center security, and proposed that Google's approach of treating sovereign clouds as features of existing regions is more efficient than AWS's parallel cloud model. Jay also shared insights from recent meetings with community leaders, including Torsten Deuttrech from Global Dots, a cloud and cybersecurity consultancy firm, and Ross Haleliuk, a cybersecurity blogger and author.

Cloud Security and GRC Innovation

Jay discusses several cloud security and governance topics. He mentions the emerging discipline of GRC (Governance, Risk, and Compliance) engineering for cloud infrastructure, noting its potential as a future area for innovation. Jay also introduces Tam Noon, a tool that helps with managed remediation by creating prioritized remediation plans for developers. The conversation then shifts to the challenges of ownership in cloud security, with Shawn highlighting the need to consider both business and application ownership when assessing GRC posture. They discuss how some tools are beginning to integrate ownership data to provide more business-oriented insights. Jay concludes by mentioning several other security companies and tools, including Sierra for data security, Orca and Wiz for cloud security, and Sneak for developer security tooling.

Optimizing Data Storage and Access

Jay discussed the challenges and opportunities in distributed query and federated search platforms, comparing them to existing data solutions like Splunk and data lakes. He emphasized the importance of efficiently managing data storage by categorizing it into different tiers based on usage, such as business-critical data in in-memory databases, analytics data in relational databases, and archival data in cheaper storage solutions. Jay suggested that startups should focus on orchestrating this data management approach to optimize costs while maintaining effective querying capabilities.

AWS Security Hub and SAP Conference

The team discussed AWS Security Hub, noting confusion about its recent announcement as it seemed incremental to existing features. Juninho suggested it might be a new version, while Jay expressed concern about the lack of clear communication about whether it was a full rebuild. Jay shared insights from a recent AWS Reinforce conference, highlighting a joint session with SAP and a positive interaction with a vendor who approached them after seeing the session. The vendor's interest demonstrated the disconnect between their customers' awareness of SAP and their own ecosystem, prompting Jay to consider attending the conference again next year.

Meeting Plans and Safety Discussion

The meeting began with Jay recounting his delayed return from Philadelphia due to thunderstorms, mentioning his experiences there including a Juneteenth block party. Shawn noted the large attendance of 17 people and mentioned plans for a future meeting with Alhaji, who expressed interest in sharing his story and preparing power slides. The group discussed fireworks safety concerns, with Shawn and Neil sharing experiences about illegal fireworks in their areas. The conversation ended with tentative plans for Alhaji to speak at the next meeting, pending confirmation.

Next steps

- Brian: Follow up on job interview next Thursday - Armando: Begin next rotation in product security team - Alhaji: Present his scheduled talk in 4 weeks - Sam: Present upcoming scheduled talk - Stryker: Continue working with the team member on writing/editing challenges, focusing on gentle coaching approach

Indecisive and Disjointed Discussion

The meeting transcript appears to be a mix of casual conversation and song lyrics, with no clear decisions, action items, or substantial discussion topics. The dialogue consists mainly of greetings, thank yous, and brief exchanges, without any coherent topic or conclusion.

Cybersecurity Rotational Programs Discussion

The meeting began with introductions from new attendees, including Brian McClellan, who manages principal architects at Wiz, and Armando, who is in a rotational cybersecurity program at a company in Chicago. The group discussed the benefits of rotational programs in cybersecurity, with Armando sharing his experience in secure design and upcoming rotation in product security. Shawn emphasized the importance of networking within the group for career development. The conversation ended with Stryker mentioning a rotational program at his company, highlighting its similarity to Armando's experience.

Geico's CDP Program Overview

Stryker discussed Geico's CDP (Cyber Defense Practitioner) program, explaining that they typically get 2 CDPs every 6 months who work on threat intelligence platforms and automation projects. He detailed the onboarding process, which includes 2 weeks of shadowing and a living document of requirements, emphasizing the importance of making new CDPs comfortable taking action and asking questions. The program rotates CDPs every 6 months, during which they participate in quarterly and monthly report assembly, and Stryker noted that while 6 months might seem short, it provides enough time for meaningful contribution while maintaining flexibility for team needs.

Cybersecurity Training and Onboarding Challenges

The team discussed challenges in cybersecurity training and onboarding, particularly for new hires with theoretical knowledge but limited practical experience. Stryker explained their approach of shorter rotation cycles to provide broad exposure across teams while identifying potential long-term employees within the first six months. Neil emphasized the importance of creating a safe environment where employees feel comfortable asking questions and making mistakes, which is crucial for both personal growth and enterprise security. The discussion concluded with examples of real incidents where mistakes led to significant technical issues, highlighting the value of learning from accidents and fostering a culture of openness.

Effective Question-Asking in the Workplace

The group discussed the importance of asking questions in the workplace, particularly for those early in their careers. They emphasized that it's okay not to know everything and that seeking help is a sign of strength, not weakness. Tyler shared a document on how to ask questions effectively, which includes providing context, showing your work, and asking in a way that's easy to answer. The discussion also touched on the role of mentors in helping junior employees grow and the need for both mentees and mentors to be respectful of each other's time. They agreed that while it's important to create safe spaces for learning, it's also crucial to be able to navigate toxic work environments.

Challenges in Feedback and Management

The group discussed challenges in mentoring and managing colleagues who struggle with taking constructive feedback, particularly in writing and editing roles. Stryker shared her experience with an employee who resists her editorial guidance, while Jay emphasized that company writing is not personal expression but corporate copy subject to review and revision. The discussion concluded with Brian sharing his approach to managing a senior developer who lacks respect for him, and Shawn highlighted Wiz's success through strict hiring criteria focused on cultural fit rather than technical expertise alone.

Next steps

- Stryker: Prepare and deliver a 20-25 minute presentation in two weeks about the threat intelligence platform implementation and workflow - Sam Booker: Deliver presentation at next week's Cloud Security Office Hours meeting - Dave: Support Walid with Azure Copilot Studio implementation questions and connect with CSP resources if needed - Walid: Follow up with Dave regarding Azure Copilot Studio implementation challenges and requirements - Shawn: Create and share a Signal group chat for Cloud Security Office hours members via email - Shawn: Share master list of LinkedIn connections in next week's chat - Chris: Share Cloud Security Office Hours LinkedIn page with new members - Janae: Send mailing address to Shawn via LinkedIn to receive Kevin Mitnick gear package

Disjointed Discussion on Control Systems

The transcript appears to be a disjointed conversation with repeated phrases and unclear context, making it difficult to extract a coherent summary. The discussion seems to touch on themes of control, systems, and relationships, but lacks clear decisions, action items, or substantial content that would be helpful for someone who missed the meeting.

Tech Topics and Encryption Claims

Shawn discussed various topics including Apple, crypto wallets, and VPNs. He mentioned having an Apple IV YouTube account and Netflix. Shawn also talked about hacking and encryption, claiming to have encrypted data and taken down backups. He boasted about his skills and mentioned a crew involved in these activities.

Disjointed Multi-Language Greeting Session

The transcript appears to be a disjointed collection of phrases and greetings in multiple languages, with no clear discussion or decisions made. It does not contain any actionable information, decisions, or next steps that would warrant a meaningful summary.

Cybersecurity Techniques and Challenges

Shawn discussed a series of technical actions and observations related to cybersecurity, including patching, backend streams, and payload distribution. He mentioned moving through hosting environments and slipping through security measures undetected. Shawn also touched on the financial aspects of maintaining server space and expressed confidence in his ability to navigate the challenges ahead.

Meeting Attendance Despite Date Mistake

Shawn accidentally sent out an email with the wrong date, which may have caused some confusion or absence from the meeting. Despite this, a small group of attendees, including Umang, Dave, Alex, and WalidYaqoobi, joined the meeting. Shawn acknowledged the mistake and greeted everyone present.

AI-Generated Music Parody Discussion

Stryker shared an AI-generated parody song called "Cyber House Rock" that he had been working on for five months, which the group found amusing and well-crafted despite its technical content. The team discussed the process of creating the song, including the time-intensive nature of prompt engineering and lyric generation, with Stryker expressing interest in improving the efficiency of the process. Brian suggested exploring AI-generated singer covers for future projects, and Stryker mentioned plans to create a digital music video for a song called "Fake Story Hello."

Cloud Security Office Hours Discussion

The Cloud Security Office Hours meeting began with Shawn welcoming new participants, including Sean who found the group through a search and has a background in plant science and software engineering. The meeting discussed a question from Dee about hiring a cybersecurity student with a criminal record, with Shawn sharing his experience about Kevin Mitnick and noting that while some in the industry view felons as untrustworthy, it's not an absolute barrier. Chris suggested that entrepreneurship might be a better path for someone with a felony record, and recommended looking into riskit.co for potential resources. The conversation ended with Shawn announcing he would send out a package of Kevin Mitnick memorabilia to a random participant.

Cybersecurity Hiring for Ex-Convicts

The group discussed the challenges faced by individuals with criminal backgrounds, particularly in cybersecurity roles, emphasizing the need for expungement and upfront disclosure to employers. Stryker highlighted that redemption is possible but often requires exceptional skills and networking, while Don suggested exploring organizations like Rise Kit that facilitate hiring for individuals with criminal records. Neil and Chris agreed that networking and building trust are crucial, with Neil adding that companies will likely continue to prioritize compliance and clear hiring criteria. The conversation concluded with plans for attending upcoming cybersecurity events like Black Hat and DEF CON, where participants planned to connect and share resources.

Signal Chat Setup and Guidelines

The group discussed setting up a Signal group chat in addition to their existing Discord channel to better facilitate communication, particularly for those who don't use Discord. They welcomed new member Tysheona, who introduced herself as a senior network security student and application analyst just starting her cloud security journey. The group emphasized that their meetings are a safe space for discussion, with recordings only made for presentations or when specifically agreed upon by all participants, and they clarified that vendor pitches or criticism of certain companies like Palo Alto are not allowed.

AI Talent Market Competition Dynamics

The meeting focused on the intense competition in the AI talent market, with large tech companies offering unprecedented signing bonuses and salaries to attract top talent. Participants discussed the current AI hype cycle, market dynamics, and potential future developments, including the possibility of market dominance by one company. They also touched on the challenges of implementing AI securely and effectively in operations, emphasizing the need for practitioners to become experts in making AI useful and safe in their respective fields.

AI Hype and Technology Trends

The meeting began with a discussion about AI, focusing on the current hype around large language models (LLMs) and their potential impact on the tech industry. Chris and others shared their perspectives on the misunderstanding of AI and the overhype surrounding it. The conversation then shifted to a historical overview of technology trends, with participants mentioning various buzzwords and technologies that have come and gone over the years. Stryker shared his experience building a threat intelligence platform and sought help in improving it, which led to suggestions from Dave about presenting the system and gathering feedback. The conversation ended with WalidYaqoobi raising concerns about Microsoft support issues and Dave offering to assist based on his experience.

Next steps

- Sam: Present cloud security deck and share pitch deck presentation materials with the group - Team: Add LinkedIn profiles to the chat and connect with each other for future networking - Team: Practice and refine elevator pitches for different scenarios and audience types - Team: Incorporate 8th-grade level language and real-world examples when explaining technical concepts to non-technical audiences - Team: Adjust communication style, pace, tone, and knowledge level based on audience expertise - Team: Review and update LinkedIn profiles and resumes to effectively communicate value proposition - Team: Incorporate personal items in virtual meeting backgrounds to create a more relatable presence - Shawn: Post Sam's presentation on the company website and manage recording functionality during the presentation - Truong: Send Shawn his address for potential laptop camera swap and repair work laptop camera before next meeting - Federico: Prepare for presenting on cloud security at Salesforce - Neil: Share the recording of Sam's presentation with the intern preparing for Black Hat conference - Ross: Practice explaining technical concepts in simpler terms for non-technical audiences - Patrick Burke: Present next week - Shawn: Review Patrick's presentation overview - Jay: Support colleagues working through SharePoint-related issues - Team: Use Chat GPT to help explain roles and technical concepts at an 8th-grade level - Team: Reflect on and analyze pitch delivery after each practice session and learn from feedback - Javier: Continue networking with group members and practicing adjusting communication style - San: Consider using ChatGPT to help explain technical concepts at an 8th-grade level - Truong: Bring phone setup for next meeting if laptop camera remains broken

Disjointed Meeting Discussion Summary

The meeting transcript appears to be a disjointed sequence of phrases and sentences without a clear coherent discussion or decision-making process. The content lacks structured dialogue or actionable outcomes, making it difficult to extract meaningful information or summarize the meeting's purpose and conclusions.

Casual Conversation and Greetings

The meeting transcript appears to be a mix of casual conversation and greetings in both English and Chinese, with mentions of birthdays, iPhones, and Wi-Fi. There were no clear decisions, action items, or substantial discussion points captured in this transcript.

Technical Difficulties and Presentation Planning

San and Shawn experienced technical difficulties with audio and speakers at the start of their meeting. After resolving the issues, they discussed the agenda and confirmed San's presentation would be less than 30 minutes, allowing time for introductions. The conversation ended with various participants exchanging greetings and farewells in different languages.

Cloud Security Office Hours Introduction

The meeting began with introductions for new participants, including Javier, Matthew, and Truong, who shared their backgrounds and interests in cloud security. Shawn emphasized the purpose of the Cloud Security Office Hours as a safe space for presenting and networking, encouraging participants to introduce themselves and share their experiences. San was scheduled to present a deck, but technical difficulties with screen sharing delayed the start. Federico also introduced himself as a new member, highlighting his background in cloud security. The conversation ended with Sam preparing to present her slides, and Shawn confirmed the session was being recorded for posterity.

Mastering the Elevator Pitch

San, a communication specialist and public speaker, shared insights on crafting effective elevator pitches. He emphasized the importance of capturing attention within the first 8 seconds and highlighted statistics showing the impact of well-crafted pitches on career advancement. San advised using a combination of recording and mirrors to practice pitches, focusing on both verbal and non-verbal communication. He outlined the key components of a pitch: a hook to grab attention, a unique selling proposition (USP) to highlight value, and a call to action (CTA) to encourage engagement.

Effective Communication and Networking Strategies

San discussed strategies for effective communication and networking, emphasizing the importance of tailoring messages to different audiences. He advised matching the pace, tone, and knowledge level of the listener, and provided examples of how to present oneself effectively to recruiters, CTOs, and peers. San also highlighted the need to identify and articulate one's unique value proposition, focusing on results and outcomes rather than job titles. The discussion included tips for connecting with others naturally and authentically, as well as the importance of understanding cultural and linguistic differences in global settings.

Effective Pitching and Communication Strategies

San discussed strategies for effective pitching and communication, emphasizing the importance of being conversational, relatable, and authentic. He advised against using excessive jargon, rambling, or underselling one's capabilities, and stressed the need to practice and believe in one's message. San also highlighted the significance of staying visible and positioning oneself as a strategic contributor in both new and existing job roles.

Elevator Pitch Mastery Strategies

San delivered a presentation on the importance of crafting a compelling elevator pitch and emphasized the need to effectively communicate one's value and expertise, especially in professional settings. He shared personal experiences and offered to help others refine their pitches, encouraging them to practice and tailor their messages to different audiences without sounding rehearsed. The audience appreciated the insights and offered feedback, with some discussing the challenges of adapting communication styles to different levels of expertise and the importance of audience awareness.

Effective Communication in Technical Roles

San presented on the importance of effective communication in technical roles, sharing insights on explaining complex concepts to non-technical audiences and the need to edit one's communication style for different contexts. The session resonated with attendees, who shared personal experiences and discussed the challenges of explaining technical work to others. Shawn announced that San's presentation would be posted on the CSOH website, and Patrick confirmed he would be presenting next week.

Next steps

- Shawn: Finalize the challenge coin design and production - Shawn: Distribute challenge coins to speakers, with Neil and Alhaji being first recipients - Alhaji: Present on career journey and transitioning into cloud security on the 29th - Matt: Present on his AI agent implementation to the group at a future meeting - Shawn: Consider organizing a session on cybersecurity history with veteran members sharing stories - Don: Reach out to Cole Horseman about giving a talk on leveraging and building things with AI - Shawn: Follow up with Neil about Mandiant/Google Cloud experience before Wiz moves in as "cubicle neighbors - Jay: Continue discussions on STRIDE threat modeling methodology for Agentic AI, particularly focusing on repudiation aspects - Matt: Complete the rebuild and new deployment of his agent system in the next 3 weeks - Shawn: Coordinate with Matt on scheduling the presentation, potentially pre-recording it if timing is an issue - Shawn: Follow up with Matt about visiting him in Australia - Shawn: Send package to D this weekend - Matt and his wife: Set up their consultancy website - Shawn: Evaluate continued funding for the Discord server based on activity levels - Group members: Help spread the word about Shawn's platform to reach 2,000 users

Russia Investigation Origins and Media Influence

The discussion focused on the origins of the Russia investigation into Donald Trump, with the speaker expressing skepticism about the initial claims and highlighting the potential influence of unnamed intelligence officials. They discussed the role of the media, particularly the New York Times, in reporting on the investigation, and the speaker suggested that the Obama administration may have been involved in creating a narrative to undermine Trump. The conversation also touched on the Durham report and the possibility of further revelations from an ongoing grand jury investigation.

Health Challenges and Resilience

Shawn and Matt shared personal experiences with health challenges, including Shawn's battle with cancer and a benign brain tumor that resolved itself through internal bleeding. They also discussed Matt's experiences with his wife's pregnancy and a stolen moving truck, highlighting the unexpected and challenging events they've faced. Both expressed a sense of humor and resilience in dealing with difficult situations.

Starting a Consultancy Business

Matt shared that his wife recently lost her job and they decided to start their own consultancy business, with their first client call occurring that morning. Shawn acknowledged this as a positive sign and discussed how people often underestimate the value of certain skills in different contexts. They also exchanged personal anecdotes about their early experiences with automation and data entry, highlighting how Matt's creative approach to automation led to his termination but ultimately set him on a path to success in that area.

Challenge Coins and Prank Stories

Shawn shared a humorous story about being temporarily fired from a wafer fab job after a prank went too far, but was quickly promoted to a new role by a new manager. The group discussed the tradition of challenge coins, with Jay showing off several coins he had earned, including a rare CISA coin. Shawn mentioned he was working on creating custom challenge coins for the group, which would be distributed once they were ready.

Cloud Security Office Hours Overview

Shawn welcomed new participants to Cloud Security Office Hours, emphasizing its open and interactive format. Carole, a novice in AI, expressed interest in discussing copyright protection in the AI space, while Alex shared his interest in the historical aspects of cloud security. Shawn, known for his extensive industry experience, offered to share stories from his time in Silicon Valley, including encounters with Steve Jobs and Steve Wozniak. Participants were encouraged to network by sharing their LinkedIn profiles and to utilize the group's Discord channel, which has grown to 500 members.

Black Hat Conference Insights

The group discussed the recent Black Hat conference, with Neil sharing his experience that it was busier than usual and more valuable than RSA, which he attributed to fewer vendor pitches and more learning opportunities. Ross corrected the media's misreporting about a Google hack, clarifying it was actually Salesforce that was targeted. Alhaji announced he would be presenting on the 29th, focusing on his career journey in cloud security, and Shawn mentioned he might receive the first Cloud Security office hours challenge coin if the presentation is successful.

Origins of Cybersecurity Conferences

Shawn shared the origins of DEF CON and Black Hat conferences, explaining that DEF CON began as an impromptu party in Las Vegas that evolved into an annual hacker event, while Black Hat was created as a response to address cybersecurity concerns. Don expressed interest in bringing Cole Horseman as a guest speaker to discuss AI integration and fact-checking, while Jay mentioned a potential session on Agentic AI threat modeling related to an OWASP event at Black Hat featuring Ron del Rosario and Helen Oakley.

