CyberKnight

@AdamLGRing @kylekuzma Too true! A lot of our data is already compromised. I feel like we could reach that moment within 5 years with all the technological breakthroughs we’ve been having. Only takes that one “aha” discovery and we’re there.

@CyberKnight735 @kylekuzma indeed it is actually a threat to your data now unless you don't care that it is read in about 10 years from now... (harvest now, decrypt later)

Quantum compute.

@moshhamedani Even people that know what they’re doing with code are making mistakes, leading to breaches. Non-technical teams pushing to prod and being bragged about tell me the CEO either doesn’t know what he’s talking about or is being mislead.

CEO of Coinbase bragging that non-technical people are now using AI to ship production code. When a CEO says this, one of two things is true: either they don't know what production code is, or they're selling you a story. This kind of hype is how businesses end up in real trouble. The people shipping the code and the CEOs cheering them on won't be the ones held responsible when it breaks. They collect their paycheck either way. Users will find out the hard way, once unreviewed code has touched their money, medical records, identities, private messages, kids' data, legal documents, critical infrastructure. By then it's too late. Production code isn't a vibe.

@GergelyOrosz Don’t worry, HR is vibe coding a fix as we speak.

Unfortunate optics for Coinbase to have an hours-long outage when customers could not trade, a few days after their CEO said how non-technical teams are shipping code to production. This outage is because Coinbase seems to have a hard dependency on AWS, and when AWS (or a part of it) is down, so is Coinbase This is a choice/tradeoff by Coinbase’s eng team.

@brian_armstrong Non-technical teams vibe coding on a financial platform is a huge red flag. I’d encourage anyone to at the very least reconsider having their checking account connected to the site, especially with overextended management being in the weeds and not looking at the big picture.

This is an email I sent earlier today to all employees at Coinbase: Team, Today I’ve made the difficult decision to reduce the size of Coinbase by ~14%. I want to walk you through why we're doing this now, what it means for those affected, and how this positions us for the future. Why now Two forces are converging at the same time. We need to be front footed to respond to both. First, the market. Coinbase is well-capitalized, has diversified revenue streams, and is well-positioned to weather any storm. Crypto is also on the verge of the next wave of adoption, with stablecoins, prediction markets, tokenization, and more taking off. However, our business is still volatile from quarter to quarter. While we've managed through that cyclicality many times before and come out stronger on the other side, we’re currently in a down market and need to adjust our cost structure now so that we emerge from this period leaner, faster, and more efficient for our next phase of growth. Second, AI is changing how we work. Over the past year, I’ve watched engineers use AI to ship in days what used to take a team weeks. Non-technical teams are now shipping production code and many of our workflows are being automated. The pace of what's possible with a small, focused team has changed dramatically, and it's accelerating every day. All of this has led us to an inflection point, not just for Coinbase, but for every company. The biggest risk now is not taking action. We are adjusting early and deliberately to rebuild Coinbase to be lean, fast, and AI-native. We need to return to the speed and focus of our startup founding, with AI at our core. What this means To get there, we are not just reducing headcount and cutting costs, we’re fundamentally changing how we operate: rebuilding Coinbase as an intelligence, with humans around the edge aligning it. What does this mean in practice? - Fewer layers, faster decisions: We are flattening our org structure to 5 layers max below CEO/COO. Layers slow things down and create coordination tax. The future is small, high context teams that can move quickly. Leaders will own much more, with as many as 15+ direct reports. Fewer layers also means a leaner cost structure that is built to perform through all market cycles. - No pure managers: Every leader at Coinbase must also be a strong and active individual contributor. Managers should be like player-coaches, getting their hands dirty alongside their teams. - AI-native pods: We’ll be concentrating around AI-native talent who can manage fleets of agents to drive outsized impact. We’ll also be experimenting with reduced pod sizes, including “one person teams” with engineers, designers, and product managers all in one role. In short: AI is bringing a profound shift in how companies operate, and we’re reshaping Coinbase to lead in this new era. This is a new way of working, and we need to leverage AI across every facet of our jobs. To those who are affected I know there are real people behind these decisions — talented colleagues who have poured themselves into this company and our mission. To those of you who will be leaving: thank you. You’ve helped build Coinbase into what it is today, and I am sincerely grateful for everything you've done. All impacted team members will receive an email to their personal account in the next hour with more information, and an invitation to meet with an HRBP and a senior leader in your organization. Coinbase system access has been removed today. I know this feels sudden and harsh, but it is the only responsible choice given our duty to protect customer information. To those affected, we will be providing a comprehensive package to support you through this transition. US employees will receive a minimum of 16 weeks base pay (plus 2 weeks per year worked), their next equity vest, and 6 months of COBRA. Employees on a work visa will get extra transition support. Those outside of the US will receive similar support, based on local factors and subject to any consultation requirements. Coinbase prides itself on talent density. Our employees are among the most talented people in the world, and I have no doubt that your skills and experience will be highly sought after as you pursue your next chapters. How we move forward To the team that is staying, I know this is a difficult day. We’re saying goodbye to colleagues and friends you've been in the trenches with. But here’s what I want you to know as we move forward together: Over the past 13 years, we have weathered four crypto winters, gone public, and built the most trusted platform in our industry. We’ve made it this far by making hard decisions and by always staying focused on our mission. This time will be no different – nothing has changed about the long term outlook of our company or industry. And most importantly, our mission has never been more important for the world. Increasing economic freedom requires a new financial system, and we’re building it. The Coinbase that emerges from this will be more capable than ever to achieve our mission. Brian

