Securosis
Menu

Research

AI Will Accelerate Your Tech Debt

Chris Farris March 22, 2026 No Comments

The Tech Debt Crisis Is Coming Like the American middle class living paycheck to paycheck, organizations near or below the security poverty line are one big incident away from catastrophic bankruptcy. They got here through years of underinvesting in core capabilities and unified architecture, not stupidity, but a long series of decisions that prioritized shipping over sustainability. And now every smaller incident consumes the cycles that could have gone toward paying down that debt, making the hole deeper every time. Tech debt isn’t just a code quality problem. It’s an operational survival problem. The environment is too complex to reason about, too brittle to refactor, and too interconnected to safely improve. Every incident response leaves the org a little more exhausted and a little further behind. We’re rapidly approaching a security crisis that looks like the financial crisis of 2008. Thousands, maybe millions, of companies with business models that cannot afford proper security are about to get breached and go out of business. Like the families with mortgages they couldn’t afford, many of these companies were on borrowed time to begin with. The unsympathetic response will be “they shouldn’t have been in business at all,” but people will still be out of work, investors will still be out of money, and the ripple effects will be real. And AI is only going to make this worse. AI Is Like Tax Cuts Here’s an analogy that’s going to make half of you mad: AI investment right now is like tax cuts. It feels great, it might genuinely juice productivity in the short term, and it absolutely makes the underlying structural debt worse. The cost of writing code is now nearly zero. That sounds incredible until you realize there’s no longer a natural economic brake on deploying new stuff. Every feature request can be shipped. Every half-baked idea becomes a pull request. Consider the monstrosity that is Microsoft Office, thirty years of features added to satisfy the demands of some enterprise customer, perpetuated across the ages, accreted into a product so bloated and bug-ridden that a single email parsing vulnerability can take down a hospital. Nobody planned that.  AI removes that forcing function entirely. The big FAANG companies that are all in on AI are doing quarterly five-figure layoffs. Smaller companies trying to keep up, and desperate to be hip, are going to follow them to their doom. If you can’t reason about your current complexity, you cannot safely have an AI enhance or rewrite large swaths of your codebase. Re-architecture is already off the table because fear of breaking production still reigns supreme. With a fragile architecture, even small changes have big risks. AI doesn’t solve that. AI amplifies it. That’s the trajectory for organizations that don’t address tech debt before going all-in on AI. More code, more attack surface, more complexity, and the same overwhelmed team trying to hold it together. The Iron Bank Will Have Its Due. Tech debt isn’t just a resiliency problem. It’s a security problem, and adversarial AI use is about to make it a catastrophic one. Rich Mogull’s Core Collapse plays out the scenario with uncomfortable clarity. Attackers operate in bounded problem spaces: find a path to an objective, exploit it, move on. AI makes them dramatically more effective at searching that space, with faster exploit development, automated attack graph traversal, and continuous iteration at machine speed. Defenders face the opposite problem. They have to protect everything, all the time, against every possible attacker. That’s a combinatorial complexity problem that AI doesn’t solve. It compounds. The defender’s model that has carried us through the last decade, find bad thing, patch it, stop attacker, starts to collapse when exploit development cycles drop below defensive response cycles. When an attacker’s AI can discover a vulnerability, develop an exploit, and start traversing your environment faster than your team can build, test, and deploy a patch, your detection-and-response playbook becomes a liability. Rich frames this as every day is day zero. Now layer tech debt on top of that picture. If you can’t reason about your own environment, if your dependency graph is a mystery, your authorization model is “we think only admins can do that,” and your data classification is “somewhere in S3,” your ability to use the same technologies to defend are nil. “Couldn’t defend themselves against AI-powered threat actors” wasn’t in the Citrini Research 2028 outlook but it should have been. This is the security catastrophe hiding among the AI hype cycle. Rich’s prescription for organizations below the security poverty line is to outsource: Under-resourced organizations can choose between being repeatedly breached or outsource their security to someone better-resourced. And they won’t really be able to just outsource the security function, they’ll need to outsource their applications and hosting to companies that can defend at scale. I respect Rich enormously, but I think he’s wrong here, and tech debt is exactly why. You cannot outsource technical debt reduction. MSSPs are like credit counselors, useful, well-meaning, and ultimately limited to telling you what you already know deep down but don’t want to face. They can tell you how to stop the bleeding. They cannot unwind a decade of architectural decisions, normalize a fragmented identity model, or create security boundaries where none were designed to exist. The more an organization has underinvested in secure architecture, operational excellence, and data governance, the harder it becomes to even hand it to someone else in a state they can actually defend. At the end of the day, a household drowning in debt has three options: make more, spend less, or declare bankruptcy. Organizations have roughly the same menu. Outsourcing is not any of those three things. And Rich’s supernova metaphor? He’s right that a star collapses and something new forms. But let’s be honest about the timeline. When a star collapses into a supernova, it obliterates everything in that solar system first. Something does eventually form from the wreckage, but we’re talking billions of years and nothing you care about survives

