B. Cooper

@PalmerLuckey Great job to the team!

Introducing: Roadrunner, a compact VTOL drone powered by twin thrust-vectored turbojet engines with extraordinary speed, range, and payload capacity. & Roadrunner-M, a radical new low-cost weapon that allows for unprecedented tactics against powerful threats.

@DrAndrewSchwarz Visa is using NLP and ML to remain dynamic against a fast evolving threat! Great tools to deal with the data volumes Visa has. It would be interesting to know how smaller companies are leveraging commercial ML services to achieve the same effect Visa is.

@DrAndrewSchwarz There are a lot of lessons from the TJX case. Highlighted the most is the need to embed InfoSec across business functions. Additionally, ignoring physical security leads to InfoSec vulnerabilities. Astounding that the kiosks were so vulnerable.

@DrAndrewSchwarz This is great to see, consistent with our course content. Would require “…consistent and informative disclosure of cybersecurity risk management and strategy…require disclosure of how a company factors [cyber risk] into its overall business strategy…”!!!

@DrAndrewSchwarz I really had very little understanding how complex and vulnerable a university’s network can be. Not to mention the sensitive work many of them do for the government.

@DrAndrewSchwarz I was able to get 14 of the 19 critical pieces of information. The failure at the company appeared to be partly a result of no clear response plan in place. Actions during the attack were fairly ad hoc, creating extra churn & slowing the response.

@DrAndrewSchwarz Cyber agility. Sounds great but difficult to implement. With the billions the federal government spends on cybersecurity related activities, and hacks like 2021 Solar Winds still happen, it’s going to be a tough slog for companies.

@DrAndrewSchwarz They were vulnerable due to what appears to be management complacency with their InfoSec program. Target made significant investments in their InfoSec human infrastructure but failed to prioritize and focus them.

@lsuashleym @LoganMcKinley23 @DrAndrewSchwarz Agreed. Measuring risk is important but arguably subjective and difficult to quantify. There are probably many other areas of a program that can be measured, that also naturally generate data, to gauge how well a program is doing.

@LoganMcKinley23 @DrAndrewSchwarz I also found it interesting how much emphasis was put on assessing risk. I think there are definitely other aspects of cyber security that are equally as important but it was good to look at it from a different point of view

@DrAndrewSchwarz Bad actors only have to get it right once. Information security practitioners have to get right every time. Being able to measure info security effectiveness is the only way to know you are doing the right things.

@DrAndrewSchwarz $322k average ransomware payment for a midsize market ?! I wonder how long it will be before RW attacks on small companies, at lower ransom, but in higher volume becomes commonplace making the damage in aggregate very disruptive.

@DrAndrewSchwarz Ensuring members of an organization remain active participants in the overall cyber security/IS plan is a serious challenge. Threats constantly evolve, as do our countermeasures, but individuals’ desire to keep pace with those evolutions is a risk.