Cloud Security Office Hours Banner

Friday, June 26, 2026 - Meeting Recap

AI's impact on cybersecurity, Microsoft Red Sun zero-day, HSBC password controversy

- AI governance, executive liability, and password managers

Quick recap. The conversation centered on governing AI in the enterprise - token limits, usage tracking, and the reality that these tools were not designed with enterprise security controls in mind - and widened into whether fines or personal executive liability actually drive better security. The group also traded notes on password managers and MFA, and on the human side of physical security: tailgating, laptop locks, and securing home offices for hybrid work.

2026-06AIGovernancePasswordsConferences
Show 5 discussion topics

AI governance and token management

Dee described employees exceeding token limits and the push to stand up AI-governance tooling for monitoring and security. The group debated where responsibility sits - with users to select and use models well, or with vendors to design tools non-technical staff can use safely. Juninho noted, from experience at Google, that AI models were not built with enterprise controls in mind and that compliance tooling from providers has only recently appeared; older software-liability frameworks may need revisiting as AI systems have global impact.

Do penalties actually work?

The group weighed whether legislation and fines meaningfully change behavior. Some argued fines are a reasonable starting point; others noted that large organizations treat them as a cost of doing business, and that reputational damage from breaches has faded as consumers grow desensitized. Shawn suggested personal liability for CISOs and executives might drive security investment more effectively than corporate fines, referencing GDPR and Sarbanes-Oxley as cases where fines are levied but rarely fully paid.

Password managers and MFA

Participants compared Bitwarden, Dashlane, and 1Password, and debated whether storing credentials and MFA codes together in one manager is convenient or risky. Neil shared the practical challenge of moving a 75-year-old family member from LastPass to Bitwarden - a reminder that usability is part of the threat model.

The human side of physical security

Drawing on experience, including Stryker's time in the Marine Corps, the group discussed laptop locks, tailgating, and badging, and how to extend guidance to home offices without issuing unrealistic policies or making people paranoid. The theme: security awareness has to be teachable and livable.

Conference updates

Stryker noted talks accepted at B-Sides Las Vegas and the DEF CON Adversary Village, and Neil floated another informal CSOH breakfast at Black Hat for community networking.

↑ All meeting recaps