In case you missed it, put a reminder in your calendar for Hackers on the Hill DC on January 9, 2025 (the day before Shmoocon begins).

And look for more details on related international events later this year....

Bridge the gap between cybersecurity researchers and policymakers. Details and registration links to come, watch this space.

Participants in the all-volunteer event (run by I Am The Cavalry) have briefed dozens of Congressional offices on key issues facing policymakers like security researcher rights, encryption backdoors, supply chain resilience, disrupting ransomware, and (of course) AI.

So if you’re a technical cybersecurity practitioner or researcher who wants to engage in public policy dialogs (whether you’ve had experience before or not), save the date and sign up for our email notifications at https://hackersonthehill.org

#HackersOnTheHill #Cybersecurity #CyberPolicy #Shmoocon

@JulianWieg it's a good question. I know the person in charge was looking to solicit input for an update but then got reorged into a different division. Maybe ask on the former bird site and CC CISA/CISAJen?

Also, what updates would YOU add?

The National Cyber Strategy is finally out. https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf Congrats to Kemba Walden and her team. It was an amazing opportunity play just a small part in the feedback process and I look forward to working together in building this out.
@beauwoods sums everything nicely in his thread over on the birdsite: https://twitter.com/beauwoods/status/1631285555106308097?s=46&t=EnrHknxLpOXHo8Zrrx3V5g

Here I come Paris! Going to the #OECD Global Forum on Digital Security for Prosperity.

I’ll be on two panels, one is

- “Building bridges between the security research and policy communities.”

And the other will be

- “Policy-making in security: Effectively working with security agencies across emerging technologies”

Both topics I care about so it should be a good conversation.

@beauwoods, Chris Painter, and many others will be there as well. Looking forward to catching up with everyone.

@DavidJBianco Wow I feel old. I still think of this as fairly new. 😬

Exactly 10 years ago today, I first published the #PyramidOfPain. I can hardly believe it's been a whole decade. I'm so lucky that my work has resonated with the security community. Thank you all for your support!

https://bit.ly/PyramidOfPain

Looks like Congress may do more this session to help improve healthcare cybersecurity. Members rarely make this much noise¹ unless they're planning something fairly large.

My top list includes ways to address hospital Ransomware,² help hospitals avoid CISA Bad Practices,³ modernize outdated IT infrastructure, and getting medical devices recalled for security issues out of hospitals.
__
¹ https://healthitsecurity.com/features/amp/how-sen-warner-aims-to-mitigate-healthcare-cybersecurity-risks-through-legislation
² https://jamanetwork.com/journals/jama-health-forum/fullarticle/2799961 (which vastly underestimated the problem)
³ https://cisa.gov/BadPractices

Fifty hackers signed up for #HackersOnTheHill January 19, 2023 in DC. Still some room left for more to join! Sign up and/or pass the word to others who might want to join! https://hackersonthehill.org

This NY Times op-ed arguing against the existence of Signal reads like it was created by ChatGPT based on a prompt written by an FBI intern: https://www.nytimes.com/2022/12/28/opinion/jack-dorseys-twitter-signal-privacy.html?smid=nytcore-ios-share&referringSource=articleShare

@sc00bz @epixoip @KeeperSecurity folks considering Keeper as a password manager should be aware of their litigious history with the security community: https://www.techdirt.com/2018/03/09/keeper-security-reminds-everyone-why-you-shouldnt-use-it-doubles-down-suing-journalist/

They have a bug bounty now (https://bugcrowd.com/keepersecurity ) but it does not allow researchers to disclose bugs (see “Disclosure” section) which to me represents a failure to engage with the security community. No amount of acronym certifications will make that ok for such a critical piece of security infrastructure.

@maggiesmithcybr Happy to have you!

@ItsCryptic Sure, join us!

Fifty hackers signed up for #HackersOnTheHill January 19, 2023 in DC. Still some room left for more to join! Sign up and/or pass the word to others who might want to join! https://hackersonthehill.org

@todb Bummer. Spread the word!

@ncweaver @gudenau @TrexPushups Won't anyone PLEASE think of the profits <clutches pearls and wrongs hands>

@ncweaver @gudenau Wouldn't it be easier to just, like, read a textbook about why financial regulations exist instead of swindling billions of dollars from people?

Well, it looks like I was too lazy to come up with my own cyber policy and infosec predictions for 2023 so I just used ChatGPT to spit out some generic ones. And let's be real, most of these other predictions look like they were written by a machine too. #infosec #predictions #lazy #ChatGPT #cybersecurity

Also, ChatGPT wrote this toot.

Coming in to DC for #shmoocon? Join us for #HackersOnTheHill as well, where you can brief a Congressional staffer. Sign ups are now LIVE! https://hackersonthehill.org