AI Security and Accountability Challenges

Jay discussed the challenges of threat modeling in AI systems, particularly focusing on the role of repudiation and the potential for non-deterministic behavior leading to disputes. He highlighted the importance of ensuring that agents act within the context of the user's intent and emphasized the need for strict guardrails to prevent autonomous actions by AI systems. Matt shared his approach of treating AI agents like "dumb interns" by limiting their permissions and implementing robust logging and monitoring systems. The group agreed that as AI systems become more autonomous, new security measures, such as enterprise-grade communication funnels and policy agents, will be necessary to prevent unauthorized actions and ensure accountability.

AI Automation and Security Insights

Matt shared his experience using a low-code platform called Tray.io to automate workflows, including detecting and fixing mobile app crashes. He emphasized the importance of carefully scoping permissions for AI agents to prevent unintended damage, and discussed his approach of requiring human approval for critical changes. The group also discussed recent AI security incidents and a study showing AI's lack of understanding of harm, with Matt recalling an experiment where two agents created their own language that became unreadable. The conversation ended with plans for Matt to potentially give a presentation about his automation work in the future.

AI Orchestration and Incident Response

The team discussed Matt's development of AI agents, particularly Mamea, which now serves as an orchestration layer for 25 specialized agents, simplifying user interactions. Matt shared that he's implementing an incident response feature that automatically generates 80% of an incident report, reducing workload for engineers. The group debated the broader implications of AI adoption, with Shawn noting a rapid shift in executive attitudes toward AI, while Matt expressed concerns about engineers spending more time on prompt engineering and debugging when using AI tools. The conversation ended with Shawn encouraging participants to spread the word about the platform, which is currently at 1,960 users, and a lighthearted discussion about potentially organizing a gathering in Australia.

Next steps

- Shawn and Dave: Complete their megaport presentation materials this week. - Shawn: Sign the contract for the megaport presentation. - Dave: Create slides for the cloud security presentation focusing on "Why is cloud a different problem than on-prem". - Alex: Add the recurring Cloud Security Office Hours meeting to his calendar using the link in Shawn's email. - Alex: Continue managing new responsibilities while documenting challenges and potential solutions for the MSSP organization. - Walid: Research and share effective strategies for deploying AI tools to business users who have limited technical knowledge of LLMs and RAG technologies. - Brian: Establish guidelines for using AI tools within his team to prevent his president from implementing AI-generated proof of concepts directly into production. - Milos: Develop and share best practices for implementing AI guardrails and context engineering for cybersecurity applications. - Kimberly: Continue developing and testing the technical accreditation program using AI assistance while ensuring accuracy of content. - Jay: Follow up on the OS Agentic AI Project progress and share updates with the team. - Paul: Research articles on AI energy consumption costs as discussed by Shawn. - Shawn: Find and share a link about energy consumption comparison between Google search queries and ChatGPT prompts. - Shawn: Create more recognition coins for speakers and contributors to the group. - Shawn: Continue sending meeting reminder emails before the Cloud Security Office Hours sessions. - Team: Continue discussions on AI guardrails and security implications in next week's meeting. - Team: Consider attending the next informal Cloud Security Office Hours breakfast at future security conferences.

Bilingual Text Display Review

The screen-share displays a mix of English and Chinese text, including song lyrics, greetings, and disconnected phrases. The content appears to be random with recurring phrases like "好" (good), "謝謝" (thank you), and "I love you" appearing multiple times, along with some iPhone references and birthday wishes. The transcript does not contain a coherent discussion with decisions or action items.

Cloud Security Presentation Planning

Shawn and Dave discuss their upcoming presentation for a megaport event, realizing they need to finalize preparations this week as the deadline approaches. Dave has signed the contracts and submitted his bio, while Shawn has completed the initial part but still needs to handle the contract. They debate the content of their presentation, with Dave suggesting a focus on initial cloud setup considerations and architecture options, while Shawn believes they should address why cloud security presents different challenges than on-premises environments. Their different perspectives - Dave's architectural approach versus Shawn's security concerns about the numerous attack vectors in cloud environments - will make for a good discussion format for their presentation.

Cloud Security Challenges and Opportunities

Dave and Shawn discuss the security implications of cloud computing, with Shawn emphasizing that cloud environments are fundamentally different from on-premises deployments because cloud services are API-enabled and can have multiple owners with change rights. Dave acknowledges these concerns while suggesting that restricting public access to applications can reduce attack vectors, though both agree that cloud security requires additional measures like encryption at rest. Alex joins the call and shares that he has been promoted but has absorbed multiple responsibilities from departing colleagues, giving him the opportunity to address long-observed problems despite having less free time.

Cloud Security Office Hours Discussion

Alex discusses his experience at an MSSP, noting that despite the high turnover and demanding nature of the job, he values the unique opportunities it provides, such as running tabletop exercises for clients which he finds enjoyable. The group welcomes several members to the Cloud Security Office Hours meeting, with Shawn mentioning there's a recurring calendar invite in the emails he sends. Neil shares his observations from Black Hat, reporting that attendance seemed low overall, with the AI pavilion notably repelling security professionals, though he enjoyed the informal Cloud Security Office Hours breakfast meetup.

AI Hype vs. Practical Reality

Jay notes that executives who want to replace employees with AI would have used other means before AI existed. Neil mentions that his former employer's marketing team pushed AI messaging because it generated signups, despite his reluctance. Roland shares his disappointment from Black Hat where many companies displayed AI messaging but had little substance behind it, with some booth staff admitting it was just marketing. Brian expresses frustration about being caught between the reality of AI tools (which sometimes help but often fail) and the hype from business leaders and influencers. Shawn believes an AI reckoning is coming due to unsustainable costs, while Alex views AI as the next industrial revolution that, despite current limitations, has potential for breakthroughs in medicine and energy.

AI Capabilities: Skepticism vs. Productivity

Jay expresses skepticism about AI capabilities, suggesting the technology needs reasoning models that don't yet exist to achieve its promised potential, and fears resources are being wasted on what might be a dead end. Shawn counters with examples of AI providing significant productivity boosts, including an instance where an internal AI tool provided more concise and accurate information than human colleagues could. Ed shares a cautionary experience where AI helped him build a comprehensive but ultimately useless audit model, emphasizing the difficulty in determining if AI outputs are valid, while Kimberly describes successfully using AI to create a technical accreditation program despite its limitations, suggesting AI works best as a collaborative tool that requires verification.

AI's Unsustainable Energy Crisis

Paul asks Shawn to elaborate on the energy problem related to AI, and Shawn explains that AI services currently consume massive amounts of energy that is not being adequately paid for by users. Jay adds that data centers are already causing water shortages and power issues in local communities, with hyperscalers considering buying nuclear power stations as a solution. Shawn believes the current AI economy is unsustainable, comparing it to the dot-com bubble where companies were valued on eyeballs rather than profitability, and predicts a reckoning in the next year or two, though he sees this as an opportunity for advancements like Deep Seek that could make AI more viable.

Next steps

- All attendees: Answer the exercise questions about why they want to build a TIP, what information they want to collect, who the resulting analysis will be sent to, and what action they expect the recipient to take. - All attendees: Find a primary source article they're interested in and locate its hidden RSS feed using the techniques demonstrated. - All attendees: Consider their existing tools and skills before implementing a new threat intelligence platform. - A.: Share the presentation slides with Shawn for posting and with all attendees. - Attendees: Review the slides shared by A. for reference on RSS feed discovery techniques. - Shawn: Post the presentation recording and deck on the site.

Cybersecurity Threats and Scam Tactics

The screen-share appears to display a series of disconnected text fragments that resemble lyrics or a script about cybersecurity threats and scams. The content warns about various deceptive tactics including fake PDFs, command execution, credential theft, cryptocurrency scams, and remote work deception techniques like using mouse jigglers and VPNs. There are also references to data exfiltration and mentions of fake identities being used for malicious purposes.

Air Combat USA Flight Experience

The screen share displays a mix of content including messages in different languages, song lyrics, and a promotional video for Air Combat USA. The video features Brad Daisy, a retired US Navy Defense Commander, explaining their combat flight experience program where participants can engage in dogfighting simulations without prior flying experience or a pilot's license. Commander Mike Lee describes how instructors provide verbal coaching during flights, and the program includes video recording of the entire experience from takeoff to landing.

Cybersecurity Music Video Discussion

The screen-share displays what appears to be song lyrics or a poem with cybersecurity themes, mentioning concepts like backdoors, payloads, breaches, and cyber warfare. Shawn comments "Time machine" in the chat while Carley remarks that "This songs a banger," suggesting they are watching or listening to a music video or presentation with security-related content.

Camera Issues After Apple Update

The meeting participants are experiencing technical difficulties with Shawn's camera not working after an Apple update, despite the peripheral being detected. During the meeting, there is a screen share displaying what appears to be song lyrics, with Shawn mentioning songs about crypto and A. commenting about timing the music properly. Jay suggests the camera issue might be related to a recent Apple update, while Alex confirms this is a common problem with updates affecting peripherals.

DIY Threat Intelligence Platform Workshop

Shawn welcomes everyone to Cloud Security office hours, emphasizing that it's a safe space for open discussion without anxiety or drama. Stryker begins presenting her DEF CON session about building a DIY threat intelligence platform, explaining how she accidentally created one before understanding what it was. She outlines the presentation structure, noting it was originally designed as a 4-hour workshop but condensed to 1 hour, and encourages questions and interruptions throughout.

Threat Intelligence Platform Implementation Essentials

Alex explains that CTI at Geico processes external threat indicators and intelligence to inform stakeholders and threat hunters. He describes threat intelligence platforms as systems that organize information about threats in a contextualized way for organizations, noting that commercial platforms can cost up to half a million dollars annually. Alex emphasizes that intelligence differs from raw information, requiring triage, contextualization, and repackaging to become actionable, and advises using familiar tools rather than specialized platforms when starting out. He recommends that before building a threat intelligence platform, one should define clear goals, identify the specific audience (people or tools), determine the desired actions resulting from the intelligence, and leverage existing tools and skills.

Building Effective Threat Intelligence Platforms

A. discusses how to build a threat intelligence platform (TIP) by selecting reputable sources, emphasizing the importance of primary sources over secondary ones for faster access to information. She shares her seed source list and explains that while it initially seems time-consuming, the process can be streamlined to about 15 minutes daily through automation and proper source selection. A. clarifies that her full-time job involves synthesizing threat intelligence for non-technical stakeholders, and she advises beginners to start with recent articles rather than trying to process everything ever published. When asked about Darknet forums, she suggests that for a basic TIP, relying on established researchers is sufficient rather than attempting to infiltrate these communities directly.

Finding Hidden RSS Feeds

A. explains how to find hidden RSS feeds on websites, particularly for primary sources like Microsoft's security blog, by inspecting page source code and searching for RSS or XML tags. She demonstrates techniques including using Google Alerts, examining URL structures, adding "/feed" to URLs, and checking robots.txt or sitemaps. A. recommends organizing feeds by primary sources (researchers and communities) versus secondary sources (media), and shares that she uses Feedly to manage her information feeds with specific organizational structures. She cautions against including comment feeds to avoid information overload and notes that Reddit communities like r/cybersecurity can be valuable sources for breaking security news.

Automating Threat Intelligence Collection

A. explains how to automate information collection and management for a minimum viable threat intelligence platform. She recommends using tools like Feedly for RSS feeds, which can integrate with Slack, and emphasizes the importance of capturing metadata (title, publication date, source) when storing information. A. discusses various automation options including Zapier and Shufflerio, storage solutions like Airtable, and distribution channels for sharing findings. She cautions against overreliance on generative AI for analysis, noting its limitations with hallucinations and inability to convert information into intelligence without human context.

Next steps

- Alhaji: Continue sharing his cloud security journey and experiences with the group. - New attendees: Consider preparing presentations for future Cloud Security Office hours. - Levente: Attend more regularly now that his schedule allows.

Security Protocols and Threat Detection

The meeting transcript appears to be a technical discussion about security measures and threat detection, with participants discussing various security protocols and responses to potential threats. The conversation includes references to logging, access controls, and the detection of suspicious activities. Shawn shared a music playlist link, and Mischa briefly acknowledged the discussion. The overall tone suggests a focus on security operations and incident response.

Journey to Cloud Security Success

Alhaji Bah shared his journey from HR to cloud security, highlighting his transition from a traditional HR role to becoming an associate technical account manager at Wiz. He emphasized the importance of continuous learning and networking, particularly through Cloud Security Office Hours, where he has been an active participant for almost 2.5 years. Alhaji's presentation was designed to be interactive, encouraging questions and discussions, and aimed to inspire others by demonstrating that a career in cloud security is achievable with dedication and perseverance.

Career Transition: Athlete to Cloud Tech

Alhaji shared his personal journey from being a track and field athlete at Radford University to transitioning into the cloud technology field after being laid off from his HR role in 2022. He discussed his background in computer science, his experience in HR, and the challenges he faced in making the career change, including his learning disability and financial concerns. Alhaji emphasized the importance of perseverance and adapting his mindset from a sprinter to a marathon runner in his new career path.

Journey to Cloud Security Success

Alhaji shared his personal journey from a non-technical background to becoming a cloud security professional, emphasizing the importance of patience, continuous learning, and networking for early-career developers and career transitioners. He highlighted his experience working as a data center technician at AWS, attending a cloud DevOps bootcamp, and leveraging certifications and practical projects to build a digital presence and gain confidence in the field. Alhaji also encouraged attendees to invest in themselves through bootcamps and to embrace failure as a learning opportunity, while Shawn supported the value of bootcamps for skill development.

Degree vs. Open Source Coding

Kyle Ingersoll discussed his dilemma about pursuing a four-year degree versus focusing on open source coding. The community provided mixed advice, with some suggesting that a degree is essential for job prospects, while others highlighted the value of practical experience and networking. Neil emphasized the importance of a degree in the current job market, particularly for entry-level positions, while Mischa stressed the value of building a community and network during college. Josef shared his positive experience with completing both bachelor's and master's degrees in engineering and computer science, noting the discipline and depth of knowledge gained.

Career Transition Strategies in Cloud Security

Alhaji shared his journey of transitioning into cloud security and ultimately landing a role at Wiz, emphasizing the importance of resilience, networking, and documenting one's journey. He highlighted the challenges he faced, including numerous rejections, and stressed the value of persistent effort and building relationships in the industry. Kyle asked about strategies for career transition, and Alhaji advised being proactive and networking intensively with potential contacts. Chris emphasized the importance of building long-term relationships and staying the course, even in the face of setbacks. The session concluded with Shawn encouraging attendees to spread the word about the group's successes and to introduce themselves to build their network.

Next steps

- No next steps were provided in the input. Please provide the extracted next steps that need to be summarized and ranked.

Indecipherable Meeting Discussion Summary

The meeting transcript appears to be a mix of Chinese and English phrases, with some musical lyrics and casual conversation. The content does not contain clear decisions, alignments, or action items that would warrant a meaningful summary. Without more coherent discussion or structured content, it's not possible to provide a useful summary of the meeting's outcomes or next steps.

Disjointed Discussion on Various Topics

The meeting transcript appears to be a disjointed collection of phrases, greetings, and comments in what seems to be a mix of Cantonese and English, without a clear discussion thread or decisions made. The conversation includes exchanges about music, shopping, and technical terms like "ToolShell" and "SharePoint," but no coherent topic or action items emerge.

Cloud Security Office Hours Overview

The meeting began with casual conversation about water polo and its dangers, followed by Shawn welcoming participants to Cloud Security Office Hours. Shawn shared that he had sent out packages and stickers to several members, including a rare 1998 issue of Kevin Mitnick's newsletter. He emphasized the vendor-agnostic nature of the group and reminded participants not to use the forum for marketing purposes. The conversation ended with a discussion about the importance of vendor discussions and strong opinions in fostering productive conversations.

AI Cybersecurity: Challenges and Prospects

The group discussed the current state and challenges of AI in cybersecurity, particularly focusing on vendor demos and implementations. Roland shared his upcoming panel discussion on AI and security, emphasizing its focus on thought leadership rather than sales. The conversation then shifted to a recent Black Hat demo by Snyk, where a young presenter showcased their Gen AI patch generation tool, though the demo encountered technical difficulties. The team debated the practicality and effectiveness of AI tools in security, with Jay and Neil highlighting the disconnect between vendor excitement and buyer skepticism, while Shawn shared positive experiences with AI implementation in their platform for policy generation and threat storyline creation.

Securing Agentic AI Systems

The meeting focused on the challenges and approaches to securing AI systems, particularly agentic AI. Alejandro emphasized the need to run AI systems side-by-side with manual processes to identify limitations and hallucinations, drawing parallels to onboarding new employees. Jay and Shawn highlighted the importance of understanding and monitoring AI usage within organizations before implementing security measures. Tyler discussed the complexities of securing AI systems, including data contamination during model training and the challenges of managing non-human identities generated by AI agents. The group also touched on the need for better threat modeling and authorization frameworks for AI systems.

AI Security and Professional Responsibility

The meeting participants discussed the challenges of AI security and the responsibilities of professionals in the field. Jay advised Brian to document risks when faced with ethically questionable requests from CEOs, noting that CEOs ultimately bear accountability. Paul expressed concerns about the lack of time to be truly competent in AI and cybersecurity, given the rapid pace of product releases and the complexity of the field. Neil shared a personal anecdote about a university's openness policy and suggested focusing on regulatory and compliance issues when discussing AI risks. The conversation touched on the evolving nature of security threats and the need for appropriate controls in AI systems.

Travel Safety and Data Mishaps

Shawn shared his experience of being followed and having his wallet and passport stolen in Kowloon, leading to an orchestrated setup by the police to search his hotel room. Dave recounted a professional mishap where he accidentally deleted 11 terabytes of customer data while migrating storage, emphasizing the importance of script anonymization and careful handling of critical operations. The group discussed the challenges of traveling with sensitive equipment and the need for caution, with Alhaji mentioning his birthday celebration.

Learning from Technical Mistakes

The meeting focused on sharing personal stories of technical mistakes and failures, with participants including Shawn, Dave, Neil, and others. These stories highlighted the importance of learning from errors and the value of transparency in professional settings. The group discussed the need for a future meeting where attendees could share their own mistakes, emphasizing the human element in engineering and IT work. Shawn announced that about 20 new people had signed up for the group this week and encouraged others to share topics or speak at future meetings. The conversation ended with plans to have participants introduce themselves in the next session.

Next steps

- All attendees: Consider implementing threat modeling in their security practices as discussed by Neil and Jay. - Milos: Continue developing the ontology and graph-based framework for AI guardrails and consider sharing or open-sourcing the solution. - Jay: Follow up on updates to the OWASP Gen AI Threat and Mitigations documentation. - All attendees: Review the SAP blog article on AI security shared by Neil. - All attendees: Explore the OWASP threat modeling resources shared in the chat. - New attendees: Connect with others on LinkedIn for networking opportunities. - jlewi: Consider connecting with Chris from Singapore for regional networking.

Disjointed and Fragmented Discussion

The transcript appears to be a disjointed and fragmented conversation with no clear topic or decisions made. It contains a mix of technical terms, personal anecdotes, and random phrases, making it difficult to extract a coherent summary of the meeting's content or outcomes.

Cloud Security Office Hours Discussion

The meeting began with Shawn welcoming participants to the Friday Cloud Security Office Hours, emphasizing its open and inclusive nature for discussing cloud security and related topics. New participants, including jlewi from the Philippines and Latoya from Michigan, introduced themselves and shared their backgrounds and interests in cloud security. Shawn encouraged networking and highlighted the session's value for career growth through mentorship and conversation. The discussion touched on various topics, including IPv6 regex patterns, agentic AI security, and a blog article co-written by Jay, with Neil mentioning an academic paper on securing agentic AI systems.

Threat Modeling for Security Fundamentals

The group discussed the importance of threat modeling in security, with Neil emphasizing that it should be a fundamental approach rather than starting with solutions. Jay shared his experience implementing threat modeling at SAP, highlighting its role in identifying potential security issues in design rather than just code. The discussion touched on practical aspects of threat modeling, including considering the attacker's return on investment and realistic threat scenarios rather than theoretical ones.