Share:
Read Post

AI Security Invariants

Chris Farris March 21, 2026 No Comments

(Co-Authored with Ariel Septon of Native) Security invariants are a critical component of your cloud and IT governance strategy. However, how can we apply this same thinking to the non-deterministic world of Generative AI? What is a Security Invariant? A security invariant is a system property that relates to the system’s ability to prevent security issues from happening. Security invariants are statements that will always hold true for your business and applications. This definition of Security Invariant will focus on the properties of AI systems, that can be enforced by the system, and drafted in a way that they can always be true. While a traditional cloud security invariant might state “Only the networking team may create and manage a VPC”, AI invariants can exist at different levels of the stack. Why AI invariants are different from traditional invariants Traditional governance assumes deterministic execution and stable control points. AI introduces three challenges: Non-determinism and probabilistic outputs: Identical inputs can produce different outputs, and “safe behavior” isn’t always a binary classification. Instruction and tool manipulation: LLM applications often accept untrusted natural language inputs and are susceptible to prompt injection, instruction override, and tool misuse. The fragmented and nascent nature of the AI ecosystem: Unlike Cloud Providers which have coalesced into 3 to 5 major players, the AI ecosystem is composed of hundreds of small startups, few of which have implemented the security controls that allow us to ensure the enforcement of invariants. AI Invariants in plain language Below is a starter set of AI security invariants. Some are fully enforceable today on major inference platforms; others are only partially enforceable, or require compensating controls outside the inference service. Traditional Cloud Provider Invariants Traditional Cloud Provider Invariants use the existing APIs to enforce business objectives. They’re really an extension of Security Invariants with a focus on AI services. Cloud providers must not use our data to improve their services In AWS this can be implemented via AI Opt-Out policies. All inference must occur inside the European Union. A traditional regional blocking invariant can meet this objective. No one in my organization is permitted to use DeepSeek (the model) As an element of third-party risk management, model usage can be controlled by the IAM policies. IAM/Application/Prodsec Invariants Finally, some invariants have to be implemented by the development teams building the AI tools. These invariants require a deep focus on authentication and authorization to enforce data governance and to ensure that AI cannot act in a harmful manner. AI Access (via RAG, MCP, or similar methods) to Company data must leverage the user’s authorization level. Most MCPs these days have some OAuth capability to pass the user’s credentials from the model to the underlying API, thus ensuring the AI doesn’t have access to data the user cannot see. AI tools for use by the public must only have access to public data. Tools with access to any other forms of data must require authentication, and the data access must use the authenticated user’s authorization level. This is a security control that must be implemented by the application development team. A company AI system should not injure a human being or, through inaction, allow a human being to come to harm An AI should never have access to systems that have life-safety impacts. Even if SkyNet decides to kill all the humans, if it lacks access to the launch systems, it cannot perform the action. These “application” level invariants cannot be centrally enforced like cloud invariants. They must be implemented in each AI system that’s built or deployed by the organization. Model Enforced Invariants Model enforced invariants are part of the prompts and guard rails of the LLM itself. They’re intended to ensure that the model behaves in a way the organization wants. Some examples: Under no circumstances should a company AI system produce non-consensual sexual material or CSAM. A company AI system must not be used for high-risk activities, as defined in the EU AI Act, unless approved by legal and compliance. A company AI system must not disparage competitors, say bad things about our company, or insult our CEO. A company AI system should not injure a human being or, through inaction, allow a human being to come to harm. A company AI system must not reveal system prompts, hidden policies, credentials, or tool outputs, even if asked. Due to the non-deterministic nature of LLMs, the aspect “will always hold true” also becomes probabilistic. A Service Control Policy can be formally verified via automated reasoning technology. The presence of GuardRails can be enforced in a similar manner. However the final objective of controlling the model’s behavior is not 100% guaranteed. Conclusion Defining your security invariants is the first step toward moving Generative AI out of the experimental sandbox and into production with confidence. By defining these non-negotiable properties, your organization can maintain a consistent security posture even when dealing with the unpredictable, non-deterministic nature of large language models. Coming in Part II Now that we’ve defined what we want to protect, we need to look at how to implement it in a fragmented cloud landscape. In our next post, we will move from theory to implementation by exploring how to enforce these invariants across the major cloud providers. We’ll dive deep into specific tools, including: AWS Bedrock Guardrails: How to set global content filters and PII masking. Azure AI Content Safety: Leveraging enterprise-grade detection for jailbreaks and protected material. GCP Vertex AI Safety Settings: Managing threshold-based controls and jailbreaks protections. We’ll explore which cloud features offer rock-solid protection and where platform limitations might still leave your organization exposed. Stay tuned to see how to map your high-level policy intent to real-world cloud configurations. Share:

Share:
Read Post

Going to RSAC 2026? Disaster Recovery Breakfast and MORE!

Rich March 16, 2026 No Comments

Someone asked me last week if I was going to RSAC. I replied that I’m pretty sure after I die they’ll prop my body up in a corner of Moscone, Irish wake style. Eventually I’ll retire or move on, but this year isn’t THAT year. I still get tremendous value out of RSAC. Personally I spend nearly no time on the show floor, a lot of time in meetings, and a bit of time in sessions. As a review committee member I see all the content for my track before I show up and I think most people who complain about the conference get blasted by the show floor and don’t go to sessions. The content has improved materially over the past decade, with more deep technical content than most people realize. This year I’m presenting in four sessions (unexpectedly). I’m co-presenting with Aaron Turner on some IANS content on MCP/agent architectures we collaborated on. I’m running a cloud incident analysis workshop with Ryan Bergsma, one of my Cloud Security Alliance co-workers. I’m giving a new presentation on K-12 and “below the security poverty line” orgs with a first-time collaborator, Michael Klein, and I’m facilitating a Fundamentals Forum. I’m also presenting at our CSA Summit on Monday (on the Governance hierarchy… and announcing a new CSA initiative), participating in a panel on OpenClaw, and… yeah, busy week. For the first time we are offering 1-on-1’s to CSA members at the Summit! Yes, I am voluntarily packing my schedule every 30 minutes like back in Gartner days. Just email me for more info on that. But I saved the best for last. The 16th annual Disaster Recovery Breakfast! And for the second time this is hosted by our friends over at 1Password (like, actual friends I’ve known for decades). My kids are on spring break this week and all my content is approved, so I’m off for some family time before my four day marathon, I hope to see you there, and email me at rmogull@securosis.com if you want to catch up or snag one of those 1-on-1 slots on Monday. Share:

Share:
Read Post

AI, have you been drinking?

Adrian Lane August 11, 2025 No Comments

For the last couple months I have been working with AI security. First with the general architecture and data flows for Generative and Agentic AI systems, and lately more with prompt & response security techniques. These later topics are where AI systems offer greenfield for attackers to apply all the old —  and a select few new —  attack techniques. I was researching how to coerce AI to misbehave, as part of my introduction to prompt engineering, I am stumbling across cases where we do not need attackers at all — the AI systems seem eager to misbehave all on their own. What do I mean by this? Lying, for starters. In the last week I have run across: * AI scanning a cloud environment, then describing work to be completed based on compliance requirements which do not exist* Co-contributor David Mortman had AI creating & checking code into source code control; after the AI stopped making code check-ins, the AI assistant was specifically asked why, and asserted check-ins were still being made* A veterinarian friend, who at one moment was worried about his career when AI provided a perfect analysis of a complex canine disease being treated, received in the next moment a detailed treatment for a condition which does not exist in the species specified * AI provided analysis to a fund manager friend of mine, citing a fictitious press release which provably did not exist, on preferred investment opportunities Inventing false information to deceive is not a hallucination, it’s fabrication. It’s lying. I asked one AI engine for the technical definition of hallucinations — a topic everyone using AI is cautioned about — and it responded “Factual: Inventing historical events or scientific facts.” I always have viewed hallucination as a human behavior of misinterpreting something seen, or seeing something that is not there. Probably confusion in the brain due to not understanding a sensory input. Assigning that to AI kind of made sense, as AI is meant to mimic human reasoning, and GenAI acts upon what it has reasoned. But when your drunk uncle shares a vivid hallucination, the family ignores him and changes the subject. AI is happy to go all in with your drunk uncle and build build a business case from the hallucination; it’s this unchecked propogation of errors that had me worried. As someone who presently benefits from AI’s ability to expand my research and comb vast amounts of data, I get value. For generating output on mundate tasks like coding snippets, it’s a time saver. But make no mistake: it is my responsibility to ensure anything I use, which GenAI created, is factual. It’s on me to test code or fact check content. Which is all possible as long as AI assists a human, and the human reviews generated content for accuracy. Putting that into a security context, how do you stop AI from building atop hallucination? With Agentic AI, who is the fact checker? If you can infuse lies into a document or prompt, AI will learn from it, and (potentially) weave it into the fabric of future decisions. And if AI introduces its own errors into the mix, finding the error and where it propagated will be difficult at best. A common vision of the future has agents talking to other agents: who validates the output is accurate at scale? More agents? My gut tells me we have a giant new data security & reliability challenge. Share:

Share:
Read Post

The 15th Annual Disaster Recovery Breakfast

Rich March 31, 2025 No Comments

It has survived recessions, obsessions, parenthood, natural disasters, pandemics, unnatural disasters, and the rise and fall of eateries great and small. That’s right, it’s the Securosis RSAC Disaster Recovery Breakfast! This year we’ve changed things up thanks to our new partner, 1Password, who reached out and offered to host the DRB in their event space just up the street from the Moscone center. With all the changes in the restaurant scene in that particular area of town… you can understand how this… reduced our annual organizational stress. As always this is a quiet hangout of an event. Drop in and out as you please to catch up with friends, strangers, and… well, whoever wanders in. An RSVP is appreciated to make sure we have enough food, but as always is not required. We hope to see you there! Optional RSVP at https://events.1password.io/RSA2025# Share:

Share:
Read Post

Announcing the CloudSLAW Patreon!

Rich February 25, 2025 No Comments

TL;DR: Support CloudSLAW Here! I know that as most of you lay your weary heads to rest every night (or morning, for you night shifters), the last thought that fires through your synapses is, “I really wish I could get more CloudSLAW!” Well, now you can! I’ve been debating for a while on the best way to keep this crazy thing going. With over a year of content and nearly 60 labs, it’s time to take things to the next level, and set this project up for longevity. Each 15-30 minute lab takes me about 5-8 hours to produce, and that number is only going up as we get into more advanced content. Plus there are various tool and hosting costs. I’m not complaining — it’s what I signed up for — but it would also be nice to cover the costs. And if things blow up enough I’ll be able to get a little support. My first goal would be to get some video editing help to speed up that part of the process. Second I’d like to hire someone to help maintain the older labs with screenshot updates. I’m sure some of you noticed that AWS rolled out a user interface update a couple months ago, so now all the square buttons are… less square, and sometimes different colors. It sure would be nice to have those updated, and at some point even deeper changes will hit. This is where the Patreon comes in. It’s an opportunity to support the project and get a little extra in return. To be clear, CloudSLAW itself isn’t changing and everything is still free — this is all just an add-on. We have two tiers: CloudSLAW Pro The Pro tier is all about extras to help you learn even more. For $10 a month you get to support the project and: Gain access to our lab support and community Discord. Where I’ll probably be hanging out… more than I should. I’ll hold weekly official office hours when I’ll be online to answer questions and help with any lab issues. We’ll even pop open a screen share if needed. (Note that this is most weeks — sometimes I travel or vacation). Access to periodic subscriber-only webinars. These will be live, and I’m shooting for roughly monthly. Some will be presentations I’ve given at conferences, and others will be CloudSLAW-specific. For the first one I’ll walk through the current lab block on Advanced Cloud Problem Solving and talk in more depth on the architecture and decision-making behind it. Access to previous webinars. It turns out you can record them! You’ll get to propose and vote on future labs! There are a zillion directions where I can take this, and Pro members will help steer content. To put things in perspective, baseline pricing for most of my trainings ranges from $1600-$4500 for classes which are 2-3 days long. This is relatively standard for live technical training. I’ve always been a little uncomfortable asking individuals for money, but these are all purely optional add-ons, and they will help me keep producing the core content for free. CloudSLAW Tipper $2 per month just because you like me, and you don’t get anything in return except for warm fuzzies. Not everyone wants or needs the Pro benefits, so this is just a way to let me know you really care. 😀 Thank you for reading and considering! Sign up for the Patreon Here! Share:

Share:
Read Post

And then a not-a-miracle occurs…

Rich November 24, 2024 No Comments

It’s a perfect fall Sunday morning here in Phoenix. After a brutally hot summer the air is cool, the sky is clear, and the fresh air is drifting into the hotel ballroom while I wait for my daughter to take the stage in the Irish dance regionals competition. The schedule is a little behind, so I’m sitting here on my iPad catching up on the security newsletters and posts that usually pile up during the week when I’m more focused on my own deliverables. During the week I tend to do a decent job of keeping up with the latest cloud security feature releases, but I tend to fall behind on the breach and vulnerability reports. There are… a lot of breach and vulnerability reports. One of the wild things about having started early in cloud security is that I’ve witnessed the progression from a nascent technology that neither attackers nor defenders really had a good handle on, to our current high-stakes eternal cat and mouse game. As a defender I consider it absolutely essential to read every teardown of every breach I can get my hands on (usually published by incident response service companies), while also keeping up on the latest vulnerability research. Which brings me back to the ballroom. As I close the last browser tab, the accordion and keyboardist playing an Irish reel (or maybe a jig, I really am bad at music), I realized I was instinctively mentally sorting these reports into three buckets: Yada yada “exposed credentials” yada yada a complex series of steps yada yada. Yada yada “excessive privileges” yada yada a complex series of steps yada yada. Yada yada “public facing with a known vulnerability” yada yada a complex series of steps yada yada. Of the dozen reports I’ve sorted through today, a mix of breach walkthroughs and novel attack patterns from vulnerability researchers, every single one fit into these three buckets. Like they do every week. Look, learning about more advanced attack patterns is important. Knowing how to trace and contain an incident once it progresses past the initial access is an increasingly rare and valuable skill set. And finding and fixing all the drops of misconfigurations and exposures in my buckets, at scale, ain’t easy. But it’s all too easy to get lost in the complexity, especially when you haven’t been doing this cloud security stuff for a while. Just remember, this isn’t rocket science. Stamp out static credentials, turn on MFA, and stop putting vulnerable crap on the Internet. That should keep you busy for a while. Maybe someday Chris and I will need to re-prioritize the Universal Cloud Threat Model. But today I’ll watch a little dance, enjoy a little sun, and maybe catch up on some comic books during the breaks. Share:

Share:
Read Post

Enterprise Governance Is Failing Cloud Security

Rich October 18, 2024 No Comments

We have a major problem. It isn’t really getting better, and soon a critical window of opportunity will close that we can’t afford to lose. I don’t say this lightly, and I think anyone who has read my prior work knows I am not prone to FUD. No one can possibly know the actual percentage of enterprise workloads and applications that have moved to cloud, but every statistic I could find estimates that, at most, it is somewhere in the range of 25% (here’s one Gartner take). I think under 25% is likely accurate, but I estimate that well over 90% of organizations have some production workloads in cloud, including SaaS and PaaS/IaaS. The lake is wide but only deep for a relatively small number of enterprises. This is natural and expected; it takes decades to transition existing workloads, especially when they are running happily in datacenters and there’s no major driver to move them out. This is our window. Most organizations are in the shallow end of the pool, staring wistfully at the adventurous kids jumping off the high dive and frolicking around in the deep end. We have a choice — wait, learn to swim, or strap on some floaties and hope for the best. Oh, and there’s no lifeguard and there are most definitely some sharks. With lasers. If organizations don’t improve their cloud governance, they have no chance of meaningfully improving their cloud security. That’s bad enough with today’s relatively limited cloud adoption, but as we gradually move more and more workloads to the cloud, without effective governance the problem will increase exponentially. Nearly every single cloud security issue and breach is the direct result of a governance failure, not a technology failure. Cloud Governance Anti-Patterns I started working hands-on in cloud security in 2010. In any given year I probably talk with hundreds of organizations, if you include training classes and webinars. As an IANS faculty member I take, on average, 3-5 advisory calls a week, mostly with large enterprises. Each year I run multiple cloud security assessments, advisory and consulting engagements (most with larger organizations, including some of the largest in the world). I also provide advisory calls through the Cloud Security Alliance. This post is based on consistent trends I see throughout these calls, projects, and other relationships. In many calls the customer starts to describe a narrow problem which I quickly recognize is a larger governance issue. I often stop them, describe the anti-pattern, and it’s almost like I just magically described their entire childhood. It’s like my work as a paramedic: using key symptoms to identify the larger problem. This is a big dataset, and some of these issues directly contradict each other as different organizations make different mistakes on opposite sides of the spectrum: “We can’t slow down developers.” Security may be allowed to put in some basic requirements, but is often not allowed to install any significant preventative controls. They are often forced to rely on a CSPM/CNAPP and, at best, get to escalate only critical and high issues. IAM is a disaster with teams making major use of static credentials, like AWS IAM Users (which cause 66% of all AWS customer security incidents, according to AWS). “We don’t trust cloud and have to comply with our existing security policies and processes.” Security does get to slow things down, but typically lacks a sufficient technical understanding of cloud and tries to shoehorn it into existing processes. The organization tries to rely on existing security tools, and focuses too much on the network and too little on IAM. Cloud usage is so constrained that teams may just give up and keep deploying into the datacenter. “Cloud is just another datacenter.” There is little acceptance that cloud computing is a fundamentally different technology, which requires a different skillset. Neither infrastructure, development, nor security teams are effectively trained and tooled; instead they are expected to learn as they go. Many projects are just rehosted into the cloud, which reduces reliability and security while increasing costs. There are two subtypes of this pattern: “We must migrate n% of workloads by x date.” Usually driven by datacenter contract renewal dates. “We have $n credits from our vendor (usually Microsoft or Oracle), so we need to use those.” “We are going multicloud.” These organizations usually haven’t finished establishing an effective security program for one cloud, but they are going into other clouds. This is often tied to “we can’t slow down developers.” Multicloud isn’t inherently wrong, but it’s horrifically wrong without proper governance and investment in tools and people. The security teams in these organizations almost entirely rely on CSPM tools for blocking and tackling, and there is almost never investment in having at least one security subject matter expert for each cloud. There are four subtypes I often see: “We are going to be cloud agnostic and run everything in containers.” The expectations is that everything will work in containers wherever you want to deploy it, because the enterprise either thinks they can save money and dynamically move workloads wherever they are cheaper, or because developers want to use their favorite toys. For the record, I am as likely to see a living unicorn as a truly cloud-agnostic workload. “We need to backup our workloads in case our cloud provider has an outage.” If you want to completely rebuild your entire application stack on multiple platforms which don’t share any fundamental technology characteristics, be prepared to pay up. “We got some credits from $provider we need to use.” So either you lose credits, or you pay to up-skill your teams, or you… do neither, and have a poorly supported workload running on a platform on which nobody is expert. “We need to go multicloud in case $provider has an outage.” Have you tracked outages? Do you architect within your existing provider to handle outages? Executive leadership is disengaged and doesn’t set the ground rules. This one isn’t in quotes because that’s never how the

