Iccha Sethi, Vice President of Engineering at Vanta – Interview Series

New Post has been published on https://thedigitalinsider.com/iccha-sethi-vice-president-of-engineering-at-vanta-interview-series/

Iccha Sethi, Vice President of Engineering at Vanta – Interview Series

Iccha Sethi is Vice President of Engineering at Vanta, the leading Trust Management Platform, where she leads initiatives focused on enhancing security and compliance automation. Previously, she was an engineering leader at GitHub where she oversaw a multi-product portfolio including Actions, Hosted Runners, Codespaces, Packages, Pages, and npm. Iccha has also held principal engineering roles across a range of companies, large and small, including InVision, Atlassian and Rackspace.

What attracted you to the role of VP of Engineering Management at Vanta?

The company’s unwavering commitment to its mission. Our CEO Christina Cacioppo founded Vanta with the goal of securing the internet and protecting consumer data, and from Day One, she has stayed true to this vision.

The platform she has built is indispensable for over 8,000 emerging businesses and large enterprises, ensuring data security and promoting trust. 

Having personally experienced the challenges of navigating regulations like GDPR as Principal engineer at Atlassian and obtaining a SOC 2 attestation as engineering leader at GitHub, I understand firsthand how painful and complex these processes can be. Vanta is addressing a real problem, making compliance more manageable and cost-effective for businesses.

How has your experience at GitHub influenced your approach to engineering at Vanta?

My experience at GitHub has greatly shaped my approach to engineering at Vanta. At GitHub, I managed a diverse portfolio of products like Actions, Codespaces, Packages, Pages, and npm, each at different stages of maturity. For example, Codespaces was in its early market fit phase, while Actions was experiencing rapid user growth. This taught me how to tailor my strategies to suit the unique needs of products at various stages of their journey.

As Vanta continues to grow, I’m applying this experience to balance execution, innovation, and reliability, ensuring that we support our expanding business effectively. Just as at GitHub, where we focused on creating a product developers loved, at Vanta, we’re committed to building a delightful, automated experience in the security and compliance domain. This focus on user experience is especially crucial in an industry ripe for automation, where reducing manual effort and friction is key.

How do the engineering strategies differ between larger organizations like GitHub and a fast-growing startup like Vanta?

At a large company like GitHub, the engineering strategy is heavily focused on scaling, reliability, and performance due to the vast number of customers and engineers involved. This requires mature incident response processes and a strong emphasis on operational health. With more people, there’s also a significant focus on building a robust platform to ensure engineers can be productive. While building and shipping features remain important, the process is more cautious due to the wider impact of any changes.

At a fast-growing startup like Vanta, the strategy centers on balancing innovation, speed to market, and building a reliable, user-friendly product for both small and large customers. We aim to attract and retain enterprise customers, so while the importance of a good platform for rapid development is still there, we can afford to be more selective in our investments. The key is being mindful of areas where rapid iteration and fast failures are acceptable versus those where we need to establish a solid, long-term foundation.

How does Vanta utilize AI to automate critical security functions?

Security is a critical aspect of any business, whether you’re selling a product and need to address customer concerns about your security posture, or assessing vendor risks when making purchases. These processes often involve sifting through extensive documentation, like SOC 2 reports, to make informed risk determinations. 

Vanta leverages AI, particularly Large Language Models (LLMs), which are ideally suited for processing vast amounts of information and identifying the most relevant data. 

We’ve seamlessly integrated AI into our Vendor Risk Management, Trust Center, and Questionnaire Automation products, allowing our customers to save weeks of time by streamlining critical security functions. With AI at the helm, key security workflows are now faster and more efficient.

For instance, Vendor Security Reviews have become significantly quicker, with Vanta enabling security teams to analyze and extract relevant information from SOC 2 reports, DPAs, and other vendor documentation in just seconds.

Our Security Questionnaire Automation feature allows teams to instantly pull insights from a variety of sources, whether it’s their existing library, previous questionnaire responses, or newly uploaded policies and documents—all in just a few clicks.

We also use AI to suggest the most effective tests and policies for each compliance framework, transforming what was once a manual process into a streamlined, automated task.

Can you explain the role of AI-powered Questionnaire Automation in improving security review processes?

Traditionally, when selling a product, your customers send security questionnaires that can take anywhere from hours to weeks to complete.

At Vanta, we simplify this process by allowing you to upload sample questionnaires or your knowledge base. Our AI then uses LLMs to generate responses for the questionnaire, providing you with the source of information and the context behind each answer. You have the flexibility to modify, regenerate, or edit the entire response as needed.