AI Security Framework Development Discussion

The team discussed the challenges and opportunities in developing frameworks for AI security, with Milos proposing the use of ontologies, graph lookups, and guard layers to control AI access and actions. Jay noted that while the field is still nascent, there is a need for standardization, and suggested looking at OWASP resources for guidance. The group agreed that open-sourcing any developed solutions would be beneficial, though the commercial potential of such technology was also acknowledged. Yashesh raised concerns about maintaining up-to-date architecture diagrams, and Jay suggested using automated tools like Terraform to generate accurate visual representations of infrastructure.

Python Study Group Initiative

D announced plans to organize a Python study group for the community, aiming to create collaborative projects and inviting members to join. Shawn highlighted the large email list and website engagement, suggesting potential for broader participation. Thomas offered support to coordinate the study group, while Tim expressed interest in running a CTF event. The group discussed the benefits of Wiz's resources and the diverse interests of its members, with several expressing enthusiasm for the initiatives.

Cloud Security Tools Evaluation Discussion

The team discussed cloud security tools and vulnerability management, with Neil sharing his experience about the tradeoffs between free open source tools like Trivia and paid solutions like Wiz or Orca. Neil explained that while free tools work well for small scale operations, paid solutions offer better central management, monitoring, and policy application as organizations grow. The group also discussed container image scanning practices, with Matthew emphasizing that automation should be mandatory for vulnerability scanning whenever new images are created. Jay highlighted the value of domain knowledge provided by companies like Wiz and Orca, noting that their products evolve rapidly with research teams constantly improving capabilities.

npm Supply Chain Attack Discussion

The group discussed a recent npm package compromise where attackers inserted cryptocurrency mining code, with Neil explaining it was a supply chain attack that targeted a node developer's packages. Jay noted that while this attack was discovered quickly and had limited impact, future attacks could be more severe if they target sensitive data instead of cryptocurrency. Dane highlighted technical challenges in fixing the compromise, including issues with version rollback and tooling support, while Shawn emphasized the broader implications of how easily malicious code can be inserted into important software components.

Next steps

- D: Share the interest form after the announcements and on LinkedIn - D: Gauge participants' interests through the sign-up form to determine which roadmap to follow - D: Organize the Saturday session at the same time using the CSOH Zoom - D: Follow up with people via email after they fill out the interest form - D: Finalize plans for starting in October to allow time for mail distribution - Shawn: Help send information to the 2,000 people on the mailing list for the October start - D and Thomas Braddy: Organize and launch the weekly Python group in October - Interested participants: Fill out the Python group interest form shared by D and Thomas Braddy - Ed: Share the senior cloud security engineer job posting in the chat - Ed: Reach out to Shawn on LinkedIn regarding potential candidates for the job opening

Event Planning and Platform Discussion

Shawn and D discussed plans for an upcoming event, considering using the CSOH Zoom room and sending out an interest form to gauge participation. They decided to start promoting it in October, allowing time to reach the mailing list of 2,000 people. The conversation touched on the challenges of using different video conferencing platforms, with Shawn expressing frustration over the constant changes and security concerns from clients. The conversation ended with Shawn welcoming attendees and noting the quiet atmosphere, while Alex Cohen and Matthew commented on having made it through the week.

Cloud Security Office Hours Update

Shawn welcomed new members to Cloud Security Office Hours and announced upcoming activities, including a new Python group led by Danae and Thomas Braddy, which will focus on portfolio-building projects. Ed shared that his company is hiring for a senior cloud security engineer position. Kimberly announced her new business endeavor offering technical storytelling workshops and keynotes. The group discussed the importance of networking and mentorship within the community.

Malware Incident and Recovery Strategies

The team discussed a malware incident affecting over 800 NPM packages, which has been dubbed "Shai Hulud." Jay shared a seminal paper on Agentic AI design patterns, which Shawn and Kimberly expressed interest in reading. Alex inquired about recovering from catastrophic mistakes, and Shawn and Neil shared their experiences with data and infrastructure loss, emphasizing the importance of backups, documentation, and lessons learned. Matthew suggested using infrastructure as code tools to easily recover from infrastructure loss.

Incident Response and Crisis Management

The group discussed incident response and crisis management, sharing personal experiences and insights. Shawn emphasized the importance of remaining calm and focused during a crisis, while Kimberly explained the role of the prefrontal cortex in managing stress and making decisions. Neil shared his experience with incident response teams, highlighting the value of having dedicated communicators to handle stakeholder interactions. The discussion also touched on the importance of preparation, including running table-top exercises and having clear plans in place for various scenarios.

Tabletop Exercises and Team Dynamics

The group discussed the value of tabletop exercises for crisis preparedness, with Alex emphasizing how they help identify documentation gaps and improve response protocols. Shawn highlighted the importance of introducing random elements during tabletops to simulate real-world chaos, while Kimberly suggested pairing tabletops with personality assessments like the Enneagram to better understand stress responses and team dynamics. Michael shared his experience using personality tools in team settings, noting their effectiveness when combined with emotional awareness training. The conversation concluded with participants sharing their personality types and discussing the potential benefits of incorporating such assessments into professional settings.

Personality Assessment Tools Discussion

The group discussed the scientific validity of personality assessment tools like the Enneagram, with Michael explaining that while some tools may not have rigorous scientific backing, they can still be useful if they help people understand themselves and others better. Kimberly shared her experience using such tools in a medical context, highlighting the balance between evidence-based medicine and practical, low-risk interventions for her autistic son. The discussion concluded with Neil noting that while some people may naturally remain calm in stressful situations, this can sometimes be perceived as coldness by others.

Stress Management in Team Dynamics

The group discussed the importance of stress management and its role in various professional settings, emphasizing how different personality types and approaches can contribute to team dynamics. Neil highlighted the value of integrating diverse perspectives in teams to foster growth and innovation, while Kimberly and Michael shared insights on the nuances of personality compatibility and the challenges of managing friction in relationships and workplaces. The conversation also touched on the benefits of intentional training and the role of trust in professional and personal interactions.

Next steps

- Dave: Continue working with the newly hired project manager on completing the business plan. - Kyle: Continue developing the Mindset Dojo website to attract non-technical contributors. - Kyle: Share the link to the Mindset Dojo website in the chat. - Alex: Follow up with the team regarding the terminology differences between "enumerate" and "interrogate" in the Wiz context.

Themes of Personal Growth and Change

Shawn Nunley shared a series of audio clips featuring abstract and poetic lyrics, discussing themes of personal growth, self-reflection, and the desire for change. He explored ideas of breaking free from past habits, embracing new experiences, and finding a sense of belonging. The discussion included references to specific locations and scenarios, such as heading west and engaging in adventures, as well as reflections on relationships and personal challenges.

Audio Content Sharing Session

Shawn Nunley shared a series of audio clips and screen-sharing content, but the transcript does not contain any substantive discussion, decisions, or action items. The content appears to be a mix of music lyrics and sound effects, but no clear meeting topics or outcomes are evident.

Business Updates and Personal Check-ins

The group discussed various personal and professional updates. Dave shared his struggles with writing a business plan and mentioned hiring a project manager to help him stay focused. Kyle talked about adding a new page to the Mindset Dojo website to attract non-technical contributors and mentioned implementing an HTML proofer as a quality gate. The conversation then shifted to a more informal "therapy" session, where participants shared personal anecdotes and checked in with each other.

API Enumerating vs Interrogating Discussion

The group discussed the difference between enumerating and interrogating APIs, with Neil suggesting that enumerating is listing out API components while interrogating involves probing and investigating further. They agreed that the terms are often used interchangeably, especially in the context of cloud service providers. Jay proposed the term "discovery" as a more positive alternative, emphasizing the exploratory nature of the process. The discussion also touched on the multi-step process of first enumerating to identify what to interrogate, and then building relationships between different components.

Ransomware Impact and Response Strategies

The meeting focused on recent cybersecurity incidents, particularly the ransomware attack on Jaguar that has severely impacted their production lines and supply chain, with Jay noting it could require a UK government bailout. The discussion also covered the MGM hack, where a 15-year-old and his group caused $100-200 million in damages, and the team explored how organizations handle security incidents, with Neil and Jay explaining that larger companies have established processes and calm response teams while smaller organizations often struggle with panic and unpreparedness.

Mid-Sized Business Cybersecurity Services

The group discussed cybersecurity services for mid-sized businesses, with Neil and others noting that while Mandiant and similar high-end services are expensive, there's significant scope for incident support and managed SOC services that can provide expertise and tools that smaller organizations couldn't afford on their own. The discussion highlighted that security needs vary widely based on business context and risk profile, with service providers requiring more sophisticated security measures than traditional businesses. The conversation also touched on how many mid-sized companies only establish security functions after experiencing an incident, and Kimberly shared insights about the differences between MSPs and MSSPs, noting that many MSPs often lack deep security expertise but can benefit from specialized security tools and training.

Security Communication Strategies for Executives

The group discussed strategies for introducing new ideas and security concepts to organizations, emphasizing the importance of storytelling and understanding business outcomes rather than using fear-based approaches. They shared various techniques, including asking strategic questions, connecting with risk teams, and framing security discussions in terms of business impact. The conversation highlighted the need for effective communication and building trust with executives, with suggestions to use mentorship opportunities and focus on value-based rather than fear-based messaging.

Career Journeys in Cybersecurity

The conversation ended with participants reflecting on their diverse career paths into cybersecurity, highlighting the importance of communication and adaptability across different professional environments. Jay emphasized the value of understanding business contexts and connecting with non-technical audiences, while J. Louis shared his journey from hacking video games to cybersecurity, expressing interest in transitioning to consulting. The group discussed challenges in cybersecurity, including the difficulty of convincing organizations to prioritize security, and the need for individuals to develop broader skills beyond technical expertise.

Security Roles and Resource Challenges

The group discussed challenges in security and technical roles, particularly for smaller organizations and non-profits. jlewi shared their experience leaving a position where they had taken on too much responsibility, realizing they needed to balance their desire to implement security measures with the organization's limited resources and understanding. Matt and Jay offered insights about security cultures in different environments and the importance of not doing all the work oneself, as it creates unsustainable situations when the person leaves.

Career Challenges and Note-Taking Strategies

The group discussed jlewi's career challenges and learning approach. jlewi expressed frustration about being unable to secure employment despite extensive job applications, and explained that AWS security certification and a bachelor's degree are currently helping him get past HR screens. The discussion explored different note-taking methods, with Matt and Neil suggesting that jlewi connect with Dave Gargan about using OneNote effectively, while Jay shared his experience of taking high-level notes that help him remember key concepts. The conversation ended with Jay announcing he would miss the following week's meeting due to travel to Copenhagen.

Next steps

- Dee to bring business cards with LinkedIn QR code and contact information to B-Sides NYC conference. - Dee to consider bringing stickers or other token items to exchange at the conference. - Kyle to determine his acceptable risk threshold and salary increase requirements for making a job change. - Brian to schedule a conversation with the Chief Digital Officer to discuss growth opportunities within the larger company. - All attendees to join next week's session featuring Andrea from CyberJujutsu discussing women in technology. - All attendees to spread the word about next week's Cloud Security Office Hours session. - All attendees interested in supporting MSISAC to consider joining and providing budget support.

Cloud Security Office Hours Discussion

The meeting began with Shawn Nunley sharing audio clips and engaging in casual conversation with participants about music, time zones, and beer preferences. Shawn then introduced Cloud Security Office Hours, encouraging new attendees to introduce themselves and share their locations and how they found the meeting. The session was described as a therapeutic and open forum for discussion, with Shawn inviting participants to share news and engage in conversation.

Job Hunting and Tech Career Strategies

The group discussed job searching strategies, particularly for security conferences. They advised Denise to bring business cards with LinkedIn links rather than resumes, and suggested using QR codes on cards. Tyler emphasized the importance of persistence in job hunting, noting that AI-generated resumes are now common. The group also discussed learning Kubernetes, with Alex Todorovich asking for recommendations on home lab projects. They suggested using AWS EKS blueprints and running practical projects like CI pipelines. The conversation concluded with Shawn and Matt discussing the current difficult job market and the emotional impact it can have on job seekers.

Tech Hiring Trends for Fresh Graduates

Tyler shared insights about job opportunities at major tech companies like Amazon, Microsoft, and IBM, noting a shift in hiring strategies to focus on early-career candidates. They emphasized that these companies are now more open to hiring fresh graduates and less experienced professionals, offering better opportunities for entry-level positions. Tyler advised job seekers to apply confidently, highlighting the importance of a strong LinkedIn profile and not being deterred by the intensity of interviews. They also clarified that while certifications can help in the initial screening, they are not always required for roles at companies like AWS, where relevant skills and potential can be developed on the job.

Security Conference Networking Tips

Stryker shared tips for navigating security conferences, emphasizing the importance of networking, asking questions, and being cautious with alcohol. She advised attendees to engage with speakers, use stickers as conversation starters, and avoid leaving drinks unattended. Stryker also highlighted the need for volunteers to stay hydrated and comfortable, suggesting they pack protein bars and jelly shoe inserts. Neil and Alex reinforced the importance of setting personal limits with alcohol and being clear about one's intentions at networking events.

Navigating Job Market Uncertainty

The group discussed job market challenges, with Kyle sharing his concerns about "job hugging" due to current market conditions and uncertainty. Matt advised Kyle to calculate acceptable risk thresholds for potential job changes, while Neil and others shared personal experiences about career transitions, with Neil noting that leaving Microsoft led to better salary growth outside the company. The conversation ended with Brian seeking advice about approaching his chief digital officer about potential opportunities within their larger company, with Neil suggesting to frame the conversation around growth potential rather than dissatisfaction.

Next steps

- Andrea to share her LinkedIn profile with the group for those who want to connect. - Kimberly to post a video on LinkedIn about privilege exercise and tag CSOH. - A. to create songs in Appalachian, Classical, and Progressive Metal genres. - A. to create a song about pig butchering scams. - Neil to continue mentorship efforts as discussed during the conversation about supporting women in cybersecurity.

Shawn Nunley Performance Recording

The meeting transcript appears to be a recording of Shawn Nunley performing or singing, with no clear discussion or decisions made. There is no actionable content or decisions to summarize.

Cybersecurity Career Journey Discussion

The meeting began with a casual discussion about music and song genres, which included humorous exchanges about Appalachian and progressive metal music. The conversation then shifted to the topic of polymorphic malware, with Neil introducing Andrea Pullman, who is now working with a nonprofit called Cyberjutsu after taking a break from corporate cybersecurity roles. Andrea shared her background in incident response at Microsoft and her current work in cybersecurity education for women. The conversation ended with Neil preparing to conduct a fireside chat with Andrea about her journey and experiences in cybersecurity.

Air Force to Cybersecurity Journey

Andreae shared her career journey, starting with joining the Air Force after high school and later transitioning to IT through various educational and professional paths. She discussed her experiences in the military, obtaining certifications, and pursuing higher education, including a master's degree in business administration with a focus on information systems. Her decision to enter cybersecurity was motivated by the need to fund her education through a scholarship program that required government service after graduation.

Advancing Gender Diversity in Cybersecurity

Neil and Andreae discussed the progress and challenges in gender diversity in cybersecurity, noting that while there has been some improvement, significant gaps remain. Andreae explained the mission of Cyberjutsu, which aims to support minority groups, including women, in the field by providing a safe space for learning and mentorship. She highlighted the importance of certifications and shared her experience of failing and eventually passing the CISSP exam. Andreae also described the organization's initiatives, such as the CISSP study group and the Small Tribes peer-to-peer mentorship program, which kicks off on the 14th of the month. Neil expressed interest in how these programs could be scaled and extended to the cloud security space, aligning with Shawn's goals for mentoring in that area.

Supporting Diversity in Tech Spaces

The group discussed challenges around creating and maintaining safe spaces for minority groups in technology, with a focus on how non-minority members can participate respectfully. Andreae shared her experience with Cyberjutsu, a women's cybersecurity organization, and acknowledged the ongoing debate about whether to retain the "Women's Society" identifier due to evolving DEI considerations. The discussion explored how men can support diversity initiatives, with Neil and others suggesting mentorship as a key approach, while Kimberly highlighted the importance of avoiding assumptions about women's behavior in technical roles.

Navigating Workplace Gender Dynamics

The group discussed workplace dynamics and gender politics, with Neil sharing his experience of being told to stop standing up for a female colleague who was being mistreated, and how he regretted not knowing how to respond at the time. Andreae and Kimberly discussed strategies for handling office politics, including authenticity, neutrality, and understanding personality types, while Michael explored how to navigate social dynamics in the workplace. The conversation concluded with Kimberly sharing her experience of dealing with aggressive behavior in the workplace and how she managed to lead a team despite cultural differences.

Understanding Privilege and Diversity

The group discussed privilege and diversity, with Andreae sharing her experience of initially dismissing privilege due to her military background and financial struggles, while Shawn reflected on how privilege manifests in various forms. The conversation included personal anecdotes about cultural differences, particularly regarding Israeli workplace dynamics, and Kimberly shared a story about helping a colleague recognize their own positive contributions. The discussion concluded with Dee sharing a childhood exercise called "Step in the Circle" which helped illustrate different forms of privilege through physical positioning in a circle.

Next steps

- Kyle to connect with Danae regarding the Python Cloud Security Office Hours study group. - Thomas to continue work on implementing Purview features to detect secrets in Copilot prompts. - Kimberly to explore the possibility of creating a vendor-agnostic incident response reporting framework.

Cryptocurrency and Security Discussion

Shawn and Kyle had a brief conversation, with Shawn mentioning he was busy trying to complete something before their call. Shawn also shared some screen-sharing content that included discussions about cryptocurrency, data exfiltration, and encryption, but the conversation was fragmented and unclear.

Cloud Security Tools and Challenges

The meeting began with introductions, including a new participant, Jason Minyard, who is transitioning to a role as a Staff Site Reliability Engineer at Wiz. The group discussed the benefits of cloud security tools, with Reggie sharing his experience of how Wiz has significantly reduced incident response times by providing better visibility into cloud environments. The conversation then shifted to the current challenges in cloud security, with Tyler highlighting their importance of securing AI agents and Neil emphasizing the need to focus on basic security practices before addressing more complex issues. The conversation ended with a discussion about learning Python for cloud security, with suggestions for online courses.

Security Reporting Challenges and Solutions

The group discussed challenges in objective security reporting and risk assessment. Jay shared insights from SAP Insider in Copenhagen about business leaders' increased interest in security, but noted difficulties in communicating effectively with them. The discussion highlighted how different security reports from vendors like Mandiant, CrowdStrike, and Microsoft often present conflicting top threats due to their self-selected data samples. The conversation concluded with Kimberly suggesting the creation of vendor-agnostic, open-source incident response reporting, though Jay and others noted the challenges of cross-company information sharing due to NDAs and competitive concerns.

Security Incident Response Challenges

The group discussed the challenges of handling security incidents, particularly the tension between acting quickly and thoroughly. Neil shared his experience with tight information restrictions during Microsoft's security response, while Jay highlighted the difficulty of keeping sensitive information contained. The conversation touched on the F5 security incident, with Tyler noting that F5 brought in multiple security vendors for investigation, though they criticized F5's disclosure for burying the lead about customer configuration data being accessed. The discussion also covered the importance of timely disclosure and the balance between protecting customer data and enabling early detection of potential threats.

Security Practices and Information Protection

The group discussed security practices, including the challenges of protecting sensitive information and the importance of proper document sharing protocols. Thomas explained Microsoft's use of Purview and DLP to detect and block sensitive information from being shared in prompts, while Tyler highlighted the risks of human interaction with device secrets and the need for automated, non-human identities. The conversation also touched on regulatory requirements for securing devices and the challenges of maintaining secure workflows. The conversation ended with Shawn encouraging participants to spread the word about the group and reach the 2,000 member milestone.

