26th edition of the Identity Jedi Newsletter

Wednesday, 3/8/23 - Identity Jedi Newsletter - Subscribe

Hey Jedi welcome to the 26th edition of the Identity Jedi Newsletter!

Much to ado about the release of the National Cybersecurity Strategy last week, but unlike most of the people who gave it a quick glance and posted a hot take, I wanted to take my time and read through the entire document before responding. Also gives me great content for this week’s newsletter, right!? So I’ll give me a synopsis below and a full detailed breakdown in the Jedi Council section.

This week we welcome another Guest Writer to the Identity Jedi Universe, Mr. Amar Rama! ( Play the applause soundtrack in your head) He drops by to give his thoughts on ChatGPT.

Don’t forget to share the newsletter with your loved ones! What better gift then some Identity Jedi Goodness in their inbox? You can check out the rewards levels here.

Let’s Get to the Good Stuff!

• National Cyber Security Strategy

• ChatGPT and Identity

• Said Good Stuff 3

• They got Chick-fil-A!

National Cyber Security Strategy

Last week the White House lit cybersecurity professionals all a glow with the release of the National Cyber Security Strategy. Like most government initiatives, it’s a high-level plan of what they would like to accomplish over the next decade in cybersecurity. For those of us who love this field, it’s no too bad of a read. I’ve read worse….a LOT worse. It definitely has some government code words in there for ( we are going to say this because we have too, but have have no fucking clue how we will pull it off), but for the most part, it’s a solid strategy. What concerns me the most is the length of time for this plan and the timing. Look not trying to turn this into a political discussion at all, but presidential terms don’t last forever, and it seems we are more divided as a nation right now than ever before. So while I applaud some of the stances being outlined in this document,a majority of them are going to be started and funded by one Administration and then possibly passed off to another to continue. That’s like making a ten-year plan to renovate your house and then you sell it three years into that plan. Not really sure the new buyers may like your idea of a walk-in jacuzzi shower. Just saying.

But I digress. The strategy was broken down into five pillars

• Defend Critical Infrastructure

• Disrupt and Dismantle Threat Actors

• Shape Market Forces to Drive Security

• Invest In A Resilient Future

• Forge International Partnerships to Pursue Shared Goals

Said slightly differently

• Retire the mainframe systems running our utilities

• Stop China

• Tell AWS their shared responsibility model ploy is full of shit

• We don’t really know what Quantum means but know we need to do something

• Ask the rest of the world to help us stop China

My biggest takeaways

Pillar three discusses shaping the market and holding software vendors and service providers accountable. Working with Congress and the private sector to develop legislation to hold companies responsible. I’m very interested to see how this pans out and to what level this legislation will go.

Pillar four discusses developing a national strategy to strengthen the cyber workforce, both by helping to fill positions and introducing diversity in the workforce. A huge problem we’ve had for a while and again I’m interested to see what will be attempted at a federal level to address this.

Pillar four also talks about developing a digital identity ecosystem and initiatives to invest in verifiable digital identities. Pretty high-level stuff here, it talks about building on the NIST-led research authorized in the CHIPS and Science act, but I would have liked to see more here.

CHATGPT and Identity ( Guest post by Amar Rama)

ChatGPT is upon us. I have been approaching it with anxiety. In fact, I started writing this article with a very opinionated point of view. ( disclosure: I am a product manager, so being opinionated is normal)

But, the more I understand it, the more I struggle to hold on to my original premise.

As I watched this video unfold on my laptop screen, my emotion shifted from anxiety to excitement. This reminds me of the hot research areas in Computer Science in the ’80s and ’90s. 4GL and 5GL. Programming by intent instead of by writing algorithms using procedural or functional code. It never really manifested. The best we got was drag-n-drop no-code pipelines and template-based workflow tools.

It is now real!

Not the Chicken Sandwich…WHYYYY!!

The saddest news I’m delivering this week…..Chick-fil-A has suffered a data breach, potentially compromising customers' credit card information. The fast-food chain discovered the breach in December 2022 and has been working with cybersecurity experts and law enforcement to investigate the issue. ( For my international Jedi, or those that just don’t have Chick-Fil-A in their city. It’s basically cocaine mixed with heroin in a Chicken Sandwich)

The Last Word

This has finally gone to far. I might be able to forgive Experian, Chase, OPM, T-Mobile, but when you mess with Chick-Fil-A. That’s where I draw the line. Something has to be done about this!!

How many more times will we hear about these data breaches before we start to take this seriously? Before we make the proper investments, time, and money into creating a secure user environment? News flash, security is a one going event. It’s not just a one-time purchase of a software product and rollout. It’s about constantly reviewing your strategy and mitigating as much risk as possible.

Sigh…

One day we’ll figure it out. Until then, long live Chick-Fil-A

Be Good to each other, Be Kind to each other, Love each other

-Identity Jedi

The JEDI COUNCIL

Deep Dive into the National Cybersecurity Strategy

Ok so 39 pages later, and this strategy does not convince me. Don’t get me wrong, I agree with the principles laid out in the strategy; I’m just not confident in the implementation and execution of them. I highly recommend you give it a read for yourself, but in the meantime here’s my thoughts

Subscribe to Identity Jedi Newsletter to read the rest.