This saves security teams significant time and allows them to focus on more productive, strategic work.

What are the benefits of doing continuous controls monitoring compared to traditional methods?

A major Vanta benefit is the ability to detect and address compliance issues before they escalate into violations, rather than rushing to fix them during an audit or at the last minute. Vanta automates this process by continuously monitoring your controls, which allows organizations to stay ahead of potential problems and maintain ongoing compliance.

With Vanta’s continuous monitoring of controls and tests, customers can stay compliant without needing to spend hours each week on manual checks. This gives Governance Risk and Compliance (GRC) and security teams the peace of mind that they’ll be alerted when any part of their program falls out of compliance, freeing up their time to focus on other more strategic aspects of their security program.

For customers evaluating a vendor, knowing that a security program is backed by Vanta’s continuous controls monitoring provides assurance that compliance isn’t a one-time checkbox at the initial audit, but is being maintained every day, hour, and minute thereafter. This marks a significant shift from traditional, point-in-time compliance to an always-on approach, offering a higher level of trust and security that works as a strategic business lever

How has Vanta’s recent $150 million Series C funding influenced its AI development and product offerings?

The recent round will enable us to double down on expanding our upmarket momentum, international markets, and advancing our AI capabilities. 

It also allows us to expand our AI team to continue meeting our customers evolving security needs with cutting-edge AI and automation.

How does Vanta integrate with other tools and platforms to provide seamless compliance and security solutions?

Vanta integrates with a wide range of tools and platforms to deliver seamless compliance and security solutions tailored to companies at different stages. 

For startups, Vanta offers a comprehensive “compliance in a box” solution, integrating with essential tools while also providing services like access review, background checks, device management, and even cyber insurance.

For larger enterprises, Vanta supports a broader and deeper set of integrations, including cloud management, vulnerability management providers, Human Resources Information System (HRIS) solutions, and procurement tools on the Vendor Risk Management (VRM) side. 

What customization options does Vanta offer to tailor security and compliance programs to specific organizational needs?

Organizations can create and monitor custom security controls that align with specific policies, ensuring their practices meet exact requirements. For those with industry-specific or internal standards, Vanta allows teams to adjust compliance frameworks accordingly. Risk assessments can also be tailored to an organization’s unique risk profile, helping teams prioritize what matters most.

Additionally, Vanta enables the design of both automated and manual workflows that seamlessly integrate with existing processes. The platform’s flexibility extends to tool integration as well, allowing for custom integrations that connect with an organization’s tech stack via API access. Custom alerts and notifications can be set up to support incident response plans, while user roles and permissions can be finely tuned to control access across teams. Finally, Vanta offers the ability to generate custom reports, ensuring that internal needs are met and stakeholders remain well-informed.

How is Vanta shaping the future of trust management in an AI-driven world?

By leveraging AI to automate compliance processes, Vanta ensures that companies can effortlessly adhere to industry standards like SOC 2 and ISO 27001. The platform also supports AI compliance with example frameworks, making it easier for organizations to meet these evolving requirements.

In terms of risk management, Vanta’s AI capabilities enable organizations to shift from a reactive to a proactive posture by identifying potential security risks before they become issues. This not only strengthens security, but also enhances overall organizational resilience.

Vanta further simplifies the often tedious process of completing security questionnaires. The platform’s AI learns from previous responses and automatically generates new, accurate answers, allowing teams to move faster and with greater precision. 

Additionally, Vanta’s AI enhances searchability, making it simple to find all the necessary information for security reviews by scanning through documentation with familiar search functionality.

Thank you for the great interview, readers who wish to learn more should visit Vanta.

Reasons To Consider Cyber Insurance Policy In California

Today’s digital world has taken over some things that were previously regarded as optional but are now seen to be mandatory. The use of personal cyber insurance has become a suitable way for California individuals and firms to shield themselves from cyber threats. This is why it is wise to invest in cyber insurance policy in California. For more information visit :- https://medium.com/@goldenerainsurance2/reasons-to-consider-cyber-insurance-policy-in-california-698f5163419b

Hire Professional HR Consultant for the Best Company Set Up Service in Dubai

An experienced and competent HR team offers the best help for the company set up in dubai. The HR team is well-versed with all the best practices and methods that support business setup. Moreover, the HR team performs other major roles efficiently.