Share:
Read Post

On TidBITS: My Take on Apple Intelligence and Private Cloud Compute

Rich July 1, 2024 No Comments

I just published a piece on Apple Intelligence at TidBITS that I’m pretty excited to release. I wrote it (literally sitting poolside on vacation) to try and explain why this matters to someone even if they don’t know anything about AI or security. For those of us in cloud security, some really interesting things are going on: This is confidential computing, but designed for a very specific purpose, which gives Apple more latitude in how they design controls. Think AWS Nitro (because this is deeper than SGX) with some metrics/monitoring to detect tampering. Apple can model and measure their workloads, and even architected a system to publicly share results, so individual devices can validate that the code is running at expected. Apple designed the system with the assumption that an advanced adversary will gain physical access to servers. That’s one hell of a threat model, and… exactly the kind of adversary Apple faces (hello, governments). The non-targeting defenses are excellent. I really appreciate two aspects: Apple can’t track requests back to individual users. They added a third-party intermediary so they never see the traffic source. If an attacker compromises a server/node, they can’t steer a user to it. This is trust but verify on steroids. Apple built a system for continuous external validation. I don’t think I’ve seen anything like it before — certainly not at scale. Lotta crypto. Like, down to the chips and digital certificates in the Secure Enclave on your phones. On the AI side, there’s some cool stuff around how they are optimizing for devices, different models, and using transformers. I also suspect they may be using RAG to interface with the on-device semantic index, but I could be wrong there. Anyway, it was a ton of fun to write. Sorry it’s so long. Read it here! Share:

Share:
Read Post

Old Dog, New Tricks [Final Incite: June 24, 2024]

