Friday, February 27, 2026 — Meeting Recap

RSA Conference Planning and Updates

The team discussed the upcoming RSA conference, where Stryker announced plans to organize Cloud Security Office Hours and coordinate a booth crawl. Shawn mentioned he would attend RSA but could not do so officially on Wiz's dime due to other commitments, while D offered to host anyone needing a place to stay. The group also celebrated Chris's birthday and discussed various personal updates, including D's sprained ankle and Kaye's observation of spring-like weather in New York.

AI Development and Security Updates

Shawn invited Sandip to present his session on "Is QD worse than Y2K?" at a future meeting, and Sandip agreed to do a dry run. The group discussed updates to Shawn's website, including a new breach kill chain page and a news feed feature that Stryker planned to improve. Mario presented his work with coding agents, which use AI to assist in software development tasks, and the group discussed the potential benefits and security considerations of this technology.

Security and AI in Development

The meeting focused on discussing security challenges and solutions, with Shawn challenging participants to test the security of a system in a constructive manner. Tyler shared insights on using GenAI in software development, highlighting the effectiveness of their IBM software factory and the importance of human oversight. Neil introduced an upcoming guest, Maria Thomas, who will discuss behavioral science in online harassment on Cloud Security Office Hours on March 20th. The conversation also touched on the use of RAG (Retrieval Augmented Generation) and its potential benefits in handling large datasets.

Cloud Security Office Hours Discussion

The meeting began with a discussion about a behavioral science topic related to online harassment, which does not cover automated harassment. Shawn welcomed everyone to Cloud Security Office Hours, emphasizing the open and interrupt-driven nature of the discussion. The group engaged in light-hearted banter about a participant's profile picture mix-up, and Jennifer introduced herself, mentioning her interest in PCI discussions. Neil highlighted the importance of creating safe spaces for asking questions, sharing his experience of implementing this philosophy with junior salespeople. The conversation ended with a reflection on the value of fostering environments where questions are welcomed and encouraged.

GitHub Pull Requests for Learning

The group discussed GitHub pull requests and their importance for learning and contributing, with Shawn emphasizing that pull requests can be for any changes, not just code, and that learning how to submit them is valuable. Stryker suggested creating a system to notify contributors when their pull requests will be reviewed, and the discussion touched on the importance of asking questions and the need for patience when explaining concepts. The meeting also highlighted the group's supportive environment for learning, with Taylor and others sharing their experiences of being welcomed despite varying levels of technical knowledge.

Cybersecurity Questioning Strategies

The group discussed strategies for asking questions in cybersecurity, emphasizing the importance of clear, specific, and well-formatted questions to get effective responses. Tyler shared insights on the XY problem and how to frame questions to avoid misunderstandings. The conversation also covered password security, with Neil highlighting that long, complex passwords offer limited protection compared to unique passwords and multi-factor authentication (MFA). The discussion concluded with a reflection on evolving security practices and the need to focus on multiple barriers to compromise rather than relying solely on password complexity.