Every company needs an HR consultant to ensure smooth performance and management. You can hire the best and most experienced HR consultant to meet your business needs at our company if you are ready to acquire the best HR consultant, why look here and there when our company provides the best assistance for the freezone company setup dubai.

Freezone company set-up is challenging work. However, if you want to set up your Freezone company and are looking for a professional HR consultant for the best assistance, Then our company is the right choice. Our HR team provides complete information and informs you about all the rules and regulations so that you do not face any legal issues in the future.

Freezone Company set in dubai is a type of business where the the business has complete foreign ownership. There is no local partner. Hence, if you want our help with the Freezone company setup in dubai, our team will provide the best service. 

There are several benefits of hiring an HR consultant for the business. It saves you from the recruitment process and also reduces your cost. Our HR consultants are well-versed with all the latest trends and business updates and ensure that they provide the best service to all clients. You can dig more about our service through our site. Contact us when you are looking for the professional assistance for the company set up dubai. 

We understand that every business has unique needs. Hence, our HR team offers tailor-made solutions and ensures all clients receive the best assistance. We provide the best assistance if you need our professional and experienced HR for management, recruitment, admin management work, or payroll. Our HR consultants are highly skilled and qualified to offer the best service. You can rely on our company every time you search for the best HR consultant for your company. 

Protect Your Business Against Cyber Threats with the Expertise of Cyber Security Insurance Companies. Visit BR Risk Group Specialty Insurance Today! 

Safeguard your business from cyber threats with BR Risk Group Specialty Insurance, one of the premier cyber security insurance companies in Boston, MA. As technology advances, so do the risks associated with cyber-attacks. Our tailored cyber liability insurance provides comprehensive coverage against data breaches, cybercrime, and financial losses. With our expertise in the field, we offer solutions that mitigate risks and protect your business's digital assets. Visit our website to learn more about our cyber security insurance options and protect your business against the landscape of cyber threats. 

Things the Biden-Harris Administration Did This Week #33

Sep 6-13 2024

President Biden marked the 30th anniversary of the passage of the Violence Against Women Act and highlighted efforts to stop gender based violence. the VAWA was written by then Senator Biden and he often talks about it as his proudest legislative victory. The act transformed how the federal government dealt with domestic violence, sexual assault, and stalking. In part because of the connection to Joe Biden, President Trump and the Republicans allowed the VAWA to expire in 2019. President Biden passed a new reauthorization, with new protections for women against cyber crime, in 2022. On the VAWA's 30th anniversary President Biden announced $690 million in grants to support survivors of gender-based violence.

President Biden and Vice-President Harris announced a new rule to force insurance companies to treat mental health care the same as medical care. The new rule takes on the use by insurance of restrictive practices like prior authorization, and out of network charges, it also closes a loophole in the law that allowed state and local government health insurance not to cover mental health.

The Biden-Harris administration announced that 50 million Americans, 1 in every 7, have gotten health insurance through Obamacare's marketplaces. Under Biden a record breaking 20.8 million enrolled this year. Since the ACA was passed by President Obama and then Vice-President Biden it has transformed American health care bring affordable coverage to millions and getting rid of "preexisting conditions". During the Presidential debate Vice-President Harris defended the ACA and the need to keep building on it. Trump after 9 years of calling for its repeal said he only had "concepts of a plan" on what to do about health care in America.

The IRS announced that it has recovered $1.3 billion in back taxes from wealthy tax dodgers. For years Republicans have tried to underfund the IRS hindering its ability to police high income tax payers. President Biden in his Inflation Reduction Act ensured that the IRS would have the money it needs to chase high income tax cheats. In February 2024 the IRS launched a program to go after over 100,000 people, making $400,000 or even over $1 million a year who have not filed taxes since 2017. The IRS also launched a program to collect from tax payers who make over $1 million a year who have uncontested debt of over $250,000. Between these two efforts the IRS has collected over a Billion Dollars in back taxes from the richest Americans, so far this year.

The Department of The Interior and White House Climate Advisor Ali Zaidi highlighted green energy efforts on public land. Highlighting two projects planned in Nevada officials talked about the 41 renewable energy projects approved on public land under the Biden-Harris Administration. These projects over 25 gigawatts of clean energy, a goal the Administration's climate plan set for the end of 2025 but met early this year. With the new projects in Nevada this is enough energy to power 12.5 million homes, and the Bureau of Land Management is another 55 utility-scale project proposals across the West.