@kathrynw5 If the chipotle account has your credit/debit card information you’re gonna want it 🤔

We, as a society, have taken two-factor authentication too far. Logging into my bank account and into my Chipotle account shouldn't be the same process.

@Polymarket Identity is the new perimeter when it comes to cyber defense. AI lowers the barrier to entry but it’s still the same fundamental problem sets. It’s imperative you set up multi-factor authentication on all your accounts. Even SMS is better than nothing. Strong/unique passwords too

NEW: Treasury Secretary Bessent says Americans should be concerned about AI hacking their bank accounts.

@WallStreetApes Also called sim swapping. An indicator will be your phone basically bricks itself and can’t make calls or texts.

🚨 A new scam is taking place in America that allows scammers to get your phone number to get past 2-Factor Authentication Scammers can then get access to your social media accounts, bank accounts and more AT&T Employee “I work at AT&T and over the last couple days, I've witnessed multiple malicious port-outs, which means that a scammer has tricked your cell phone carrier into allowing them to port your number over into a device that they control, which in turn lets them do the two-factor authentication Allowing them into your bank account, your email, your social media. A way to prevent this from happening, and this isn't just for AT&T, this is for any cell phone carrier that you have. Most of them have a port-out protection that you should turn on because this has been happening quite a bit lately. So just letting you know” Again this could happen on any cell phone carrier you have. I researched and found port-out protection is a free feature offered by major U.S. carriers, including T-Mobile, Metro, and others Make sure you do this

@hetmehtaa API

i am a cybersecurity guy, scare me with one word

Always a great resource. Once again those aged 60+ were the majority of cybercrime victims. Educate your loved ones and be patient with them!

A lot of pundits in the cyber space look at a viable quantum system as a long way off, 10-20 years. That’s a dangerous way to think about this novel issue. All we need is one eureka moment to toss that timeframe out of the window. I’m thinking we have less than 5 years.

@ZackKorman Quantum is another one and it’s threat to asymmetric encryption. The sooner orgs switch to PQC the better. Harvest now decrypt later is already happening and with the speed of technology I could see a viable system being created within the next 5 years, not 15 or 20.