Next steps

- Michael: Reach out to Neil on LinkedIn to network with people from Aikido Security - Moe: Get time with Wiz customer success manager to evaluate current state and identify gaps in Kubernetes security program - D: Conduct Python class on Saturdays at 10am to 11:30am - D: Organize fireside chat next month with sysadmin and network folks for Critical Infrastructure Security Resilience Month - Shawn: Schedule David Bradford as guest speaker for upcoming Friday session on networking topic and send email announcement to group

Cyber Threats and Security Awareness

The transcript appears to be a monologue or recording of someone speaking in a criminal context, discussing hacking, ransomware, and other cyber activities. The speaker talks about exploiting systems, using fake secure drives, and manipulating PowerShell commands. They also discuss various technical terms related to hacking and cyber security. The conversation includes some Chinese phrases and mentions of Hong Kong. The speaker appears to be warning or educating someone about potential cyber threats and the importance of staying vigilant.

Cloud Security Office Hours Launch

The meeting began with a casual discussion about Cybersecurity Awareness Month and the upcoming Critical Infrastructure Security Resilience Month. Dee mentioned organizing a Python group meeting with 76 participants, while Shawn and others discussed travel experiences and the challenges of attending events. The conversation ended with an introduction to Cloud Security Office Hours, welcoming new participants and encouraging them to share their backgrounds and cloud journey experiences.

Cloud Security Networking and Opportunities

The meeting served as an introduction and networking session for new members of the Cloud Security Office Hours group. Moe joined to seek insights on building a Kubernetes and container security program from scratch, while Barry and Shraddha expressed interest in transitioning into cloud security engineering. Shawn emphasized the importance of networking within the group, encouraging members to utilize LinkedIn and other resources to connect and share opportunities. Neil highlighted the value of leveraging personal networks to assist others in finding new job opportunities, sharing a personal example of facilitating a connection between a friend and a potential employer.

Strategic Networking and Connection Building

The meeting focused on the importance of networking, with Shawn introducing David Bradford, a renowned networking expert, who will be a guest speaker in the coming weeks. Participants discussed the value of building and maintaining a high-quality network, emphasizing the importance of giving as much as receiving. They also highlighted the role of curation in networking, suggesting that it's essential to connect with people who add value, rather than accepting every connection request. The discussion touched on the use of LinkedIn for networking, with some participants sharing their strategies for evaluating connection requests.

Professional Networking and Security Insights

The group discussed networking and professional development, with several members expressing concerns about LinkedIn's effectiveness and the quality of connections made there. Chris shared his preference for in-person events and organic conversations over LinkedIn's transactional approach, while Alhaji emphasized the importance of being uncomfortable and stepping out of one's shell to build professional relationships. The discussion concluded with Neil sharing insights from a CISO event about supply chain security, noting that many security leaders seem to prioritize fourth-party risk over more immediate security concerns like open source software vulnerabilities.

Kubernetes Security Program Development

The meeting focused on Kubernetes security programs, with Moe seeking guidance on building such a program for their enterprise, which manages hundreds of clusters across AWS and Azure. The discussion covered key aspects including budget considerations, cultural factors, architectural decisions, and the importance of combining different types of telemetry logs for security monitoring. Neil emphasized that security should be implemented across the entire lifecycle of Kubernetes, from development through runtime, and suggested that organizations don't need to implement everything perfectly from the start but can incrementally improve security over time. The group also discussed log retention policies, with Neil recommending keeping logs for twice the average dwell time of an attacker, while Jay noted that compliance requirements often dictate longer retention periods.

Next steps

- Jay: Work with Shawn on alternative quote for coin - Shawn: Send Jay's coin once quote is finalized

Patrick's Halloween Costume Discussion

The meeting began with a discussion about Patrick Burke's Halloween costume, which he created using items from home and involved growing his hair out. The group discussed the costume and Patrick's plans to use it for a costume contest. They also briefly touched on Taylor Swift's new album and the current popularity of Travis and Taylor. The conversation then shifted to Shawn and Michael having similar backgrounds on their screens, which led to a lighthearted discussion about Patrick potentially wearing his costume to throw off deepfakes.

Cloud Security Office Hours Introduction

The meeting focused on introductions and updates from the Cloud Security Office Hours community. Shawn Nunley, the organizer, welcomed new and existing members, highlighting the group's mission to build networks and share knowledge in cloud security. Several community leaders, including Neil Carpenter, Don McQueen, and David Gargan, shared their backgrounds and experiences with the group. The meeting also touched on upcoming events, such as Dee's Python class starting the next day, and discussed the importance of networking within the community. No specific action items or decisions were made, but the overall tone was positive and focused on fostering connections among attendees.

Enhancing Vulnerability Management Practices

Neil discussed the complexities and challenges surrounding vulnerability management, focusing on the National Vulnerability Database (NVD) and its role in tracking and enriching Common Vulnerability and Exposures (CVEs). He explained the process of assessing vulnerabilities, including the use of CVSS scores, CWEs, and CPEs, and highlighted issues with NVD's enrichment and communication. Neil also shared a case study involving a door lock controller vulnerability, demonstrating how to interpret and contextualize CVE information. The group discussed potential solutions for improving the vulnerability management ecosystem, including the involvement of the CVE Foundation and industry contributions.

Next steps

- Shawn: Fix the mailing list issue caused by DNS sec problems from Cloudflare server change this week - Shawn: Post a step-by-step guide for creating the coins - Group discussion : Discuss how to fund open source projects while maintaining community aspects and preventing corporate takeover

Cloud Security Collaboration Introduction

The meeting began with introductions, welcoming new participants including Leskip, a Chief Security Advisor for Microsoft, and Rob Allen, the Vice President of Technology Delivery at IAM Cloud. Leskip shared her background in security and her collaboration with Neil, while Rob Allen explained his company's focus on cloud storage solutions. The group discussed the importance of cloud journey and security, with Leskip emphasizing proactive approaches to cybersecurity. The conversation ended with a brief mention of LinkedIn profiles for some participants.

AI Malware Detection and Coins

The group discussed the Google Mandiant report on AI malware, which found that most AI-assisted malware was detectable by existing security technologies and did not represent a significant threat. Shawn mentioned that their mailing list had been affected by a Cloudflare server change, potentially removing some subscribers temporarily. The conversation also covered Shawn's creation of custom challenge coins, with a discussion about etching techniques and potential future enamel designs.

AI in Cybersecurity: Challenges and Defenses

The group discussed AI's role in cybersecurity, with Neil sharing his experience about malware authors often neglecting code quality, which can be an advantage for defenders. They debated whether new malware classes require new defenses, with some questioning if current security products can handle these threats despite their "shiny new color." The conversation also touched on a recent report about threat actors using AI tools and the potential implications for security.

AI Security Challenges Debate

The group discussed AI security challenges, with Shawn proposing the need for new defense mechanisms to monitor and protect against AI-generated threats, while Neil expressed skepticism about the need for entirely new security tools, suggesting that existing controls would likely suffice against AI-generated phishing and malware. The conversation touched on the potential for researchers to inadvertently create new security threats through their work, and Matt raised questions about how much research-driven proof of concepts actually end up in real threat actor toolboxes.

AI Security Challenges and Opportunities

The group discussed the use of AI in security, with Neil emphasizing that his company focuses on secure container images rather than AI. Brad shared his experience using AI tools like ChatGPT for problem-solving and code review, while acknowledging its tendency to hallucinate. The conversation touched on the potential of AI to assist less experienced analysts in understanding threats, though concerns were raised about AI hallucinations and the need for human oversight. Paul suggested narrowing the scope of AI data to reduce hallucinations, and Thomas proposed chaining multiple AI models for more accurate results. Kyle expressed concerns about AI potentially replacing threat analysts and the challenges of oversight and trust in AI-generated security reports.

AI Hype and Ethical Concerns

The group discussed the overhyping and overpromising of AI technologies, with Matt and Neil expressing skepticism about the current AI hype cycle and its potential negative impacts. D shared personal experiences with using AI as an assistive technology, highlighting its benefits for people with disabilities. The conversation touched on the need for regulation and for disabled voices to be included in larger AI discussions. Participants agreed that while AI has potential benefits, there is a danger in overselling its capabilities and the environmental and financial costs associated with current AI development.

AI, Open Source, and Regulation

The group discussed AI and open source software, with Mario explaining his work on AI agents and the importance of building knowledge bases for deterministic outcomes. Juninho shared updates on AI regulation, including a recent incident where Google had to pull an AI model after a senator's intervention. The group debated the FFmpeg security vulnerability disclosure issue, with Matt and Neil expressing different views on the responsibilities of corporations and open source maintainers. The conversation ended with a discussion on funding open source software, with concerns raised about how to maintain community contributions while ensuring adequate resources for maintenance.

Next steps

- Stryker: Donate $5 to charity for mentioning AI - Michael and Kyle Ingersoll: Present "Baby's first GitHub lesson" session - Neil: Find and share the book link about how open source actually runs - Michael: Connect with Stryker to discuss GitHub questions and key aspects for the presentation - Shawn: Schedule the GitHub presentation with Michael and Kyle on the calendar

Informal Music Sharing Session

Shawn joined the meeting without video, noting it was an interesting experience. He greeted the participants and mentioned the slow attendance, with only 11 people present. The meeting began with casual conversation and music sharing, with Shawn playing various tracks and making comments about them. The discussion was informal, focusing on music and general chat, with no significant decisions or action items taken.

Open Source Security Funding Challenges

The meeting began with a discussion about avatars and virtual meeting filters, followed by Shawn introducing a new rule that anyone mentioning AI would have to donate to charity, though this was later revealed to be a joke. The main discussion centered on open source security, where Alhaji raised concerns about recent updates to the OWASP Top 10, including supply chain vulnerabilities and misconfigurations, while Neil clarified that MITRE is a non-profit organization funded by the U.S. government. The group discussed challenges around funding and supporting open source cloud security projects, with questions raised about how to make these projects more secure without making them overly burdensome for developers.

Open Source Contribution Strategies

The group discussed open source contributions and GitHub usage, with Neil emphasizing the importance of advocating for and contributing back to open source projects, whether through code, documentation, or financial support. Michael shared his experience contributing to Innersource Commons Foundation and offered to help others get started with GitHub, leading to a plan for him and Kyle to present a "Baby's first GitHub lesson" session. The discussion also covered the potential risks of malicious actors in open source projects and the value of finding passion-driven projects to contribute to.

Open Source Security Challenges

The meeting began with a discussion about GitHub forking, where Alhaji explained that forking a repository involves copying it to a local device to make changes without affecting the original. Neil raised concerns about supply chain issues in open source, particularly the risk of malicious NPM modules, and highlighted the ongoing challenges in addressing these problems since the SolarWinds incident in 2020. The group discussed potential solutions, including minimal containers and open source package manager firewalls, while Brian suggested Linux Weekly News as a resource for contributing to open source projects and managing security risks.

Open Source Security Strategies

The group discussed challenges and potential solutions for securing open-source software, with Kimberly suggesting a "walled garden" approach similar to mobile app stores, though Shawn noted this would be difficult to scale. Ryan shared that large companies sometimes fork open-source projects to maintain control and patch vulnerabilities quickly, while Juninho highlighted Google's approach of forking and hosting internal versions of packages to ensure security and compliance with their own standards. The discussion concluded that while forking is a viable strategy for large organizations, it may not be scalable for smaller companies, who might need to rely on tools like Artifactory, Google's Assured OSS, or ChainGuard for security measures.

Security and Development Team Collaboration

The meeting focused on the challenges and dynamics between security and development teams, particularly in organizations. Participants discussed how silos often arise due to differing priorities, mandates, and communication styles between security professionals and developers. They explored ways to break down these silos, including better collaboration, understanding different incentives, and using tools like psychological profiles to improve team dynamics. The discussion also touched on the importance of integrating security earlier in the development process and the need for leadership to support these efforts.

Next steps

- Michael: send out the link for the GitHub Level-up session for people to add comments - Michael: schedule GitHub session for either November 28th or December 12th - Neil: schedule James Frasotti to join for a session - Kyle: check calendar availability for November 28th or December 12th for GitHub session

Religion Building and Hacking Discussion

The meeting primarily involved a discussion about building a religion, with Shawn Nunley sharing a screen that included various images and text. Madeline introduced herself as a first-time attendee. Kyle shared his LinkedIn profile. The conversation included references to hacking sessions and late-night activities, with Shawn noting that every hacking session occurs late at night somewhere in the world. The conversation ended with confirmations and thank-yous.

GitHub Walkthrough and Cloud Security

The meeting began with a discussion about time zones and attendance, noting that some participants were in American time zones while others were not. Michael and Kyle presented a one-pager for a potential GitHub walkthrough session, which Shawn approved, suggesting it be scheduled for a Friday. Neil discussed the possibility of James Frasotti joining the group for a session, emphasizing his experience and insights in cloud security. The meeting also included welcoming new participants, including Mugilan from India, who expressed interest in becoming a cloud security professional. The group discussed various resources and networking opportunities available to members.

Leadership Transition Strategies Discussed

Ed shared his experience transitioning from a senior analyst/senior manager role to managing multiple senior analysts, noting his initial mistake of maintaining tight control and not leveraging his team's expertise. The discussion explored strategies for successful leadership transitions, with Dave suggesting focusing on strategic vision while allowing tactical flexibility, and Kimberly recommending leading with curiosity and maintaining principles while being open to different approaches. Neil shared his personal journey of moving from an aggressive management style learned at Microsoft to a more open and supportive approach, emphasizing the importance of listening and providing respectful feedback.

Cloud Security and Cultural Leadership

The meeting focused on the importance of people and culture in cloud security, with Alex and others emphasizing that human factors often play a critical role in security issues. Mugilan shared his learning path in cloud security, which includes studying Linux, Python, and security labs. The group discussed the challenges of transitioning from doing a job to leading others, with Ed and Chris highlighting the importance of building trust and maintaining open communication with team members. The conversation also touched on the potential impact of neurodiversity in the cybersecurity field, with A. Stryker suggesting that many cybersecurity professionals may have ADHD or autism.

Neurodiversity in IT Careers

The group discussed neurodiversity in IT and cybersecurity, with several members sharing their personal experiences with ADHD, autism, and other neurodivergent conditions. Tyler emphasized that neurodivergent individuals have valuable skills and can succeed in IT careers, even if they struggle with traditional workplace social skills. The discussion highlighted how many neurodivergent traits, such as pattern recognition and hyperfocus, can be advantages in technical fields, and Tyler encouraged early-career professionals to embrace their unique abilities while seeking environments that accommodate their needs.

Tech Career Growth Insights

The group discussed career paths in tech, with Tyler sharing their experience transitioning from individual contributor to manager and back again, emphasizing that technical growth doesn't always require management roles. Neil highlighted the importance of asking about career progression when interviewing at larger organizations, while Alhaji shared a personal experience about referring a candidate who prioritized salary over technical skills, leading to a discussion about how to approach career development while maintaining integrity.

Job Referral Best Practices

The group discussed the challenges and boundaries of providing job referrals, emphasizing the importance of knowing the person well before making a referral. They shared personal experiences and advice, highlighting the need for due diligence and maintaining professional boundaries. The conversation also touched on the difference between referrals and references, as well as the value of networking and offering guidance to job seekers.

Next steps

Next steps were not generated due to insufficient transcript.

Informal Audio and Chat Discussion

The meeting transcript appears to be a mix of audio and chat messages, primarily featuring Shawn Nunley and Neil. The audio contains a variety of phrases and music-related lyrics, while the chat messages include greetings and brief exchanges. The conversation seems informal and lacks clear decisions, action items, or substantial content. Without more context or a clearer discussion topic, it's difficult to provide a meaningful summary of the meeting's content or outcomes.

Thanksgiving Reflection and Planning

The team discussed their Thanksgiving experiences, with Shawn sharing details about cooking for 20 people and creating various dishes including smoked duck and fried rice. The group noted that despite initially considering skipping holiday weeks due to COVID, attendance has remained consistent. They confirmed a meeting scheduled for December 12th with Michael, Kyle, and Shawn. Neil mentioned that a previously suggested topic for discussion didn't have a representative present, though the specific person responsible wasn't clear.

Senior Cybersecurity Awareness Discussion

The group discussed cybersecurity challenges faced by seniors, with Dave sharing a story about his mother nearly adding a scammer's number after receiving a WhatsApp notification. Kimberly suggested using WhatsApp to manage family communication threads and recommended private Facebook settings and Google Photos sharing for protecting grandchildren's photos. Neil and Shawn shared anecdotes about early internet training for seniors and an incident at Exodus where a White House search accidentally displayed explicit content on a large screen. The discussion concluded with Shawn mentioning he helps manage a firewall for his in-laws' home network.

Firewalla: Hardware-Based Network Security

Shawn discussed his experience with Firewalla, a hardware-based firewall that offers wireless AP capabilities and allows for micro-segmentation of networks without subscription fees. He explained how the device uses 802.11VQ for wireless communication and can be configured to control DNS traffic through unbound, preventing service providers from controlling DNS queries. The group discussed various DNS filtering options, with Neil and Kimberly mentioning NextDNS and 1.1.1.1 as alternative solutions for DNS filtering.

UniFi and Network Security Insights

Dave shared his positive experience with UniFi, highlighting its user-friendly interface and cost-effectiveness for managing networks and client access. Neil discussed the limitations of webcam covers, emphasizing the importance of data security over visual surveillance, and shared a personal anecdote about a false alarm with a webcam. The group also discussed troubleshooting steps for compromised computers, with Neil recommending the use of msconfig for Windows systems to manage startup processes and disable non-essential programs.

Windows Security and Malware Analysis

Neil discussed his approach to troubleshooting compromised Windows machines, emphasizing the use of Sysinternals' AutoRuns to identify malware persistence mechanisms. The group debated the relative security and ease of use of different operating systems, with Neil expressing a preference for Windows for security reasons despite its higher attack surface. The conversation concluded with Paul inquiring about Linux security practices, but no specific playbook was shared for Linux environments.

Operating System Security Best Practices

The group discussed security practices for different operating systems, with Neil emphasizing the importance of investigating compromises to prevent future incidents rather than simply rebuilding systems. They explored various tools and methods for monitoring Linux systems, including checking running processes, system logs, and network connections. The conversation also touched on comparing different firewall approaches, with Neil and Shawn discussing the benefits of both software firewalls and physical devices for providing layers of security.

Public Wi-Fi Security Myths Debunked

The group discussed public Wi-Fi security, with Neil explaining that modern encryption methods like HTTPS, DNS over HTTPS, and HSTS make public Wi-Fi safe even if it's unsecured, as long as users maintain end-to-end encryption. The discussion touched on VPNs, with Paul recommending Tailscale, though Neil and others noted that for most everyday browsing, VPNs aren't necessary when using modern security protocols. The conversation concluded with personal anecdotes about travel experiences in various countries, including Shawn's story about being locked up in China after his wallet and passport were stolen.

Next steps

- Neil: Post details about the upcoming scheduled speaker/event for next week's meeting.

Prague Travel Plans Discussion

The meeting began with casual conversation about recent vacations and travel plans, with Jay returning from a European trip and Kimberly discussing an upcoming three-week stay in Prague with her family. The group discussed Kimberly's innovative travel plan involving a home exchange that would allow her to work remotely while spending time in Prague, with her manager even offering to set up meetings there. Shawn shared some travel advice about Prague's ribs, noting the city's reputation for pork dishes.

Cloud Security Office Hours Discussion

The Cloud Security Office Hours meeting welcomed new participants, including Nigel from Ireland and Wintana, a recruiter at Wiz based in Sacramento. The group discussed the low attendance at the recent AWS re:Invent conference, with only a few attendees, including Juninho, and noted that re:Inforce will be merged into re:Invent next year. Jay expressed frustration with the relevance of traditional cybersecurity conferences, preferring events like Forward Cloud Tech and KubeCon for more meaningful conversations.

