Notes on Cybersecurity with Alex Stamos

Level of capability that is being applied with hacking into a normal company is on the scale of being a defense contractor just a few years ago.

Offensive cybersecurity is now how some countries compete.

Chinese and Russians are capitalists with respect to private companies doing the hacking; US is socialist with respect to cybersecurity with govt employees. Former case enables country to deny wrongdoing and erasing the selfcompanies
The “participation prize” goes to the folks who are catching up. And recommendation is to not assume your phone or laptop will not get broken into.
Hearing story about attaching virus to TurboTax equivalent in Ukraine

“After a frantic global search, the admins finally found one lone surviving domain controller in a remote office—in Ghana.” —loss of 100M as civilian impact of military cybersecurity attack in unrelated universe (act of war may not qualify covered as insurance)

“Can predict what the weather might be and how it is like right now, but cannot predict what will come in two weeks.”

“Push everything into the cloud as soon as possible. Every company is limited and restricted by in-house security teams.”

“Microsoft doesn’t run its own Exchange server anymore — why are you hosting your own?” 👈

“Every day there are cyberattacks that if happened in the real world would be considered as acts of war.” 👈

On red team, blue team, and yellow team.

Simple security hack is to delete all mails after 90 days. Or, “Make email ephemeral,”


“You do not achieve resilience simply by installing secure technology. It is mostly about understanding and mitigating risks in order to apply the right protection at the appropriate points in the system.”

Medium