Thanks for all the responses. It turns out that my view of cybersecurity’s future is unpopular. But here it is: - New doesn’t replace old. All the stuff that exists keeps existing. BUT it will be effectively “legacy”. Everything below is about the new. - AI detection everywhere. Audit logs, endpoint, appsec, etc. We embrace non-deterministic vibe hunting. - The whole “use stupid rules to trigger alerts that we then hand to humans” flow (SOC) disappears because that was built for a world where intelligence was expensive. - Detection, investigation, and response become one thing. - AI agent security will be super hot and attract a lot of people not in cyber today (engineering and IT). - Attacks are way less homogenous, and orgs experience way higher volume of sophisticated and targeted attacks. - GRC keeps being GRC. - A lot of existing CISOs won’t make it. Most new CISOs won’t come from traditional cyber roles.

#StayCyberAware The global cyber landscape demands continued vigilance; now is the time to step up your defenses. Guidance: cisa.gov/resources-tool… @FBI @CISAgov @NSAGov @DoD_CIO @DeptofWar

@nickvangilder The military is one of the best options for something “entry level” in the cyber field. One of the few places that will take someone with no experience and spend the time and money to train them. Add the clearance and GI bill and someone can set up a nice life for themselves.

Historically, cybersecurity has never been a true entry-level field. Most people start in IT to learn how networks and systems work, then transition into security roles over time once they have a certain amount of foundational knowledge and experience. That said, many companies, colleges, and training institutions have a strong monetary incentive to present cybersecurity as entry-level. They make significant amounts of money selling bootcamps and certifications to people eager to break into the field. After completing these programs and earning a few credentials, many newcomers discover that employers are looking for things they still do not have, most commonly hands-on experience in IT or adjacent roles. This disconnect often leads to frustration and backlash toward employers, who are accused of setting unrealistic expectations for entry-level security jobs. In reality, though, the expectations themselves are not new. What _is_ new is the narrative that cybersecurity is supposed to be an easy or direct entry point into tech. True entry-level cybersecurity roles do exist, but they are not the norm for most roles. To me, being upfront and honest about that reality would save a lot of newcomers time, money, and frustration.

Nation-state actors do not need to use zero-days when your edge devices stopped getting security updates years ago. Over the last few years, we have seen PRC state-sponsored actors targeting and exploiting vulnerable end-of-life (EOL) edge devices. Volt Typhoon used the KV botnet—consisting of hundreds of privately owned EOL routers—to pre-position and exploit that access to inflict damage on U.S. critical infrastructure. Flax Typhoon compromised thousands of internet-connected devices to create a botnet designed to steal sensitive information and launch disruptive cyber-attacks. Back in 2023, the #FBI and our partners conducted an operation targeting Volt Typhoon, seizing and removing malware from infected devices and taking steps to prevent reinfection. The following year, the FBI led an operation disrupting Flax Typhoon, taking control of the hackers’ computer infrastructure. To better protect your critical systems, organizations should regularly update devices and replace or isolate EOL assets. Learn more at fbi.gov/wintershield

The CISSP certification is considered by many to be the gold standard and will bolster any resume. There are many great resources out there to help you accomplish this goal. A couple helpful YouTube videos by the Technical Institute of America entitled “50 CISSP Questions. Master the CISSP Mindset.” and “CISSP Is a MINDSET GAME” provide relevant strategies. Another great YouTube channel called Inside Cloud and Security has an almost eight hour CISSP exam cram course that is a fantastic way to learn the material. The ISC2 official study guide is also a useful resource. Read the chapter summaries and look at the review questions. Go over things you don’t know. Finally, utilize AI to give you quiz questions on each domain and do a lot of them. This is great because it’s like having a real time tutor explain things you don’t know. It’s a difficult exam but if someone else can do it so can you.

@techspence Work as team, no one knows everything.

Cybersecurity rule of thumb #1: If it's on the internet, it will be poked and prodded and scanned. Administer accordingly. What's number 2?

Moltbook is going to be a fascinating case study on real-time, autonomous, AI driven cybersecurity. 🦞🤖🛡️