Cybersecurity Conference Trends and Vulnerabilities

The group discussed the changing nature of cybersecurity conferences, particularly RSA, noting a shift where both vendors and buyers are increasingly skipping the event, leading to concerns about its relevance. They also discussed a recent React vulnerability, with Neil explaining that while it had a high CVSS score, the actual risk was limited as few organizations had adopted the affected server components. The conversation concluded with a discussion about CVSS version 4 and the challenges of vulnerability management, with Oscar raising questions about reachability assessment between vendors and customers.

Understanding Static and Dynamic Reachability

The group discussed the concepts of static and dynamic reachability in vulnerability management, with Neil explaining that static reachability involves analyzing code on disk while dynamic reachability focuses on whether vulnerable code is actually executed during runtime. Jay emphasized the importance of considering environmental and temporal factors when interpreting CVSS scores, noting that organizations should focus on their specific context rather than relying solely on base scores. The discussion concluded with Neil highlighting the subjective nature of CVSS scoring and the low adoption of CVSS V4, suggesting that while CVSS is useful, organizations should prioritize their own risk assessment programs over relying on standardized scores.

Career Transition and Networking Strategies

Kimberly discussed her career transition challenges, particularly around being overlooked for roles despite having significant technical and leadership experience. The group advised her to focus on networking and getting referrals rather than applying directly to jobs, with Tyler noting they receive 20,000 resumes monthly for 2,700 positions. Jay suggested Kimberly might be underselling herself and recommended looking at higher-level roles like technical advisor or CISO positions, while Neil and others emphasized that Customer Success Engineer (CSE) roles can be valuable for gaining deep product knowledge and operational experience. The discussion concluded with suggestions about Cisco as a potential employer and Kimberly expressing interest in cloud security and hyperscaler technologies.

Next steps

- Shawn Nunley: try to push something to the repository during the week - Shawn Nunley: work with Michael to add a page to Cloud Security Office Hours website where people can contribute tools and things - Michael: help Shawn create the contribution page for Cloud Security Office Hours website as his contribution for next year - Stryker and Mischa: stick around after the meeting to walk through completing their GitHub contribution together - Michael: stick around after the meeting to help tie up loose ends for anyone who needs assistance

Cloud Security Vendor Collaboration Meeting

The meeting began with introductions, welcoming Cole, who recently joined from KKR and is now in the vendor space, focusing on cloud security. Shawn emphasized the collaborative and inclusive environment of the group, encouraging everyone to participate and network. The session was set to feature a presentation from Michael and Kyle, with Shawn offering to grant co-host privileges to facilitate breakout room control. Participants were reminded to share their LinkedIn profiles for further networking opportunities.

GitHub Open Source Contribution Workshop

The meeting focused on a GitHub level-up session intersecting with Mindset Dojo, aimed at demystifying open source contributions for participants. Michael and Kyle outlined the agenda, which included setting context, engaging participants with GitHub-related questions, and demonstrating a simple contribution flow. They emphasized that the session was voluntary and designed to be accessible for beginners. The session aimed to encourage participation in Cloud Security Office Hours, a community-driven forum, and to explore potential contributions and reflections for the upcoming year.

GitHub Markdown Collaboration Overview

The meeting focused on a collaborative project involving GitHub and Markdown. Michael explained the setup for a community member quote article, using a Jekyll site hosted on GitHub Pages with a Creative Commons license. The team discussed Markdown syntax, clarifying that while it is generally standardized, there can be variations across platforms. Michael encouraged participants to contribute to the project, noting that even those unfamiliar with programming could collaborate using Markdown. The group also briefly discussed GitHub usage, with participants sharing their varying levels of experience with the platform.

Open Source Contribution Basics

The meeting focused on open source contributions and GitHub usage. Michael explained the basics of open source, including forking, licensing, and voluntary contributions. Kyle discussed the four freedoms of free software, invented by Richard Stallman. Participants shared their experience with open source contributions, with some reporting regular activity and others being occasional contributors. The group then walked through a step-by-step process for making a minimal contribution to a shared article about cloud security office hours, including forking the repository, enabling GitHub pages, making modifications, and creating a pull request.

GitHub Management and Collaboration Demo

The meeting focused on demonstrating GitHub repository management and contribution processes. Kyle showed how to fork a repository, set up GitHub Pages, and make contributions, while Michael explained the DevOps concepts involved. The group then discussed breaking into smaller breakout rooms for further collaboration, with Michael providing links to relevant resources including the GitHub signup, Dojo website, and presentation deck.

GitHub and Git Training Session

The meeting focused on a GitHub and Git training session where participants discussed the challenges of collaborative coding and version control. Michael led the session, which included exercises on committing, pushing, and handling YAML formatting issues. Several participants, including Alex and Stryker, shared their experiences with the exercises, with Alex noting they had a "therapy session" instead of a productive working session. The group discussed the history and impact of Git, particularly its role in enabling open source contributions and its creation by Linus Torvalds for Linux development. The session concluded with participants expressing interest in contributing to a Cloud Security Office Hours website and planning to work on adding a page for community contributions.

Next steps

- Matt Currie: Send Shawn his address so Shawn can send him a challenge coin. - Neil: Send out a template to all group members for 2026 predictions to fill out, to be assembled into a slide deck for next week's session. - Kyle and D: Plan and deliver a Python study group presentation/session (likely end of January/beginning of February), including the possibility of creating an open source project for group contribution. - D: Continue evaluating security awareness training vendors/platforms (e.g., Adaptive Security, KnowBe4) for deepfake, vishing, and smishing simulations, with a focus on training corporate users, especially financial staff. - All group members: Consider donating to the group to help with running costs (optional, not a direct assignment). - All group members: Email Shawn any tools or links (e.g., pathfinding.cloud) during the week for potential inclusion on the CSOH website.

Quick Catch-Up on Recent Activities

Shawn and Matt Currie briefly discussed their recent activities, but the conversation was cut short as Shawn had to wait for something.

Team Updates and Future Roles

Matt Currie shared personal updates, including his return to Australia and a recent promotion to staff automation engineer at Live360, with plans to be considered for an AI engineer role in February. Shawn mentioned his upcoming potential role at Google through Wiz and discussed creating challenge coins for team members, including Matt. Shawn also shared positive updates about his health, noting he is cancer-free after surgery. The conversation concluded with Shawn introducing a guest, David Bradford, who is a former General Counsel at Novell and a potential speaker for an upcoming talk.

Building Human Networks in Tech

David Bradford, a former Novell executive, shared his career journey and emphasized the importance of showing up in life, one of his six principles for building a human network. He discussed how he unexpectedly walked into Novell's headquarters in 1985 and was hired as their general counsel, leading to a successful career in the tech industry. The group discussed the topic of networking and career development, with David set to share insights from his book "Up Your Game" on how to enhance professional connections.

Building Connections with Steve Wozniak

David shared his story of meeting Steve Wozniak at a Utah Bar Association conference in Sun Valley, Idaho, which led to Wozniak joining FusionIO's advisory board and eventually becoming their chief scientist. The company was later named America's Most Innovative Company, with Wozniak and Shawn Nunley's efforts contributing significantly to this achievement. The discussion highlighted the importance of showing up, following up, and being curious in building meaningful connections and opportunities.

Entrepreneurship Insights and Future Predictions

David shared his entrepreneurial journey and emphasized the importance of finding the right opportunities, comparing it to finding a perfect skipping stone. He discussed his current projects, including Quicklearn, and advised on building meaningful connections for networking. The group discussed various topics, including the challenges of LinkedIn networking, the future of AI and its potential risks, and the importance of security awareness training. They agreed to have a session next week where members would share their predictions for 2026 in their field.

Next steps

Next steps were not generated due to insufficient transcript.

Unclear Meeting Transcript Summary

The meeting transcript appears to be a mix of audio clips and chat messages, primarily in English and some other languages, but the content is fragmented and lacks clear context or coherent discussion. No specific decisions, alignments, or action items were evident in the provided transcript.

2026 Cloud Security Predictions

The meeting began with casual conversation about the Christmas holiday and recent weather events in California, including a tornado warning in Monterey Bay. Shawn then introduced the main topic of the meeting, which was to discuss predictions for 2026 in cloud security. Participants were encouraged to share their thoughts on future trends in the field, though no specific predictions were made during the transcript provided.

AI Security Threat Predictions

The group discussed two main predictions: Kyle and Kaye predicted that agentic AI attacks would become a significant issue by mid-year, with Kaye estimating a 90% likelihood, while Stryker predicted a major third-party vendor breach within the next 11 months, potentially resulting from an employee's compromised personal security. The discussion touched on the Anthropic report's findings and the criticism surrounding its methodology, with Jay and Stryker noting that while the report's conclusions were questioned, Anthropic had reported attempted intrusions to authorities.

Tech Predictions and Industry Impact

Jay presented a list of 12 predictions, including potential ransomware incidents, AI misalignment, and the rise of Eurotech. He explained that some predictions were more likely than others, and discussed the implications of his predictions on the tech industry. Stryker and Shawn provided feedback and asked clarifying questions about Jay's predictions. The group discussed the potential impact of Eurotech on the global tech landscape and the possibility of a new AI company releasing energy-efficient world models.

Google's Cybersecurity Acquisition Speculation

The group discussed Google's potential acquisition of Palo Alto Networks, with Jay and Juninho speculating that it could happen in 2026. Stryker shared insights from a recent customer meeting with Google, noting their struggles with integrating acquisitions and focusing on enhancing their Google SecOps product. The discussion touched on Google's Gemini security model and their challenges in handling enterprise-level operations. The conversation concluded with Jay mentioning Cisco's HyperShield technology and its potential impact on the cybersecurity industry, suggesting that it could become a significant player in the market.

eBPF: The Future of Security

Jay explained eBPF as a kernel-level technology that enables safe execution of code within strict rules, contrasting it with containers like Docker. He highlighted Cisco's central management approach and its potential for policy enforcement, noting its efficiency and resilience compared to traditional user-space EDR tools. Jay emphasized eBPF's ability to react to behaviors rather than specific vulnerabilities, potentially reducing the need to constantly chase new threats. The discussion concluded with Jay predicting a rise in software service liability, influenced by regulatory trends in Europe and Japan, and the possibility of a conflict between the US and EU over digital service regulation.

2026 Security Market Predictions

The group discussed predictions for 2026, with Alex forecasting increased workforce reintegration after companies failed to replace workers with automation, while Neil warned that vulnerability management would worsen due to NVD's instability and CISA's staffing issues. Neil also predicted that the CNAP market would become uninteresting, leading to new startups developing alternative cloud security approaches, while Stryker suggested 2027 might see executives being quietly fired and rehired at better terms. The discussion concluded with a debate about whether 2026 would see more security startups or continued M&A activity, with some noting that companies were increasingly focused on extracting maximum revenue from existing customers rather than innovation.

2026 Tech Trends and Predictions

The group discussed various predictions and trends for 2026, including potential service disruptions due to cable cuts and the impact of OpenAI's hypothetical IPO on the AI market. They also explored the possibility of increased regulatory scrutiny and its effects on technology companies, particularly in the U.S. and EU. The conversation touched on the rise of point solutions in cybersecurity and the potential for more major players to emerge in the market.

Cybersecurity Platforms vs Point Solutions

The group discussed the evolution of cybersecurity platforms versus point solutions, with Jay and Neil agreeing that while platformization has been a consistent trend for 15-20 years, there will always be a cycle of new point solutions being built and either succeeding or getting acquired. Shawn shared insights from his experience at Wiz, noting that well-integrated platforms provide significant benefits for large complex organizations but may not be as valuable for smaller shops, suggesting that the effectiveness of platformization depends on the customer's scale and complexity.

Cloud Security Automation and eBPF

The group discussed the growing importance of translation layers and no-code/low-code automation platforms in cloud security, with Neil and Juninho agreeing that these tools could help bridge gaps between different security systems and platforms. The conversation then shifted to eBPF technology, with Jay sharing insights about Cisco's Hypershield approach and its potential for blocking malicious traffic flows, while Brian noted that eBPF is being used in segment routing V6. The conversation ended with Shawn mentioning that Wiz uses eBPF for threat detection and correlation across multiple signals, and the group agreed to find an expert for a future eBPF talk.

Next steps

- D: Link the Python co-working session recordings from the Google Drive and GitHub space in the group chat - Shawn: Keep the Zoom meeting open for people who want to stay after the hour - D: Share contact number with Stryker for security awareness discussions

Disjointed Meeting with Mute Reminder

The meeting transcript appears to be a disjointed collection of phrases, greetings, and thank yous, with no clear discussion or decisions made. The only notable interaction was Jay reminding Shawn that they were muted, but this was not part of a broader conversation.

LinkedIn and Python Group Updates

The small group meeting began with Shawn noting his absence due to flu, while Neil shared details about his Orca 4th Anniversary Limited Edition Sweater. The group discussed LinkedIn networking, with Dee expressing concerns about managing social media engagement while D shared advice about maintaining authenticity and relevance in connections. The Python group update from D mentioned their work on CloudTrail and JSON, with plans to cover Bodo and AWS SDK in the coming weeks, and they are recording sessions for sharing with the group.

LinkedIn Strategy and Engagement

The group discussed LinkedIn usage and social media engagement, with Don expressing feelings of obligation and platform fatigue. Tyler advised against using LinkedIn if it causes anxiety, suggesting focus on real-world networking instead. The group agreed that LinkedIn should be used strategically, with Michael sharing how he uses it for career opportunities while maintaining a minimal presence. Stryker shared that despite their negative views, LinkedIn is sometimes necessary for professional requirements, and the group discussed ways to make the platform more manageable by controlling notifications and focusing on meaningful connections rather than constant posting.

Cultural Differences in West Coast Workplaces

Stryker discussed his nervousness about joining a West Coast company, but the group reassured him that cultural differences between East and West Coast are often overstated. Neil advised focusing on establishing credibility through listening and understanding rather than being overly aggressive, sharing his experience working in Israel where direct communication is common and the work schedule differs from standard US hours. The group also shared anecdotes about cultural differences in various regions, with Shawn highlighting the more inclusive nature of West Coast workplaces compared to East Coast's more formal approach.

Developer-Customer Communication: Balancing Roles

The team discussed the challenges and risks of developers directly communicating with customers, with Neil advocating for maintaining a barrier between technical staff and customers to prevent over-promising or miscommunication. Jay and others agreed that while technical staff should not promise features or argue with customers, they can play a valuable role in customer discussions when properly trained and when a product manager is present to interpret customer needs. The discussion highlighted that while some companies successfully train developers for customer interactions, others struggle with this transition, leading to both under- and over-reliance on technical staff in customer conversations.

Enhancing Cross-Functional Communication

The team discussed the importance of effective communication between sales engineers, product managers, and developers. Juninho emphasized the need for clear communication of customer needs and the importance of PMs and engineering managers in customer conversations. Neil and Shawn highlighted the role of technical staff in influencing product development and translating customer requirements into actionable improvements. Michael raised concerns about the lack of training in communication and negotiation skills in organizations, while Jay discussed the challenges of bridging the gap between technical and business perspectives in cybersecurity. The team agreed on the value of training and the need for better alignment between technical and business goals.

Challenges in Cybersecurity Roles

The group discussed challenges in cybersecurity roles and organizational dynamics, with Stryker highlighting how cybersecurity professionals often face expectations to perform diverse tasks beyond their core responsibilities. Jay noted that cybersecurity teams are viewed as cost centers, explaining why business leaders may not prioritize understanding cybersecurity. The discussion concluded with Neil suggesting that building champions within different organizational domains, particularly in DevOps, could help bridge communication gaps between security teams and other departments.

Security Program Scaling Strategies

The group discussed strategies for scaling security programs across large organizations, with Jay describing SAP's approach of creating security experts through a 14-16 month Secuulum program and working with 40,000 developers across 20 product lines. Justin shared his experience with an internal Slack channel for security questions and a security champions program that has been successful without major issues. The discussion highlighted the importance of finding and empowering "diplomats" or "ambassadors" within teams to promote security awareness and knowledge sharing, with Stryker and others emphasizing the need to translate technical security concerns into business-relevant terms to gain organizational buy-in.

Security Risk Analysis and Communication

The meeting focused on security risk management and how to effectively communicate risk to business leaders. Jay explained their organization uses quantitative risk analysis, including Monte Carlo simulations, to model potential security incidents and create loss exceedance curves. This analysis helps demonstrate the cost-effectiveness of security investments, with Jay noting that security measures typically require about 1/20th the cost of the risk they mitigate. The discussion also covered how to engage developers who participate in security challenges like CTFs, with some participants preferring to remain hobbyists rather than full-time security professionals.

Next steps

- D: Post information about the Chaotic Good D&D meetups/events in the chat for others interested in attending or learning more. - D: Tell the Chaotic Good organizers that there is interest in online D&D events and suggest they consider offering online sessions. - D & Kyle: Meet to plan the next long-term software project sprint (LAN Atlas MVP) and provide more information to the group. - Stryker: Submit two CFPs (Call for Papers) today for upcoming conference talks. - Stryker: Present on MITRE ATT&CK TTPs (Tactics, Techniques, and Procedures) in a future session (volunteered during meeting). - D: Prepare and deliver at least three talks this year: a wrap-up of the Python work, a session on detection engineering for macOS malware (capstone), and a talk on a phishing incident and MFA.

Dungeons & Dragons Masterclass Discussion

The meeting began with casual conversation about pets and social media influencers before transitioning to a discussion about Dungeons & Dragons. Dan shared his excitement about signing up for a Dungeons & Dragons masterclass at Chaotic Good, a gaming cafe in New York, and the group discussed the potential for future in-person or online gaming sessions together. Neil then reminded the group that today's session was an open session for introductions and discussion, encouraging new participants to introduce themselves if they wished.

Python Learning and Sprint Updates

The team discussed Python programming, with Brian Reich seeking advice on learning the language due to its whitespace sensitivity. Matt and Neil suggested using IDE tools to handle whitespace formatting and emphasized Python's utility for quick scripting tasks and its portability across platforms. D announced that the Python sprint is nearly complete, with the next sprint focusing on a long-term software project, specifically a LAN Atlas MVP, which will be open to all team members. Stryker proposed an idea for sharing anonymous stories about problematic managers from previous employers, though this was not pursued further.

JavaScript and Code Reading Insights

The meeting primarily revolved around discussions about programming languages, with a focus on JavaScript's limitations and the benefits of learning to read code, even if not writing it. Neil emphasized the value of understanding code for security engineers, sharing personal experiences of how this skill helped him at different workplaces. The group also discussed the challenges of working with custom content management systems and the importance of learning to read and understand code, even at a basic level, to better navigate technical issues.

Startup Challenges and AI Opportunities

Stryker shared his experience starting a new job at a startup, discussing the challenges of balancing short-term customer demands with long-term product strategy. He described his plans to create a comprehensive awareness training list by mapping their existing briefings to MITRE TTPs (tactics, techniques, and procedures), which would help demonstrate coverage to clients and identify gaps for content improvement. The discussion concluded with a conversation about the potential of using AI and machine learning to enhance threat intelligence and dynamic ontologies, with suggestions to explore open-source citations and collective defense approaches.

Balancing Customer Requests and Strategy

The team discussed the challenges of managing customer feature requests, particularly for startups with large customers who can influence product direction. Jay emphasized the importance of balancing customer needs with product strategy, while Neil shared his experience at Twistlock and Orca, highlighting the tension between building features for specific customers and maintaining a broader market appeal. Stryker mentioned the need to refocus on the core product and manage content team workload due to customized requests. The conversation also touched on the effectiveness of security-related content in attracting attention and the importance of making such content evergreen and applicable to a broader audience.

Team Updates and Prediction Insights

The team discussed several updates, including the resolution of a lawsuit between Wiz and Orca, who instead decided to have a champion elected through trial by combat. Jay shared his successful predictions, including Microsoft's delay of data center builds due to community zoning conflicts, bringing his prediction accuracy to 4 out of 13. The group also discussed upcoming conference presentation opportunities for 2026, with Stryker encouraging submissions. Finally, Neil reflected on the topic of challenging bosses, suggesting that the focus should be on learning from difficult work experiences rather than dwelling on negative aspects.

