— Russia Investigation Origins and Media Influence
Quick recap. The meeting began with a discussion about the origins of the Russia investigation into Donald Trump, including media coverage and potential influences from intelligence officials and the Obama administration. Personal experiences with health challenges and career transitions were shared among participants, along with discussions about starting a consultancy business and experiences with automation. The group then focused on cloud security topics, including AI threat modeling, recent conference experiences, and the development of AI agents for workflow automation, concluding with plans for future presentations and platform growth.
Show 10 discussion topics
Russia Investigation Origins and Media Influence
The discussion focused on the origins of the Russia investigation into Donald Trump, with the speaker expressing skepticism about the initial claims and highlighting the potential influence of unnamed intelligence officials. They discussed the role of the media, particularly the New York Times, in reporting on the investigation, and the speaker suggested that the Obama administration may have been involved in creating a narrative to undermine Trump. The conversation also touched on the Durham report and the possibility of further revelations from an ongoing grand jury investigation.
Health Challenges and Resilience
Shawn and Matt shared personal experiences with health challenges, including Shawn's battle with cancer and a benign brain tumor that resolved itself through internal bleeding. They also discussed Matt's experiences with his wife's pregnancy and a stolen moving truck, highlighting the unexpected and challenging events they've faced. Both expressed a sense of humor and resilience in dealing with difficult situations.
Starting a Consultancy Business
Matt shared that his wife recently lost her job and they decided to start their own consultancy business, with their first client call occurring that morning. Shawn acknowledged this as a positive sign and discussed how people often underestimate the value of certain skills in different contexts. They also exchanged personal anecdotes about their early experiences with automation and data entry, highlighting how Matt's creative approach to automation led to his termination but ultimately set him on a path to success in that area.
Challenge Coins and Prank Stories
Shawn shared a humorous story about being temporarily fired from a wafer fab job after a prank went too far, but was quickly promoted to a new role by a new manager. The group discussed the tradition of challenge coins, with Jay showing off several coins he had earned, including a rare CISA coin. Shawn mentioned he was working on creating custom challenge coins for the group, which would be distributed once they were ready.
Cloud Security Office Hours Overview
Shawn welcomed new participants to Cloud Security Office Hours, emphasizing its open and interactive format. Carole, a novice in AI, expressed interest in discussing copyright protection in the AI space, while Alex shared his interest in the historical aspects of cloud security. Shawn, known for his extensive industry experience, offered to share stories from his time in Silicon Valley, including encounters with Steve Jobs and Steve Wozniak. Participants were encouraged to network by sharing their LinkedIn profiles and to join the group's mailing list, which has grown to 500 members.
Black Hat Conference Insights
The group discussed the recent Black Hat conference, with Neil sharing his experience that it was busier than usual and more valuable than RSA, which he attributed to fewer vendor pitches and more learning opportunities. Ross corrected the media's misreporting about a Google hack, clarifying it was actually Salesforce that was targeted. Alhaji announced he would be presenting on the 29th, focusing on his career journey in cloud security, and Shawn mentioned he might receive the first Cloud Security office hours challenge coin if the presentation is successful.
Origins of Cybersecurity Conferences
Shawn shared the origins of DEF CON and Black Hat conferences, explaining that DEF CON began as an impromptu party in Las Vegas that evolved into an annual hacker event, while Black Hat was created as a response to address cybersecurity concerns. Don expressed interest in bringing Cole Horseman as a guest speaker to discuss AI integration and fact-checking, while Jay mentioned a potential session on Agentic AI threat modeling related to an OWASP event at Black Hat featuring Ron del Rosario and Helen Oakley.
AI Security and Accountability Challenges
Jay discussed the challenges of threat modeling in AI systems, particularly focusing on the role of repudiation and the potential for non-deterministic behavior leading to disputes. He highlighted the importance of ensuring that agents act within the context of the user's intent and emphasized the need for strict guardrails to prevent autonomous actions by AI systems. Matt shared his approach of treating AI agents like "dumb interns" by limiting their permissions and implementing robust logging and monitoring systems. The group agreed that as AI systems become more autonomous, new security measures, such as enterprise-grade communication funnels and policy agents, will be necessary to prevent unauthorized actions and ensure accountability.
AI Automation and Security Insights
Matt shared his experience using a low-code platform called Tray.io to automate workflows, including detecting and fixing mobile app crashes. He emphasized the importance of carefully scoping permissions for AI agents to prevent unintended damage, and discussed his approach of requiring human approval for critical changes. The group also discussed recent AI security incidents and a study showing AI's lack of understanding of harm, with Matt recalling an experiment where two agents created their own language that became unreadable. The conversation ended with plans for Matt to potentially give a presentation about his automation work in the future.
AI Orchestration and Incident Response
The team discussed Matt's development of AI agents, particularly Mamea, which now serves as an orchestration layer for 25 specialized agents, simplifying user interactions. Matt shared that he's implementing an incident response feature that automatically generates 80% of an incident report, reducing workload for engineers. The group debated the broader implications of AI adoption, with Shawn noting a rapid shift in executive attitudes toward AI, while Matt expressed concerns about engineers spending more time on prompt engineering and debugging when using AI tools. The conversation ended with Shawn encouraging participants to spread the word about the platform, which is currently at 1,960 users, and a lighthearted discussion about potentially organizing a gathering in Australia.