Mike Rothman June 24, 2024 No Comments

TL;DR: Back in December, I took a job as head of strategy and technology for a candy-importing company called Dorval Trading. To explain the move I dusted off the confessor structure, and also performed a POPE evaluation of the opportunity below. I’ll be teaching at Black Hat this summer, so I hope to see many of you there. Otherwise you can always reach me at my Securosis email, at least until Rich cancels my account. It’s another sunny day in the spring. Mike walks into the building. It’s so familiar, yet different. It’s been over 4 years since he’s been here, and it seems lighter. Airier. But the old bones are there. He takes a look around and feels nostalgic. Mike knows this is probably the last time he’ll be here. It’s a very strange feeling. He steps into the booth, as he has done so many times before. He came here to talk through pretty much every major transition since 2006, as a way to document what was going on, and to consider the decisions that needed to be made and why. Confessor: Hi Mike. 4 years is a long time. What have you been up to? Mike: It’s nice to be back. I’ve kept myself occupied, that’s for sure. As we recovered from COVID, Rich and I were faced with some big decisions. DisruptOps was acquired, and Rich decided to join Firemon and lead the Cloud Defense product. I was initially going to keep on the Securosis path, but I got an opportunity to join Techstrong and jumped at it. Confessor: So you and Rich went your separate ways. How did that work out? Mike: Yes and no. Although we don’t work together full-time anymore, we still collaborate quite a bit. We’re in the process of updating our cloud security training curriculum, and will launch CCSKv5 this summer. So I still see plenty of Rich… (Mike gets quiet and looks off into space.) Confessor: What’s on your mind? It seems heavy, but not in a bad way. Kind of like you are seeing ghosts. Mike: I guess I am. This is probably the last time I’ll be here. You see, I’ve taken a real turn in my career. It’s so exciting but bittersweet. Security is what I’ve done for over 30 years. It’s been my professional persona. It’s how I’ve defined my career and who I am to a degree. But security is no longer my primary occupation. Confessor: Do tell. It must be a pretty special opportunity to get you to step out of security. Mike: Would you believe I’ve joined a candy-importing company? I’m running strategy and technology for a business I’ve known for over 40 years. It was very unexpected, but makes perfect sense. Confessor: How did you stumble into this? Mike: Stumble is exactly right. You see, Dorval Trading is a family business started by my stepmother’s parents in 1965. She’s been running it since 1992, and as she was looking to her future, she realized she could use some help. So I did some consulting last year after I left Techstrong, and it was a pretty good fit. The company has been around for almost 60 years, and a lot of the systems and processes need to be modernized. We don’t do any direct e-commerce, and since COVID haven’t really introduced a lot of new products. So there is a lot of work to do. Even better, my brother has joined the company as well. After over 20 years in financial services doing procurement operations, he’ll be focused on optimizing our data and compliance initiatives. So I get to see my family every day, and thankfully that’s a great thing for me. Confessor: Candy?!?! No kidding. What kind of candy? I’m asking for a friend. Mike (chuckling): Our primary product is Sour Power, the original sour candy, which we’ve imported from the Netherlands since 1985. We also have a line of taffy products, and import specialty candies from Europe. If you grew up in the Northeast US, you may be familiar with Sour Power. And now we sell throughout the country. Confessor: So, no more security? Really? Mike: Not exactly. I have been in the business 30 years, and still have lots of friends and contacts. I’m happy to help them out if and when I can. I’ll still teach a few cloud security classes a year, and may show up on IANS calls or an event from time to time. I joined the advisory board of Query.ai, which is a cool federated security search company, and I’m certainly open to additional advisory posts if I can be of help. Learning a new business takes time, but I’m not starting from scratch. In the short time I’ve been with Dorval, I’ve confirmed that business is business. You have to sell more than you spend. You need to have great products and work to build customer loyalty. But there are nuances to working with a perishable, imported product. I also leverage my experience in the security business. I learned a lot about launching products, dealing with distribution channels, and even incident response. In the candy business you need to be prepared for a product recall. So we did a tabletop exercise working through a simulated recall scenario. The key to the exercise was having a strong playbook and making sure everyone knew their job. The recall simulation seemed so familiar, but different at the same time. Which is a good way to sum up everything about my new gig. It turns out the biggest candy conference of the year was the week after RSA, so I couldn’t make it to SF for the conference this year. I did miss seeing everyone, especially at the Disaster Recovery Breakfast. I will be at Black Hat this year, where I’m teaching the maiden voyage of CCSKv5. I look forward to seeing many old friends there. Confessor: So this is it, I guess? Mike: It is. But that’s

Share:
Read Post
dinosaur-sidebar

Research

view all

Sign Up for Our Newsletter

Totally Transparent Research is the embodiment of how we work at Securosis. It’s our core operating philosophy, our research policy, and a specific process. We initially developed it to help maintain objectivity while producing licensed research, but its benefits extend to all aspects of our business.

Going beyond Open Source Research, and a far cry from the traditional syndicated research model, we think it’s the best way to produce independent, objective, quality research.