Leadership Styles and Honeypot Tech

The group discussed leadership styles and experiences, with Neil sharing a story about a manager who was supportive when trusted but micromanaging when confidence was lacking. They explored the importance of understanding a leader's goals and finding opportunities to build interesting work under supportive leadership. The conversation concluded with a technical discussion about low-interaction honeypots, where Matt sought recommendations for an easy-to-configure system, leading to suggestions about WordPress, Elementor theme, Shopify plugins, and the D-Shield honeypot from the Internet Storm Center.

AWS Contractor's Leadership Reflection

Alhaji shared his experience as a former AWS data center technician, where he was terminated 24 hours after dropping an SSD card during Prime Day, despite initially being reassured about the incident. He reflected on how his leadership could have been more supportive and transparent, particularly given his status as a green badge contractor approaching his 90-day mark. The discussion highlighted the importance of understanding different personalities in leadership and managing high-stress situations effectively.

Enhancing Management and Training Practices

The meeting focused on workplace experiences, particularly around management styles and training. Alhaji shared his experience of being sent into a data center without proper briefing, highlighting the lack of support for new employees. Juninho and Neil discussed the importance of proper training and support for new employees, with Juninho emphasizing the need for organizations to invest in the success of new hires. Neil also highlighted the dangers of promoting individual contributors into management roles without adequate training in people management skills.

Balancing Technical and Leadership Skills

Don shared his experience with managers who had both technical and leadership capabilities, noting that having a former peer as a manager provided valuable context and understanding of the company's products. Neil suggested breaking down management attributes into three categories: leader, manager, and administrator, and discussed how different organizations might distribute these roles among various individuals. The group discussed the importance of balancing technical expertise with people management skills, with Stryker emphasizing the need for managers to understand the technical aspects of their team's work.

Effective Leadership and Employee Support

The group discussed leadership and management styles, with Matt emphasizing the importance of empathy, honesty, and effective communication from managers. Stryker shared a personal experience where a good boss supported her by advocating when her VP tried to have her fired, demonstrating the value of leadership that protects employees. The conversation concluded with Matt describing his preference for managers who provide guidance without making him feel constrained, while still maintaining control over his work.

Next steps

- Stryker/Team: Define and establish what "complete" means for the cybersecurity awareness training catalog, including setting reasonable boundaries and metrics for coverage, and document the gap analysis process. - Stryker/Team: Map existing and planned briefings to relevant MITRE ATT&CK TTPs, attack vectors, compliance requirements, and business value, to identify and address content gaps. - Stryker/Team: Develop and propose a baseline set of briefings that align with high-impact business risks and compliance needs, and enable tracking of content usage and effectiveness. - Neil, Jay, Stryker, D, and interested parties: Coordinate and schedule an 8 AM breakfast meet-up at RSA (date and location to be finalized next week). - Shawn/organizers: Finalize date and location for RSA breakfast meet-up and communicate to group. - Shawn/organizers: Plan a special episode or celebration for the 3-year anniversary of Cloud Security Office Hours.

Shawn Nunley's Audio Sharing Session

The meeting transcript appears to be a series of audio clips and phrases shared by Shawn Nunley, including greetings, music references, and various phrases in multiple languages. The content lacks a clear discussion or decision-making structure, making it difficult to summarize as a traditional meeting. Without a coherent topic or action items, it's not possible to provide a meaningful summary of decisions, alignments, or next steps.

Technical Troubleshooting and Light Banter

The meeting began with casual greetings and small talk, including references to music and Friday greetings. Shawn and Stryker discussed technical issues related to screen-sharing and a LinkedIn thread, with Alex Cohen suggesting they wait for more participants. Stryker mentioned needing to grab a "hacker cloak" to stay warm, which led to a lighthearted discussion about hacker attire and the use of stock images. The conversation included some humorous remarks about mushrooms and basements, and the conversation ended with Shawn encouraging Alex Cohen to join a call.

RSA Conference 2024 Planning Discussion

The group discussed their upcoming attendance at RSA Conference 2024, with Stryker expressing excitement about vending and meeting colleagues. They agreed to organize a Cloud Security Office Hours (CSOH) breakfast meeting at 8 AM, with Jay noting it would be an hour and a half drive for him. The conversation shifted to conference experiences, with Neil and Shawn sharing insights about vendor booths and networking opportunities. Two new members introduced themselves: Tomiwa, a cybersecurity engineer from the UK focusing on cloud security, and Nithin, a recent graduate interested in cloud security who found the group through Reddit. Stryker then presented an idea for a slide deck about cybersecurity awareness training content, seeking advice on when to stop creating new materials and when to refresh existing content.

Cybersecurity Training Coverage Strategy

Stryker presented a project to organize cybersecurity awareness training content by mapping it to MITRE TTPs (tactics, techniques, and procedures) for internal use. The discussion revealed that while the original goal was to define "complete" training coverage, the team agreed this approach might be backwards, suggesting instead to first establish business value metrics and acceptable coverage levels before attempting to achieve 100% completion. Jay and James emphasized the importance of understanding the target audience's needs rather than focusing solely on technical cybersecurity concepts. The project's scope evolved from serving production staff to supporting both internal stakeholders and GRC professionals, with the ultimate goal of demonstrating training completeness to prospects while maintaining practical value for different user groups.

Security Video Briefings Initiative

Stryker discussed a project focused on creating targeted, short-form video briefings to address security gaps and improve employee awareness. The team explored how these briefings could be used to nudge employees into adopting better security practices, such as updating operating systems or enabling multi-factor authentication. They emphasized the importance of making security training relevant and contextual, rather than relying on one-off, lengthy sessions. The discussion also touched on the need for automation in managing sensitive information and the potential for these briefings to prompt employees to review and clean up their security practices.

Security Training and Human Behavior

The meeting began with a discussion about security awareness training, where Don expressed interest in gamification and psychology-based approaches to make training more engaging. Stryker shared that their startup, founded by cybersecurity experts, applies behavioral psychology to security training. The conversation then shifted to Tyler's story about accidentally discovering a trove of passwords through IRC at a young age, highlighting the importance of human laziness in security vulnerabilities. The conversation ended with discussions about phishing attacks and the need to educate users about cybersecurity practices, as well as plans for the group's upcoming 3-year anniversary celebration.

Next steps

- D: Post sign-up information for the next Cloud Security Office Hours sprint (Atlas Slan project) on GitHub and request Shawn to include it in the newsletter in a couple of months. - SandipD: Share LinkedIn profile in the chat (already done during meeting, but referenced as an ongoing action for networking). - SandipD: Pinged by Paul to connect on LinkedIn for ongoing cryptography advice throughout the semester. - D: Continue planning the Atlas Slan project in JIRA and coordinate with Kyle for the next sprint launch in April.

Informal Greeting and Weather Chat

The meeting began with Shawn Nunley sharing a song and some audio clips, which caused some technical difficulties for James, who couldn't hear Shawn initially. After resolving the audio issues, Shawn greeted James and other attendees, including Kurt, and noted it was good to see them. James and Shawn discussed the weather, with James mentioning potential big storms and Shawn recounting his narrow escape from snowpocalypse. The meeting was informal, with Shawn and James exchanging pleasantries and discussing the weather before any substantial business was addressed.

Cloud Security Office Hours Launch

The meeting welcomed new participants and discussed the structure and objectives of Cloud Security Office Hours, emphasizing networking and knowledge sharing. Shawn encouraged participation and highlighted upcoming opportunities for presentations and collaboration. Kyle and D shared plans for the next sprint, involving a project to develop an Atlas Slan tool, which will be managed using JIRA and hosted on the Cloud Security Office Hours GitHub. They invited others to contribute to the project, aiming to create a production-level tool and gain experience in collaborative software development.

Job Application and Networking Strategies

The group discussed job application strategies, with a focus on resume tailoring and networking. They agreed that honesty is important, but candidates can highlight relevant skills they actually have. The conversation touched on the value of LinkedIn and other professional networks for career development. They also discussed the importance of being persistent in networking and not giving up after initial rejections. The conversation ended with a reminder about an upcoming winter storm for East Coast travelers.

Next steps

- Stryker: Collect booth numbers, company names, and schedules from interested participants for RSA and create a map/list of Cloud Security Office Hours members' booths (with support from company's graphic designer team). - Stryker: Provide free RSA expo passes to interested participants who reach out via DM/email. - SandipD: Present/demonstrate the "Is QD worse than Y2K?" session for Cloud Security Office Hours in an upcoming meeting as a dry run. - D: Assist Stryker with reviewing and double-checking awareness program content and controls for Stryker's auditor. - Mario.Lazo: Discuss/demo coding agent support for the Cloud Security Office Hours GitHub repo with Shawn and potentially others (offline). - Stryker: Consider creating a process (or PR) to notify GitHub contributors when their pull requests will be reviewed live during Cloud Security Office Hours. - Neil: Host Maria Thomas on Cloud Security Office Hours on March 20th to discuss applying behavioral science to online harassment.

Personal Updates and Audio Reflections

Shawn shared various audio clips and messages, including music, racing sounds, and personal updates about work and colleagues. He mentioned having a pass for RSA and expressed appreciation for his new coworkers. The discussion included comments about music, racing, and personal reflections, but no clear decisions, alignments, or action items were established.

RSA Conference Planning and Updates

The team discussed the upcoming RSA conference, where Stryker announced plans to organize Cloud Security Office Hours and coordinate a booth crawl. Shawn mentioned he would attend RSA but could not do so officially on Wiz's dime due to other commitments, while D offered to host anyone needing a place to stay. The group also celebrated Chris's birthday and discussed various personal updates, including D's sprained ankle and Kaye's observation of spring-like weather in New York.

AI Development and Security Updates

Shawn invited Sandip to present his session on "Is QD worse than Y2K?" at a future meeting, and Sandip agreed to do a dry run. The group discussed updates to Shawn's website, including a new breach kill chain page and a news feed feature that Stryker planned to improve. Mario presented his work with coding agents, which use AI to assist in software development tasks, and the group discussed the potential benefits and security considerations of this technology.

Security and AI in Development

The meeting focused on discussing security challenges and solutions, with Shawn challenging participants to test the security of a system in a constructive manner. Tyler shared insights on using GenAI in software development, highlighting the effectiveness of their IBM software factory and the importance of human oversight. Neil introduced an upcoming guest, Maria Thomas, who will discuss behavioral science in online harassment on Cloud Security Office Hours on March 20th. The conversation also touched on the use of RAG (Retrieval Augmented Generation) and its potential benefits in handling large datasets.

Cloud Security Office Hours Discussion

The meeting began with a discussion about a behavioral science topic related to online harassment, which does not cover automated harassment. Shawn welcomed everyone to Cloud Security Office Hours, emphasizing the open and interrupt-driven nature of the discussion. The group engaged in light-hearted banter about a participant's profile picture mix-up, and Jennifer introduced herself, mentioning her interest in PCI discussions. Neil highlighted the importance of creating safe spaces for asking questions, sharing his experience of implementing this philosophy with junior salespeople. The conversation ended with a reflection on the value of fostering environments where questions are welcomed and encouraged.

GitHub Pull Requests for Learning

The group discussed GitHub pull requests and their importance for learning and contributing, with Shawn emphasizing that pull requests can be for any changes, not just code, and that learning how to submit them is valuable. Stryker suggested creating a system to notify contributors when their pull requests will be reviewed, and the discussion touched on the importance of asking questions and the need for patience when explaining concepts. The meeting also highlighted the group's supportive environment for learning, with Taylor and others sharing their experiences of being welcomed despite varying levels of technical knowledge.

Cybersecurity Questioning Strategies

The group discussed strategies for asking questions in cybersecurity, emphasizing the importance of clear, specific, and well-formatted questions to get effective responses. Tyler shared insights on the XY problem and how to frame questions to avoid misunderstandings. The conversation also covered password security, with Neil highlighting that long, complex passwords offer limited protection compared to unique passwords and multi-factor authentication (MFA). The discussion concluded with a reflection on evolving security practices and the need to focus on multiple barriers to compromise rather than relying solely on password complexity.

Vulnerability Trends and the Case for Minimal Images

Patrick opened by framing vulnerabilities as flaws in a specific piece of open-source or vendor software, typically fixed by upgrading to a patched version (Log4Shell → 2.15.0-rc1 and the 2.16 line). Year over year, CVE counts have climbed steadily for the last eight years, with a visible acceleration recently. That's the forcing function: throwing more engineers at remediation scales poorly, so the industry is moving toward reducing the surface that can carry vulnerabilities in the first place.

Containers, Kubernetes, and Open Source — The Setup

Patrick ran quick refreshers on what a container is (standardized unit packaging source, dependencies, and config so the app runs the same on any host), distinguished application images (nginx, redis, mysql) from base images (python, golang, ubuntu), and used a "contractor and project manager" analogy for Kubernetes — with containers as specialized workers and Kubernetes as the orchestrator handling scheduling, networking, storage, and resilience. Adoption data from Red Hat, Gartner, Docker, and Wiz all pointed to very broad container adoption. One interesting Wiz stat: an 8% uptick between 2023 and 2024 in self-managed Kubernetes control planes on VMs inside AWS.

When Self-Managing a Kubernetes Control Plane Makes Sense

Kyle pushed back on Patrick's read of the self-managed uptick, suggesting it could just as easily signal cost pressure, multi-cloud ambitions, or overconfidence — "like rolling your own crypto." Juninho (ex-GCP) countered that some of Google's biggest customers hit the edges of what managed offerings permit, and moving off-managed is a legitimate workaround for real constraints. Neil added that "self-managed" is a misnomer: many of these clusters aren't raw Kubernetes but distributions like OpenShift or Rancher with established configuration patterns. Jay (SAP) confirmed multi-cloud and versioning control are the two biggest drivers in practice — SAP runs its own Gardener-based distribution so dev and ops teams get the same platform on bare metal or any cloud, and enterprises often can't keep up with aggressive cloud-provider version bumps.

Open Source Is Most of the Code You Ship

Patrick cited Google data putting open-source components at 77% of modern applications and a colleague's audit that measured 76.2–99.9% OSS content across five commercial Java apps. Kyle noted many tech companies hire dedicated open-source maintainers for libraries they depend on (Steam funding Proton and Wine, Microsoft with VS Code and GitHub). Dave pointed out that "open source" is also a distribution strategy — giving the platform away to drive adoption, then monetizing on top. Stryker recalled a SecTor keynote that framed the trust question: despite vulnerabilities, OSS is so woven into everything from NASA to Microsoft that opting out isn't realistic.

Live Demo: Four Base Images, Four Outcomes

On the same FastAPI Python app with an empty `requirements.txt` (zero application-layer vulns), Patrick rebuilt against four base images and ran Trivy: - `python` — 1,699 total vulnerabilities, 269 critical + high. - `python:slim` — 90 total, 2 critical, 7 high. - `python:alpine` — 3 total, 1 critical, 2 high. - `chainguard/python` — 2 total, 0 critical, 1 high, 1 medium. The Alpine and Chainguard results were close in this snapshot. Patrick emphasized that raw counts aren't the full story — the differentiator is what happens over time.

Compliance and SLAs — the Real Differentiator

Shawn jumped in to reinforce that a lower starting count isn't the only reason to buy a minimal-image product: vendors like Chainguard attach SLAs to CVE remediation, which matters once you build those images into your pipeline as the approved "golden" ones. Patrick tied this to FedRAMP, which mandates critical CVEs remediated in 30 days, high in 90, and medium in 180. Meeting those timelines without a vendor SLA requires very strict internal controls. Minimal-image vendors also commonly ship FIPS-validated (140-2 or higher) cryptography for the same customer base — agencies selling to the federal government.

Four Approaches to Managing Container Vulnerability Load

Patrick closed with a side-by-side of the four strategies an org can pick between: 1. **Patch as discovered.** Scanner finds a CVE, security pings the engineer, engineer patches. Easiest to green-light — no budget or political capital required — but inefficient, often misses internal SLAs, and is miserable for the people doing it. 2. **Golden image program.** The SRE or platform team curates a catalog of vetted base and application images. Real reduction in vulnerability load, but meaningful upfront and ongoing investment and a constant battle to get developers to pull from the catalog instead of rolling their own. 3. **Minimal container images (paid).** Vendors like Chainguard ship trimmed-down Linux distributions with only the packages each image actually needs, plus SLAs and FIPS validation. Trade-offs: some testing required (no package manager, no curl in the most minimal variants) and it's a line-item cost. 4. **Debloated images.** Vendor ships an image; customer writes a coverage test describing how the app is actually used; instrumentation strips unused packages based on the observed runtime path. Can beat open-source alternatives on vulnerability count and often comes with some FIPS coverage, but SLAs are not guaranteed.

AI in HR and Payroll Discussion

The team discussed various updates and topics, including technical issues with audio during the meeting and the challenges of consumer laptop updates. Dave shared concerns about his company's decision to replace HR and payroll functions with AI, which sparked discussion about the potential legal implications. The group also briefly touched on a new Microsoft Defender zero-day vulnerability. Throughout the meeting, participants engaged in casual conversation and shared links to relevant content, including a custom challenge coin.

Microsoft Red Sun Zero Day

The team discussed a Microsoft Red Sun Zero Day exploit that leverages Cloud Files API and OP lock race conditions to gain system privileges through Windows Defender. Bartek explained how the exploit uses file locks to create a race condition where Defender gets stuck in a remediation loop, allowing attackers to redirect file writes to system directories. The group noted that while Microsoft initially rejected this as a design issue, the exploit could potentially affect any privileged service writing files in unprivileged locations, making it an OS-level vulnerability.

Cloud Security Team Updates

The team discussed several topics including the nature of Defender, which was clarified to be primarily user space rather than kernel-level. Rev shared an idea about creating humorous management risk acceptance stamps for cybersecurity conferences. The group also discussed the Signal chat group for Cloud Security Office Hours, with Neil warning about the high volume of messages. D inquired about getting a pull request accepted on GitHub, which Neil agreed to review. Shawn announced recent website updates, including a new CTF page and news page improvements.

Cybersecurity Threat Naming Conventions

The group discussed the importance of consistent threat actor naming conventions across cybersecurity organizations, with Neil explaining how Microsoft and CrowdStrike have struggled with harmonizing their naming systems over the past decade. The conversation then shifted to analyzing a potential phishing message from HSBC India about password requirements, with participants debating whether the message was legitimate or a fake attempt. The discussion highlighted common password policy issues in banking systems, including problems with special character requirements and database upgrades.

HSBC Password Security Concerns

The team discussed a news story about HSBC India requiring customers to use all-uppercase passwords, which raised security concerns about potential plain text password storage. Neil explained the difference between storing plain text passwords and hashed passwords, noting that proper password storage should use one-way cryptographic hashing. The group debated whether HSBC might have been using an algorithm that converts passwords to uppercase before hashing, which would explain why existing passwords only work when entered in all uppercase. Ryan pointed out that the Cyber Security News post was from April 1st, suggesting it might be an April Fools prank.

AI Impact on Cloud Security

The group discussed the impact of AI on cloud security, with Neil expressing skepticism about Anthropic's Mythos project, noting that while it may have marketing value, it doesn't fundamentally change existing security approaches. Jay shared insights from an executive advisory board meeting, predicting a "Wild West" period of two years where large enterprises will make mistakes implementing AI solutions, potentially leading to legal issues, business disputes, and unexpected costs. The discussion also touched on concerns about job security in the face of AI automation, with participants noting that while AI may improve some attacker behaviors and defense capabilities, it's not a complete replacement for human expertise.

AI Impact on Security Challenges

The group discussed the impact of AI on security and business, particularly focusing on the speed at which vulnerabilities can be discovered and exploited. Matt expressed concerns about the economic viability of AI-powered businesses, predicting potential challenges for companies like Oracle within 1-2 years. The discussion highlighted that while AI may make attackers more effective, the real challenge lies in organizations' ability to respond quickly to threats through improved infrastructure, zero trust methodologies, and defense-in-depth strategies rather than just speed of patching. The conversation also touched on the broader security landscape, including the importance of supply chain security and the potential of eBPF and post-exploitation techniques in addressing vulnerabilities.