The Department of The Interior announced $236 million to help fight forest fires and restore landscapes damaged by recent wildfires. Under President Biden's Bipartisan Infrastructure Law, the Administration has spent nearly $1.1 billion dollars to combat deadly wildfires which have over the last 10 years grown in size and intensity thanks to climate change.

The Department of The Interior announced $157 million in wetland conservation. The money is focused on protecting bird habitats. It will protect and preserve thousands of acres of wetlands across 7 states.

The US Senate approved President Biden's nominations of Adam Abelson, Jeannette Vargas, Mary Kay Lanthier, and Laura Provinzino to federal judgeships in Maryland, New York, Vermont, and Minnesota respectively. This brings the total number of federal judges appointed by President Biden to 209. When Biden entered office 318 district judges were Republican appointees and 317 Democratic, today 368 are Democratic appointments and just 267 are Republican. President Biden is the first President in history to have the majority of his appointments not be white men and he has appointed more black women to the bench than any President ever.

I work in tech support for a cyber security company offering various different products, including physical devices such as firewalls, meaning we handle returns sometimes.

The other day I received a ticket for a faulty firewall, describing in detail that half the customer's server room got fried in a storm because they have no protection from lightning in place. They asked for us to write a confirmation for his insurance that actually, it was just a hard drive failure, not the lightning he wasn't insured against. I denied the return due to our policy, we don't cover damage like this.

So what does he do? Opens a second ticket, which I happen to see while assigning tickets (I only do this every 2-3 months, pretty bad luck for him). No hint that a first ticket existed, no mention of lightning damage, just "oh my device can't detect the drive anymore". I denied this of course and made sure to not get a survey sent out to this guy that he could use to retaliate.

I still cannot believe the audacity of this guy, first trying to use us to scam his insurance, then trying to scam us. Not to mention my name was on this, he was happy to risk my job to save 15k his company likely budgeted for anyway because things break. My company is spending so much money on returns that they monitor every return and will contact managers directly over the smallest issues.

Also, just a suggestion: Don't explain your insurance fraud in writing to a tech support rep.

Posted by admin Rodney

Duck Comic Reading Club Week 7: Paperinik New Adventures: Earthquake

Ok, let's get to the point, this issue is the best one yet. An amazing story and a gorgeous art combined.

Oh God, the art. The Francesco Guerrini work here is astonishing. The use of the colors is masterful. Brilliant in every aspect.

This week story start with an earthquake on Duckburg. No major disaster occurred, except for good old uncle Scrooge.

Why do you insurance your oil rig with your own insurance company?

I mean, I got that he didn't have to pay himself the quota for the service, but now you have to pay for the damages. So, stop complaining you crazy old bird.

But One found out something fishy about the earthquakes, and is up to Donald to investigate this. Is so funny that Duckburg is Paperopoli in italian. Is better than Patolandia tho.

PK took one of the many vehicles at the Tower, and went for a ride, super hero style.

This page is a piece of beauty.

We got a new character, Mary Ann Flagstarr, a PBI agent. Tough lady.

PK had had encounters with the police, but now, he faced federal agents. My boy is not making any friends.

But, you know? A vigilante, a superhero, can't work with the authority. So, yeah, go get them PK.

Another new character, Professor Morgan Fairfax. What a nice fella, I'm sure he has never done anything wrong in his life.

One knows something is not right, they need to keep investigating. But now, is time to go back to the world of cyber space.

Another beautiful page, this issue can't miss.

But is hard to step into a federal database without anyone noticing, so they got caught. Thankfully, One was one step ahead and got himself a great scapegoat.

Oh, now you don't like spread misinformation, right jerk?

He didn't face any charge, and, to be fair, he was innocent. But, if being ugly was a crime, he would get the chair.

Back to the Professor, and he's making some really evil looking smirks. Could it be that he's not the nice guy that we though?

Also, another banger page.

PK infiltrates in the building, using some advance tech. One is a cheat code, and here's being used at his fullness.

PK had a weird Donald moment, when he stuck in the vent, fall to the ground, and got face to face with the worst security guard ever.

Hey, masked vigilante sneaked in this government facility that I supposed to be looking after. I'm gonna make some lame jokes, and then I'm gonna miss the shots less than a meter away.

Don't come in the morning pal.

You know? I'm starting to think that this guy Fairfax is not that nice.

Yeah, yeah, he's the bad guy. Trying to burn PK alive is in my Being Bad Bingo.

And yet another absolutely gorgeous page. Is amazing.