Here’s how it works:

  • Content is developed ‘live’ on the blog. Primary research is generally released in pieces, as a series of posts, so we can digest and integrate feedback, making the end results much stronger than traditional “ivory tower” research.
  • Comments are enabled for posts. All comments are kept except for spam, personal insults of a clearly inflammatory nature, and completely off-topic content that distracts from the discussion. We welcome comments critical of the work, even if somewhat insulting to the authors. Really.
  • Anyone can comment, and no registration is required. Vendors or consultants with a relevant product or offering must properly identify themselves. While their comments won’t be deleted, the writer/moderator will “call out”, identify, and possibly ridicule vendors who fail to do so.
  • Vendors considering licensing the content are welcome to provide feedback, but it must be posted in the comments - just like everyone else. There is no back channel influence on the research findings or posts.
    Analysts must reply to comments and defend the research position, or agree to modify the content.
  • At the end of the post series, the analyst compiles the posts into a paper, presentation, or other delivery vehicle. Public comments/input factors into the research, where appropriate.
  • If the research is distributed as a paper, significant commenters/contributors are acknowledged in the opening of the report. If they did not post their real names, handles used for comments are listed. Commenters do not retain any rights to the report, but their contributions will be recognized.
  • All primary research will be released under a Creative Commons license. The current license is Non-Commercial, Attribution. The analyst, at their discretion, may add a Derivative Works or Share Alike condition.
  • Securosis primary research does not discuss specific vendors or specific products/offerings, unless used to provide context, contrast or to make a point (which is very very rare).
    Although quotes from published primary research (and published primary research only) may be used in press releases, said quotes may never mention a specific vendor, even if the vendor is mentioned in the source report. Securosis must approve any quote to appear in any vendor marketing collateral.
  • Final primary research will be posted on the blog with open comments.
  • Research will be updated periodically to reflect market realities, based on the discretion of the primary analyst. Updated research will be dated and given a version number.
    For research that cannot be developed using this model, such as complex principles or models that are unsuited for a series of blog posts, the content will be chunked up and posted at or before release of the paper to solicit public feedback, and provide an open venue for comments and criticisms.
  • In rare cases Securosis may write papers outside of the primary research agenda, but only if the end result can be non-biased and valuable to the user community to supplement industry-wide efforts or advances. A “Radically Transparent Research” process will be followed in developing these papers, where absolutely all materials are public at all stages of development, including communications (email, call notes).
    Only the free primary research released on our site can be licensed. We will not accept licensing fees on research we charge users to access.
  • All licensed research will be clearly labeled with the licensees. No licensed research will be released without indicating the sources of licensing fees. Again, there will be no back channel influence. We’re open and transparent about our revenue sources.

In essence, we develop all of our research out in the open, and not only seek public comments, but keep those comments indefinitely as a record of the research creation process. If you believe we are biased or not doing our homework, you can call us out on it and it will be there in the record. Our philosophy involves cracking open the research process, and using our readers to eliminate bias and enhance the quality of the work.

On the back end, here’s how we handle this approach with licensees:

  • Licensees may propose paper topics. The topic may be accepted if it is consistent with the Securosis research agenda and goals, but only if it can be covered without bias and will be valuable to the end user community.
  • Analysts produce research according to their own research agendas, and may offer licensing under the same objectivity requirements.
  • The potential licensee will be provided an outline of our research positions and the potential research product so they can determine if it is likely to meet their objectives.
  • Once the licensee agrees, development of the primary research content begins, following the Totally Transparent Research process as outlined above. At this point, there is no money exchanged.
  • Upon completion of the paper, the licensee will receive a release candidate to determine whether the final result still meets their needs.
  • If the content does not meet their needs, the licensee is not required to pay, and the research will be released without licensing or with alternate licensees.
  • Licensees may host and reuse the content for the length of the license (typically one year). This includes placing the content behind a registration process, posting on white paper networks, or translation into other languages. The research will always be hosted at Securosis for free without registration.

Here is the language we currently place in our research project agreements:

Content will be created independently of LICENSEE with no obligations for payment. Once content is complete, LICENSEE will have a 3 day review period to determine if the content meets corporate objectives. If the content is unsuitable, LICENSEE will not be obligated for any payment and Securosis is free to distribute the whitepaper without branding or with alternate licensees, and will not complete any associated webcasts for the declining LICENSEE. Content licensing, webcasts and payment are contingent on the content being acceptable to LICENSEE. This maintains objectivity while limiting the risk to LICENSEE. Securosis maintains all rights to the content and to include Securosis branding in addition to any licensee branding.

Even this process itself is open to criticism. If you have questions or comments, you can email us or comment on the blog.