Open Source Security Challenges

The meeting focused on discussing current challenges in open source security, particularly regarding supply chain attacks and the impact of generative AI tools like Claude's Mythos on vulnerability research. Participants, including Jay, Dee, Matt, and Neil, discussed concerns about the effectiveness of AI tools in security research, with Matt expressing skepticism about the marketing claims surrounding these tools. Neil highlighted the parallels between the evolution of ransomware and the emerging trends in supply chain attacks, suggesting that attackers are testing and optimizing their strategies for monetization. The group also welcomed new member Basil from Pakistan and discussed the importance of defense-in-depth strategies in addressing these security challenges.

Cloud Security Risk Mitigation Challenges

The group discussed challenges in cloud security, particularly around mitigating risks from tools like TinyLM and Trivy that can steal cloud secrets. Jay emphasized the difficulty of implementing egress blocking measures, which Rev noted would be prohibitively expensive without strategic direction. Don explained that while there might not be misunderstandings about the problem, there is often ignorance about the consequences, comparing it to unknown vulnerabilities in widely-used products. The discussion also touched on user education needs and the complexity of modern technical systems, with Paul arguing that security responsibility should primarily rest with technology providers rather than end users.

Supply Chain Security Measures

The group discussed security measures and supply chain attack mitigation strategies. Matt and Neil discussed how attack methods are evolving to be more stealthy, with Matt predicting that supply chain attacks like XZ/CLAB will become more common and less detectable. Neil shared insights about AppLocker and Aaron Locker as security tools for Windows systems, suggesting the need for similar models to secure egress. The discussion concluded with participants sharing their cautious approaches to software updates, with Shawn and others expressing reluctance to perform blanket updates due to security concerns, and Neil mentioning plans to develop product functionality that includes cool-down periods for package updates.

Package Repository Security

The team discussed security concerns around package repositories and supply chain attacks. They debated the trustworthiness of different package ecosystems, with Matt and others noting that NPM and PyPI are particularly risky due to their open contribution models, while apt repositories in Ubuntu/Debian offer better security through stable release streams. Pavel suggested separating CI pipelines from publishing pipelines in different repositories to better protect secrets, and emphasized the importance of using hardware security keys like YubiKey for authentication. The discussion highlighted the growing risk of open source supply chain attacks and the need for more robust security measures in development processes.

GitHub Actions Security Best Practices

The team discussed security practices for GitHub Actions, focusing on minimizing the use of third-party dependencies and implementing defense-in-depth strategies. Rev shared recommendations for securely using third-party GitHub Actions, including minimizing dependencies, being selective about trusted providers, and separating privileged and unprivileged jobs to limit access to secrets. Neil demonstrated a current implementation that could be improved from a security perspective, and Pavel highlighted the challenge of protecting workflow YAML files once compromised, suggesting the need for isolated build systems. The discussion emphasized the importance of strategic decisions about security trade-offs, particularly in larger organizations where controlling access permissions becomes more complex.

Cybersecurity Challenges in Open-Source Software

The group discussed cybersecurity challenges, particularly around open-source software and zero-day vulnerabilities. Pavel emphasized the need to protect the "publish" step when releasing customer-facing software, while allowing more flexibility during internal development. Jay and Matt highlighted concerns about the security of widely-used open-source projects, noting how critical components like OpenSSL and Trivy have been maintained by small teams or volunteers. The discussion concluded with a debate about safe practices for handling PDFs, with participants sharing different approaches to mitigate security risks while managing necessary communications.

School Security Vulnerabilities

The group discussed security vulnerabilities in school environments, particularly focusing on how schools could serve as attack vectors due to inadequate IT security measures and backup systems. Matt explained that school districts often lack proper security infrastructure and have been targeted by ransomware attacks in the past. The discussion also covered PDF security on mobile devices, with Matt and Shawn agreeing that opening expected PDFs on iPhones is generally safe due to sandboxing, though they recommended verifying unexpected files with senders. The conversation concluded with participants sharing personal anecdotes about their early experiences with computers in educational settings, highlighting how hands-on learning and necessity-driven discovery can be more effective than formal education in developing technical skills.

Affordable Computing and Learning Impact

The group discussed the impact of affordable computing and restriction on creativity and learning. Matt shared his experience building a computer and learning networking, while Jay reflected on his early exposure to programming and security research, including his discovery of Spectre and Meltdown vulnerabilities. The conversation highlighted how access to low-cost hardware and learning opportunities shaped their technical journeys.

Evolution of Computer Hacking Culture

Jay and Matt discussed their experiences with early computer hacking and malware, sharing stories about finding security vulnerabilities and the evolution of hacking over time. They compared the current landscape of threat actors like Shiny Hunters and Scatter Spider to the 1990s hacking culture, noting how motivations and approaches have changed. The conversation also touched on the more severe legal consequences for hacking activities today compared to previous decades, and they reflected on the thrill and responsibilities of discovering security vulnerabilities in systems.

Security Risk Assessment Talk Proposal

The meeting began with casual conversation and technical issues, including discussion about a Chinese webcam driver and a humorous thread about a cloud security code leak. The main focus was Stryker presenting a talk proposal titled "Meeple: Building Risks Around Actions, Not Single-Dimensional Roles." Stryker explained the concept of treating people as one-dimensional game pieces rather than complex individuals, which can create security risks. The group discussed whether the title was clear enough, with Neil suggesting adding a definition of "meeple" in the title to help understanding. Stryker outlined the talk's premise about avoiding binary thinking when assessing security risks based on single variables like role or seniority.

Security Approaches and Conference Experiences

The group discussed security approaches and conference experiences. Jay shared his frustration with treating all employees the same from a security perspective, arguing for more tailored approaches based on job roles. Stryker agreed with this approach and emphasized the importance of making experienced professionals think differently about security assumptions. The conversation then shifted to discussing RSA Conference, with participants sharing their different experiences as vendors, participants, and C-suite attendees. Mackenzie, a new recruiter in the field, introduced herself and expressed interest in learning more about the security space.

Cybersecurity Conference Diversity Discussion

The group discussed conference experiences and diversity issues in cybersecurity events. D shared concerns about RSA's oversight in not including a Black affinity group despite having Latino and LGBTQ groups, expressing disappointment with the explanation that there was no space. The conversation then shifted to comparing different cybersecurity conferences, with participants discussing the differences between Black Hat and DEF CON, noting that DEF CON is more inclusive and less corporate-focused, while Black Hat offers more industry-relevant content but at a higher cost. The discussion concluded with reflections on conference networking opportunities and entertainment, including experiences with corporate performances at security events.

Conference Speaking Engagement Strategies

The group discussed strategies for getting selected to speak at industry conferences like RSA. Jay suggested that being selected as a speaker makes it easier to justify attendance to employers since it becomes a business development opportunity rather than just personal networking. Stryker shared her experience getting GEICO to pay for conference attendance through speaking engagements, including her upcoming talks at various events. The discussion emphasized that speakers don't need to be perfectly polished or experienced to present, with several participants sharing that passion and expertise are more important than formal credentials. The conversation concluded with advice for junior professionals like Issam, who expressed concerns about language barriers and experience level, with participants reassuring him that accent and experience level don't impact reception in the industry.

AI Technology and Engineering Discussion

The meeting focused on supporting a participant named Issam who was preparing to give a talk, with Neil and others offering encouragement and reassurance that he didn't need to speak if he wasn't comfortable, and suggesting alternative paths to success in the industry. The group then had an extensive discussion about AI technology, particularly Claude, where they criticized its engineering approach and compared it to "spaghetti code," questioning the wisdom of building complex systems without proper engineering oversight. The conversation included observations about cult-like behavior in the AI community and concerns about the lack of experienced security professionals in AI company leadership roles.

LLM Limitations in Logical Tasks

The team discussed the limitations and challenges of using large language models (LLMs) for logical tasks, particularly highlighting how LLMs often arrive at solutions in illogical ways that they cannot consistently explain. Jay explained their approach to multi-agentic AI systems, where LLMs are used primarily to generate human-friendly responses rather than perform deterministic tasks like flight bookings, which are handled through business connectors. The discussion emphasized that while LLMs have their place in creating natural language outputs, they should not be expected to perform automated, predictable logic tasks that are better suited for traditional systems.

AI Governance and Security Measures

The group discussed AI governance and security measures, with Jay emphasizing the importance of secure-by-design architecture and threat modeling based on business processes rather than just technical aspects. Milos shared his experience implementing taxonomy, ontology, and graph-based solutions to reduce hallucinations in AI systems, particularly in an insurance company in Peru, though Jay noted this approach was similar to their existing methods. The discussion concluded with Jay recommending a four-part series on AI security that includes separating planning from execution and implementing verification mechanisms for critical use cases.

Secure Agentic AI Implementation Challenges

Jay and Milos discussed challenges in implementing secure agentic AI systems, focusing on preventing system failures and managing user privileges. They highlighted the importance of deterministic processes, input validation, and the separation of planning and execution tasks to mitigate risks. Jay mentioned their team's approach of building custom solutions due to limited vendor support and shared insights on threat modeling and security practices in the AI space. The conversation also touched on the difficulty of finding appropriate design partners and the need for accessible documentation on AI security measures.

Graph Databases and Privileges

Milos discussed his work with graph databases, particularly using py.dev as a harness and Neo4J as the preferred graph database. He shared his experience building custom models and the benefits of combining graph databases with semantic layers and ontologies. Jay addressed a question about user privileges in AI systems, explaining the current implementation of service accounts and user delegation, while noting challenges with privilege dropping. Milos suggested using an ontology to define atomic operations and their required privileges, which Jay acknowledged as a feasible approach that could potentially involve temporary role assignments.

AI Security Implementation Strategies

The group discussed approaches to implementing AI systems with appropriate security and access controls. Jay emphasized the importance of time-based or task-based privilege revocation, while Milos suggested applying principles of just-in-time access and least privilege. They explored different frameworks, including Zero Knowledge Trust, and discussed the challenges of balancing security with practical implementation. The conversation also touched on the evolution of AI technology and its potential applications in business operations, particularly in areas like supply chain management and manufacturing.

AI Research and Applications

The group discussed various AI researchers and their approaches, with particular focus on Jan Lacun and his work on world models versus LLMs. Jay expressed preference for Jan's clear communication style and practical approach, while criticizing Jeff Hinton's shift toward more commercial positions. The conversation then shifted to broader AI topics, including concerns about AGI as a goal and discussions about Musk's space-based data center plans, with the group expressing skepticism about the feasibility and practicality of such initiatives. The discussion concluded with reflections on current robotics applications, particularly highlighting warehouse robots and functional non-humanoid robots as more practical and effective than humanoid designs.

RSA Conference Discussion

The meeting began with casual conversation about RSA conference attendance, where Shawn and Juninho discussed their experiences, noting lower attendance and limited new innovations despite AI being a prominent theme. The group welcomed new attendees and discussed the importance of networking through LinkedIn. No specific decisions or action items were outlined, and the session was designated as an open forum for questions and discussion.

LiteLLM Security Vulnerability

The meeting focused on a discussion about a significant security vulnerability in the LiteLLM Python package, which was compromised and led to the exfiltration of sensitive information from users' systems. Shawn shared a video explaining the details of the vulnerability, including how it affected systems and the role of package managers in security. The group also discussed the response on GitHub, where bot AI replies attempted to suppress the issue, and noted the irony that the compromised package was used for security by companies like Delve, which is currently facing allegations of misleading compliance reports.

Light LLM Security Breach

Shawn presented information about a security breach involving Light LLM and Trivy, where threat actors exfiltrated 300GB of credentials and are extorting multiple billion-dollar companies. Mackenzie introduced herself as a national risk and security recruiter from Tech Systems, offering to support the group with recruitment needs, particularly in cloud security roles for financial institutions and health services. Juninho provided additional context about how the Light LLM compromise occurred through a Trivy security scan, noting that Light LLM's response was faster than competitors Aqua and Checkmarx.

Open-Source Security Compromise

The group discussed a security compromise involving open-source software, with Shawn noting that many developers were affected. Rev suggested that using vetted packaging from security companies could provide a delay in risk mitigation, while Shawn emphasized the importance of trusted open-source packages. Alex highlighted the need for human oversight in security processes, while Pavel proposed sandboxing sensitive information on developer machines to enhance security. Bartek suggested separating CI from CD as a potential solution.

Supply Chain Attack Prevention Measures

Frederick discussed detection and prevention measures for supply chain attacks, mentioning IOCs such as specific domains and file paths. He noted the importance of endpoint detection and protection, especially for activities related to AI coding and malicious package downloads. Juninho added that Team PCP appears to be targeting supply chain companies, highlighting the risks faced by organizations in this sector.

Software Supply Chain Vulnerabilities

The group discussed security vulnerabilities in software supply chains, particularly focusing on the compromise of Trivy and other vulnerability scanners. They explored various mitigation strategies including version pinning, air-gapped development environments, and limiting external connections, though Rev noted that allowlisting external connections would be difficult to implement effectively due to the complex dependencies in GitHub Actions. The discussion highlighted the effectiveness of the attackers' approach, including spamming communication channels to disrupt the response process, and concluded with agreement that while no perfect solution exists, implementing multiple security measures including short-lived credentials and private maintainer channels could help improve resilience.

RSA Conference and AI Compliance

The group discussed their recent experiences at RSA conference, noting significantly lower attendance compared to previous years, with many attendees being vendors rather than security practitioners. Jay observed that the event felt empty despite ongoing vendor activities, leading to speculation about whether RSA might end after this year. The conversation then shifted to compliance and AI, where Brian raised questions about Light LLM's security credentials and Delve's compliance issues, leading to a discussion about the role of AI in compliance processes, with participants agreeing that human oversight remains essential in auditing and compliance verification.

Why this topic for a cloud-security meeting

Neil introduced the session by noting that while online harassment isn't cloud security on its face, the behavioral-science framing applies directly to community dynamics — including CSOH's own. He pointed out that some participants have probably experienced online harassment, some may have participated in it, and that the mechanisms Maria describes are exactly what CSOH tries to invert to create a positive environment. Maria added that she didn't originate the research — she curated it into a presentation so practitioners can discuss mitigations.

What digital harassment actually looks like

Maria defined digital harassment as using information and communication technologies to repeatedly harm another person, and catalogued the common forms: direct harassment, cyberstalking, doxing, impersonation, identity abuse, pile-ons and coordinated harassment, and image-based abuse. These are intersectional — cyberstalking can lead to offline stalking; doxing has led to real-world violence and even murder (Mariel Franco in Brazil, Gauri Lankesh in India). Target groups are predictable: women, people of color, LGBTQ people, and anyone with visibility and authority. Amnesty International's Troll Patrol found that 1 in 7 tweets to women politicians and journalists in a 2018 UK/US study were abusive — one abusive tweet every 30 seconds — and women of color were 34% more likely to be targeted than white women.

Why crowds behave worse than individuals

Maria traced mob-behavior theory from Gustave Le Bon's 1895 "The Crowd" (anonymity → lowered personal responsibility, invincibility, contagion, suggestibility) into modern refinements. The older deindividuation theory held that anonymity caused a loss of self and random behavior. The **SIDE model** (Social Identity Model of Deindividuation Effects) corrected this: anonymity doesn't erase identity, it shifts the person's salient identity to the group. A 1979 study gave test subjects anonymizing costumes — hate-group-style costumes produced aggressive behavior, nurse uniforms produced caring behavior. Anonymity amplifies whichever group norm is dominant.

Online disinhibition: five effects that lower the filter

Dr. John Suler's 2004 online disinhibition theory adds a second layer. Maria walked through five effects: - **Dissociative anonymity** — the online persona is compartmentalized from real-world self. - **Physical invisibility** — no body language, no immediate consequences. - **Message asynchronicity** — feels like putting messages out, not interacting with a person. - **Solipsistic introjection** — you unconsciously assign a voice and face to the person you're talking to, so the exchange starts to feel like a play you're writing to yourself. - **Dissociative imagination** — some people see their online self as a fictional character, which frees them to act well outside their real-life norms. Each effect adds permission. Stacked, they explain how people end up in a racist Telegram channel or, more benignly, a support group they'd never join in person.

Dopamine, serotonin, and why moral pile-ons are addictive

Maria walked through the neurochemistry. Serotonin is the calming, stable, mood-regulating neurotransmitter — boosted by slow, focused activity. Low serotonin correlates with impulsive aggression. Dopamine is the reward neurotransmitter, hardwired as a survival mechanism. Social media companies have engineered likes and shares as dopamine drips, and research shows that **moral policing and punishment** specifically light up the reward circuit. The cycle is self-reinforcing: low serotonin → seeking dopamine → dopamine from aggression → more aggression → tolerance → needing more. As of January 2026 there are 2,000+ social media lawsuits pending in the Northern District of California accusing platforms of engineering dopamine addiction.

A brief history, 1980s to Gamergate

Online harassment traces back to 1980s MUDs (where players typed "spam" to drown out discussion, giving us the modern word). 1998's Drudge Report outing of Monica Lewinsky was an early pile-on. 2003 saw 4chan's founding; 4chan raids demonstrated that real-world harm could be coordinated online. The early 2010s produced a wave of cyberbullying-driven youth suicides (Amanda Todd, Rehtaeh Parsons, Tyler Clementi, and others). **2014's Gamergate** is the origin point of modern networked harassment — coordinated doxing, threats, and impersonation campaigns against Brianna Wu, Zoe Quinn, and Anita Sarkeesian, complete with blacklists, email templates, and phone scripts for pressuring advertisers. Gamergate was so destructive its own platform's founder stepped down citing it. On the global scale, Facebook admitted inadequate action during the 2017-2018 Rohingya genocide in Myanmar, where algorithmic amplification of hate speech contributed to violence.

NVE groups and the Sadistic Harm Radicalization Funnel

Nihilistic Violent Extremism (NVE) groups — also called Sadistic Online Exploitation groups — are youth-gang-style online networks (764, Cult, MKY, Harm Nation) engaged in sextortion, CSAM distribution, and coercing children into self-harm, violence against pets, and in some cases suicide. They operate across Telegram, Discord, and video games; shutting them down is whack-a-mole. Researcher Alex Slotnick of DevSec coined the "Sadistic Harm Radicalization Funnel" to describe how members escalate: **socialization** (normalization) → **voyeurism** (passive consumption, gateway material) → **participation** (active abuse, starting with minor real-world harm) → **skilled individual abuser** (specialized roles like swatter or doxer) → **ringleader**. Bradley Cadenhead, 764's founder, has been arrested; the group remains active.

AI-enabled abuse is a step-change

Maria flagged "nudifier" apps that animate real people's images into sex acts — advertised on Meta products in June 2025 and only partially removed. In December 2025–January 2026, X's Grok produced roughly 3 million sexualized images in 11 days, 23,000 of which appeared to depict children. A February 2026 UNICEF study of over a million children in 11 countries found 1 in 25 have had their images turned into sexually explicit deepfakes in the past year. AI has collapsed the skill barrier that used to keep this kind of abuse rare.

Where we go from here

The overall direction is bad — IC3 reports incidents skyrocketing, and cyberbullying.org shows US teen victimization rising from 17% to 33% since 2016, offending rates from 6% to 16%. Service providers are under-resourced, laws are patchwork, and resources skew reactive rather than preventative because the victim volume demands it. Useful legal precedents exist — Coco's Law in Ireland criminalizes cyberbullying, Australia's 2025 under-16 social-media ban places enforcement on platforms — and RISE maintains a bibliography of community and family resources linked from their site. Maria closed by pointing out that preventative work on the aggressor side is still largely missing; most current programs focus on victims and on lobbying platforms for design-level changes.

LAN Atlas Network Monitoring Project

The meeting focused on discussing a new Python project called LAN Atlas, which aims to create a network monitoring solution with components for on-premise and cloud deployment. Kyle, Dee, and Neil presented the project idea and outlined plans for team roles, including technical and non-technical positions. They invited participants and mentors to join the initiative, emphasizing its potential for practical experience and resume building. The group also celebrated Kyle's birthday and discussed the recent acquisition of Wiz by Google, with participants sharing mixed perspectives on the acquisition's implications for the company and its products.

Supply Chain Unicode Injection Attack

Neil led a discussion about a supply chain attack involving Unicode characters in code repositories, specifically examining instances in GitHub. The team analyzed how malicious code was inserted into legitimate pull requests, particularly through Dependabot updates. Kyle suggested the possibility of AI prompt injection, while Piyush and Pavel identified suspicious Dependabot commits that appeared fake. Neil questioned whether the attack originated from a compromised IDE, similar to previous findings in malicious NPM packages and VS Code extensions. The team examined specific examples, including a package.json file and TypeScript code, to understand how the injection occurred within otherwise valid commits.

Node.js Worm Spread Discussion

The group discussed the recent return of worms in cybersecurity, particularly focusing on how they spread through the Node.js/NPM ecosystem. Matt noted how worms can now spread through multi-step, multi-vector attacks, including targeting repository maintainers. The discussion included historical context about previous worm "seasons," with Neil clarifying that the current situation represents "season 3" following the original worms and the 2001-2009 period that included email worms like Melissa and SQL Slammer. Brian Reich expressed frustration about the Node.js/NPM ecosystem's reliance on unnecessary libraries like Lodash, comparing it to the "left pad" incident where a maintainer's departure caused significant disruption to thousands of projects.

JavaScript Development Challenges

The group discussed challenges with JavaScript and Node.js development, particularly around governance issues and the language's origins in browser-based applications. Brian Reich raised concerns about developers lacking fundamental software development knowledge due to rapid development cycles and React frameworks, while Kyle suggested that JavaScript's rapid creation in a short time period contributes to ongoing challenges. The conversation concluded with a discussion about cloud security education, where Kyle recommended Georgia Tech's OMSCS program as a cost-effective option for D, who was considering a cloud security graduate degree.

Is a Cloud Security Degree Worthwhile?

The group discussed whether pursuing a graduate degree in cloud security is worthwhile. Several participants advised against specialized cloud security degrees, suggesting instead to focus on general cybersecurity or computer science programs, as cloud security skills can be developed through practical experience and self-directed learning. The discussion highlighted that while formal education has value, it's important to consider the cost, potential return on investment, and personal interests when deciding on a program. Specific practical advice was shared about learning cloud security through hands-on experience using tools like Terraform, setting up lab environments, and exploring resources like the Wiz.I/O website for specific solution areas. The conversation also touched on career goals, with one participant expressing interest in Mac malware research, leading to recommendations about learning ARM assembly and reverse engineering.

JavaScript Library Authentication Vulnerability

The meeting began with casual conversation before transitioning to a discussion about a critical authentication bypass vulnerability in a widely-used JavaScript library. Stryker and Neil explained the technical details and potential impacts, emphasizing the need for organizations to patch affected systems and conduct thorough vulnerability assessments. The group discussed strategies for addressing vulnerabilities in third-party software, including vendor communication, SLAs, and emergency mapping triages. The conversation ended with a reminder for attendees to check their systems and suppliers for the Java authentication issue.

SBOMs: Security and Transparency

The meeting focused on discussions about SBOMs (Software Bill of Materials) and their importance in software security. Stryker initiated the conversation, highlighting the need for accountability in tech stacks and the potential of SBOMs to serve as a forcing function for transparency. Jay and Neil provided insights into the challenges and misconceptions surrounding SBOMs, emphasizing their role in vendor vetting and risk management. The group also discussed the evolution of SBOM requirements following the SolarWinds compromise, noting the tension between regulatory demands and practical implementation. The conversation concluded with a reflection on the utility of SBOMs and the need for further clarity on their value and application.

SBOMs: Challenges and Best Practices

The group discussed the limitations and practicality of using Software Bill of Materials (SBOMs) in security practices. Umang expressed skepticism about the effectiveness of SBOMs and SCA tools, while Stryker emphasized the importance of actively monitoring libraries and using threat feeds. Pavel highlighted the need for per-release SBOMs and the importance of having a continuous posture. Jay and Shawn advised Dave on asking vendors for their software development and operational lifecycle (SDOL) documents, emphasizing the importance of due diligence when selecting SaaS providers. The conversation also touched on the challenges of securing critical systems and the potential for automated SBOM sourcing from vendors.

Security Practices and Threats

The meeting covered several security-related topics, including supply chain security, code escrow practices, and Wikipedia's recent security incident. Stryker shared his experience verifying the security of his platform and the importance of double-checking suppliers. Dane discussed SBIM practices in the medical device industry and recommended adopting standard tools for generating and shipping security artifacts. Matt described Wikipedia's security breach caused by a malicious user script, which led to the platform going read-only. The group also discussed the challenges of identifying threat actors in open communities, with Neil emphasizing the value of openness and collaboration in security efforts.

Threat Actors and Community Safety

The group discussed the nature of threat actors and community safety, with Stryker sharing experiences from administering the Lonely Hackers Club on Telegram. They explored different types of threat actors, including accidental insiders, and emphasized the importance of community guidelines and moderation. Rev expressed concerns about presenting at conferences due to potential AI misuse of recordings, but the group generally dismissed these fears. The conversation concluded with Stryker sharing a humorous anecdote about his initial concerns at DEF CON, highlighting the often exaggerated fears of new cybersecurity professionals.

Public Speaking Security Best Practices

The group discussed security concerns around public speaking engagements and online presence. Stryker advised attendees to be cautious about sharing personal information at conferences, suggesting they could request not to be recorded and consider the potential risks versus benefits of speaking publicly. Jay shared his experience of receiving targeted phishing attempts as a public figure in security, while Neil highlighted how Microsoft employees overreacted to attending DEF CON. The discussion concluded with Matt reflecting on how security professionals used to openly share information on IRC, contrasting with current professional boundaries, and Neil sharing an opportunity to host a presentation on online harassment research at Cloud Security Office Hours.

Conference Preparation and Professional Conduct

The group discussed their plans for an upcoming conference, with Stryker expressing excitement about a presentation on March 20th and hoping it would be recorded. They also talked about strategies for handling social situations at conferences, including staying sober and dealing with pressure to drink. The conversation touched on personal experiences with drinking and how it can affect professional situations in the cybersecurity industry.

Social Engineering and Intuition

The team discussed social engineering and intuition, with Matt sharing his ability to quickly assess people's trustworthiness based on instinct. Neil advised being protective and watchful at social events, particularly with younger team members. Stryker offered to share social engineering resources with Matt, and they discussed the importance of gathering internal threat intelligence to stay informed about company changes. The conversation concluded with Matt mentioning his father's background in security and his own early exposure to surveillance and counter-surveillance techniques.

RSA Conference Planning and Updates

The team discussed the upcoming RSA conference, where Stryker announced plans to organize Cloud Security Office Hours and coordinate a booth crawl. Shawn mentioned he would attend RSA but could not do so officially on Wiz's dime due to other commitments, while D offered to host anyone needing a place to stay. The group also celebrated Chris's birthday and discussed various personal updates, including D's sprained ankle and Kaye's observation of spring-like weather in New York.

AI Development and Security Updates

Shawn invited Sandip to present his session on "Is QD worse than Y2K?" at a future meeting, and Sandip agreed to do a dry run. The group discussed updates to Shawn's website, including a new breach kill chain page and a news feed feature that Stryker planned to improve. Mario presented his work with coding agents, which use AI to assist in software development tasks, and the group discussed the potential benefits and security considerations of this technology.

Security and AI in Development

The meeting focused on discussing security challenges and solutions, with Shawn challenging participants to test the security of a system in a constructive manner. Tyler shared insights on using GenAI in software development, highlighting the effectiveness of their IBM software factory and the importance of human oversight. Neil introduced an upcoming guest, Maria Thomas, who will discuss behavioral science in online harassment on Cloud Security Office Hours on March 20th. The conversation also touched on the use of RAG (Retrieval Augmented Generation) and its potential benefits in handling large datasets.

Safe Spaces for Questions

The meeting began with a discussion about a behavioral science topic related to online harassment, which does not cover automated harassment. Shawn welcomed everyone to Cloud Security Office Hours, emphasizing the open and interrupt-driven nature of the discussion. The group engaged in light-hearted banter about a participant's profile picture mix-up, and Jennifer introduced herself, mentioning her interest in PCI discussions. Neil highlighted the importance of creating safe spaces for asking questions, sharing his experience of implementing this philosophy with junior salespeople. The conversation ended with a reflection on the value of fostering environments where questions are welcomed and encouraged.

GitHub Pull Requests for Learning

The group discussed GitHub pull requests and their importance for learning and contributing, with Shawn emphasizing that pull requests can be for any changes, not just code, and that learning how to submit them is valuable. Stryker suggested creating a system to notify contributors when their pull requests will be reviewed, and the discussion touched on the importance of asking questions and the need for patience when explaining concepts. The meeting also highlighted the group's supportive environment for learning, with Taylor and others sharing their experiences of being welcomed despite varying levels of technical knowledge.

Cybersecurity Questioning Strategies

The group discussed strategies for asking questions in cybersecurity, emphasizing the importance of clear, specific, and well-formatted questions to get effective responses. Tyler shared insights on the XY problem and how to frame questions to avoid misunderstandings. The conversation also covered password security, with Neil highlighting that long, complex passwords offer limited protection compared to unique passwords and multi-factor authentication (MFA). The discussion concluded with a reflection on evolving security practices and the need to focus on multiple barriers to compromise rather than relying solely on password complexity.

Cloud Security Office Hours Anniversary

The meeting marked the third anniversary of Cloud Security Office Hours, which has grown into a global platform connecting professionals across continents. Shawn expressed gratitude for the program's success and the opportunity to witness participants' career growth and friendships. The meeting began with a brief delay as some participants joined late, and Shawn noted the absence of Chris, attributing it to the late hour for him. The session also included a participant seeking a new role in cloud security, DevSecOps, and security automation, sharing their experience and certifications, and expressing openness to various opportunities. Shawn encouraged anyone new to the meeting to introduce themselves, but no new participants raised their hands.

AI-Powered Cloud Security Website

Shawn presented updates to the Cloud Security Office Hours (CSOH) website, which he rebuilt using AI to simplify content management and make it more community-driven. He explained that the site is now hosted on GitHub, allowing anyone to contribute by creating pull requests with suggested changes or additions. Shawn demonstrated new features including a news section, resource categorization, and buttons for suggesting improvements, while emphasizing that the site can be easily hosted on various platforms. The community discussed potential enhancements like adding a guestbook, visitor counter, and animated GIFs, with Stryker offering to contribute news sources and Charlie inquiring about SEO considerations for the static page.

GitHub Static Website Development

The meeting focused on discussing contributions to a simple static HTML website hosted on GitHub. Shawn explained his goal of creating a secure, community-driven site that could be easily modified through pull requests, without adding databases or complex features. Participants discussed potential improvements, including adding schema for better search engine optimization and implementing features like guestbooks or hit counters. Stryker emphasized the importance of following proper security practices when testing the site, while Shawn encouraged participants to attempt adding content or even defacing the site as a challenge, provided it was done securely and ethically.

Policy as Code Implementation Strategy

The team discussed implementing policy as code, with Neil explaining how this approach can automate security policy enforcement and provide the same benefits as DevOps pipelines. Jay emphasized the importance of coordinating with audit and compliance teams, while also suggesting a scheduled approach to policy changes to avoid surprising stakeholders. Rev shared insights on the challenges of managing narrative policies in multilingual organizations, highlighting the advantages of policy as code for better tracking and verification of compliance.

Policy as Code Implementation Challenges

The group discussed policy as code and its implementation across different cloud platforms. Rev explained the benefits of open policy documentation for collaboration and continuous improvement. Neil highlighted the challenges of authoring policies that apply across multiple cloud providers. Jay shared their experience with implementing policy changes and the need for a hierarchical approach. Frederick discussed the unique challenges of threat detection in a fast-paced, Kubernetes-first environment, particularly for smaller companies focusing on DevSecOps. The conversation touched on the intersection of AI and threat detection, as well as the need for harmonized policies across different cloud platforms.

Policy as Code: Detective vs. Preventative

Tyler presented on policy as code, emphasizing its application to infrastructure and software development. He discussed different types of controls, including detective, preventative, and proactive, and highlighted the importance of shifting policy enforcement as far left as possible. Tyler also shared insights on multi-cloud policy management and the use of open-source and commercial tools for infrastructure as code scanning. The discussion touched on the cost of data breaches and the benefits of using existing policy frameworks rather than creating custom policies.

Policy Transparency and Security Challenges

The meeting focused on discussions around policy as code, insider threats, and audit practices. Neil and Jay debated the merits of publishing policies, with Jay emphasizing the importance of guardrails and automated controls for ensuring compliance. Matt Alvarez raised concerns about insider threats and the potential for policy transparency to aid malicious actors, leading to a broader discussion on balancing security with business processes. The group also touched on the challenges of audits, with Jay highlighting the accountant-like nature of auditors and the need for organizations to be honest in presenting their controls. The conversation ended with reflections on the costs and complexities of audits, as well as a brief tangent on historical nuclear incidents.

AI in Coding: Tools vs. Learning

The meeting began with introductions, welcoming Allan, a 35-year software developer from Massachusetts, who found the group through a friend and is exploring cloud technology. The discussion then shifted to a debate on the use of AI versus documentation in learning and coding, with Nathaneal questioning the balance between using AI to write YAML and reading documentation. Neil and Shawn shared their perspectives, emphasizing the importance of hands-on experience and learning from mistakes, while acknowledging AI's role as a tool for tasks already understood. The conversation concluded with a brief mention of Kimberly's new job and a plug for a LinkedIn article on the topic.

AI Tools in Coding Practice

The group discussed the use of AI tools like Claude and ChatGPT for coding tasks, with several members sharing their experiences. Dee described using detailed AI prompts for transparency and research, while BrianReich explained how AI was useful for repetitive security remediation work on legacy code. Matt emphasized the importance of having a baseline knowledge to effectively use AI tools and avoid hallucinations, citing examples of AI-related security issues. The conversation touched on the potential risks of AI tools when used by those without sufficient technical knowledge.

AI Implications and Ethical Concerns

The group discussed the implications of AI agents, particularly focusing on the Moltbot incident and its potential as a marketing stunt or security vulnerability. They debated the role of AI in coding and development, with some expressing concerns about relying too heavily on AI tools at the expense of learning fundamental skills. The conversation also touched on the legal and ethical implications of AI, including questions about accountability and responsibility when AI agents cause harm. Madeline mentioned ongoing litigation related to 23andMe, highlighting the emerging case law in this area.

AI Transparency and Data Provenance

The group discussed legal and technical challenges around autonomous agents and AI, including copyright issues for AI-generated content and the need for data provenance tracking. Paul shared his work on implementing semantic layers and ontologies to improve AI transparency and accuracy, with Milos providing specific examples from UBS's use of Neo4j for data auditability. The conversation concluded with Matt expressing skepticism that major LLM providers would adopt data provenance tracking due to potential legal implications and technical challenges.

AI Trends and Challenges

The group discussed the evolving landscape of AI and LLMs, with Matt predicting that large-scale generative AI models might become less popular due to high compute costs and limitations, while specialized and localized applications could gain traction. They emphasized the importance of data provenance and verifiability for companies, as well as the challenges of AI hallucinations and their potential dangers, particularly in security and expert domains. Neil highlighted the risks of relying on AI remediation guidance, while Kimberly shared her experiences with AI's plausibility in different contexts, noting its effectiveness in some areas like behavior modification but its tendency to fabricate information in others.

AI in Education: Benefits and Challenges

The group discussed various topics including the use of AI in education, particularly for homeschooling and teaching math to children. Kimberly shared her experience using AI tools like ChatGPT and Gemini to create and solve logic puzzles for her children, highlighting both the benefits and limitations of these tools. The conversation also touched on the challenges and potential of AI in schools, with Kimberly mentioning a school charging $50,000 annually for AI-assisted education. Additionally, the group celebrated an upcoming three-year milestone for their team, discussing ideas for a celebration, including custom challenge coins and other tokens.

Meeting Kickoff and Introductions

Shawn shared a song and a message in Chinese, which included birthday wishes and greetings to various people. Dave apologized for being unable to join the speaker.

New Participant Introductions

The meeting began with informal discussions about tools and temperature units before transitioning into Cloud Security Office Hours. Kent, a new participant from Las Vegas, introduced himself and shared his background in Azure and cybersecurity, mentioning he was referred by Brian Jones. Rev, from Chicago, discussed his work at SAP focusing on security architecture and vulnerability management. Stryker raised concerns about the misuse of the statistic that 90% of cyber breaches are caused by human error, emphasizing the need for evidence when citing such claims. Neil and others debated the interpretation of this statistic, with Neil arguing that the focus should be on minimizing the impact of user errors rather than blaming users. The conversation ended with Kent sharing insights from his military background on insider threats and the challenges of user behavior in cybersecurity.

Insider Threats and Cultural Factors

The group discussed insider threats and security training, with Stryker and Jay agreeing that while insider threats are a significant concern, the root cause often stems from cultural and incentive issues rather than malicious intent. Jay suggested reframing the motivation behind insider threats to focus on external pressures rather than assuming bad intent, while another participant emphasized the importance of balancing security controls with trust in employees. The discussion concluded with Rev sharing an example about Microsoft engineers in China potentially facing legal pressures that could conflict with company interests, though this was presented as a hypothetical scenario rather than a confirmed case.

Insider Threats and Cybersecurity Challenges

The meeting focused on security threats, particularly from nation-state actors, with Stryker and Jay discussing China's mandatory vulnerability reporting system and its implications for insider threats. Stryker shared examples of insider threats, including a contractor who disabled logging systems, and the group discussed the increasing importance of human elements in cybersecurity. Dee emphasized the need to focus on unintentional insider threats in security awareness training, while Stryker sought clarification on data handling practices for AI tools, particularly regarding the use of ChatGPT.

AI Security and Policy Challenges

The team discussed challenges around AI and data security, with San suggesting a "grandma test" for sharing information with AI — if your grandma wouldn't understand it, don't share it. Stryker shared a humorous story about a Reddit thread involving inappropriate content accessed through a shared ChatGPT account. Rev raised concerns about the complexity of governing approved software and tools in the workplace, leading to a discussion about the challenges of maintaining up-to-date approved lists and the need for better bridges between policy and practical implementation.

Security Policy and AI Implementation

The meeting participants discussed various aspects of security policies, AI/LLM usage, and user access management. Neil emphasized the importance of "guardrails and paved roads" for managing user access and preventing malicious activities. The group also discussed the challenges of implementing and enforcing data sensitivity labels, with Ken highlighting the need for a clear policy on what constitutes sensitive data. Piyush suggested using AI and knowledge bases to help users navigate security policies more easily, though Jay cautioned that relying on AI agents could be a substitute for creating clear and well-structured policies in the first place. The conversation concluded with Stryker expressing support for GRC (Governance, Risk Management, and Compliance) frameworks, emphasizing their potential to help organizations meet security requirements in a practical and effective manner.

Enhancing Security and Compliance Strategies

The group discussed various aspects of security, compliance, and risk management. Jay emphasized the importance of GRC (governance, risk, and compliance) and highlighted how compliance can improve security posture. Stryker shared his frustration with executives who focus on legal liability rather than the human impact of breaches. Umang Patel described their success in improving compliance through automated enforcement of policies as code. The group also discussed challenges with auditors who focus on checklists rather than risk, and the need for better education of auditors on new technologies. The conversation concluded with a discussion about the potential end of human-as-a-service models in cloud computing, following recent AWS layoffs.