Thankfully, One and his infinite tech come to the rescue. PK also save the guard, because he's a hero.

Now, this one part was kinda weird. Agent Flagstarr has been shown trough the issue as tough, focus agent, that wants to get the job done. But, a few words of Fairfax and a gift are enough to make her dismiss orders.

Also, that face… you can't trust someone with that face…

Now we found about Fairfax plan. He wants to create a earthquake strong enough that the whole planet would change, and new land would appear.

At the cost of the entire west coast being destroyed.

The worst part? One agrees with him. What the hell man? Not cool One, not cool.

PK got in the plane and try to stop Fairfax, but Flagstarr was in his way. The agent was conflicted on what to do. Madam, help the guy who doesn't want to destroy the whole west coast. Is not that hard.

Man, the art on this issue is out of control.

PK is so cool.

Finally, One got a change of heart, if you can said that, and helped PK to stop this madness. I knew One wasn't a psychopath.

But that last image of the device at the bottom of the sea is quite unsettling.

What can I said? This was awesome. I love all the detective PK stuff, the danger was palpable, One almost got Duckburg destroy. The art was magnificent, the colors were vibrant, it looked beautiful in general.

Hands down, the best one yet.

Screw it, I'm posting SQUIP lore anyway

I just spent an hour writing the word "squip" over and over with varying capitalization nuances, so I am posting the exposition whether it is needed or not.

Okay. OKAY. ok. SO. In the pre-musical days where the Be More Chill novel was published and the internet was young and exciting, there was a tie-in website.

I lied. There were TONS of tie-in websites. They all existed in-universe and were ridiculously interconnected, and thank god for the wayback machine. Be More Chill was advertised - or as Jeremy says, "I wrote that above. I wrote Be More Chill too, with the help of my squip, under the name Ned Vizzini, which I figured was so dumb no one would think was real." The websites were linked as product testimonials or website ads (cheekily disclaimered as "Ads by Squipple").

I don't know if I can even collect all the website urls quickly without missing some but here's a spattering (with the link going to the wayback machine). Most of these websites aren't just a single page but an entire site:

Humiliationsheet.com for a list of Jeremy's daily mortification events

Squipette, a SQUIP - but pink!

Bemorechill.com, Jeremy's book website

InterSquip.com for people worried about cybersecurity - with or without a squip, take this pill and see who has one installed!

GenerationSquip.com - Sort of an unreality disclaimer that also serves as fan hype. (How do we know it's old? It suggests we "google 'squip'" and helpfully provides us with a hyperlink to the google home page.) It calls this "the squipiverse" a "100% participatory reality"

Squipped.com - a gossip rag collecting user testimonials about bad experiences with squips. It, like many of these sites, collected fan-submitted content - "Tell us about what happened to you when you came in touch with a squip! (If you don't have a story, use your imagination--we need ruthless tactics to fight the industry.)"

Squipnews.com - collecting SQUiP tips from the community in the fields of Business, Technology, SQUiP & Society, Health, and Entertainment

Iwanttobecool.org - Promoting the use of squips despite those naysayers Squipsters Against Squips. As the site poll asks: "How should we deal with anti-squip cyber-terrorists? - jail time - fines - physical dismemberment"

SQUIPusa.com - SQUIP-specific insurance which regrettably does not cover squipotomy or squipiatry, but does cover some SQUIP viruses: "SQUIPusa squipsters are now entitled to one free virtual session with an Intersquip squipnician for each week they have lost their "coolness" due to a National Squip Board-recognized virus. Valid up to six weeks"

Squipsoft.com, the parent company of squip technology. Its homepage addresses important questions like: how can you get good grades that aren't so perfect as to tip off the authorities? Use "Squipsoft School" which promises "guaranteed averages of 96.82 in every subject" except for Business Ethics or Compubiology. Or install SquipServer, which is an honest-to-god VPN ad: "Using a virtual private network (VPN) framework, this revolutionary technology turns your squip into a server capable of temporarily extending your coolness to up to three acquaintances."

CelebritySquip.com - "What percentage of American Idol finalists have squips?"

SquipWorks.com - Offering add-on tech for your squip like the MakeOut Optimizer 4.0 or the Nanolyzer (which picks up on social clues to one billionth of a meter).

SquipWorld - A more chatty experience of Squips spotted in the wild and other squip news.

Squipzophrenia.com - (I'm not endorsing the term...) - Information about the phenomenon in the novel where, if a SQUIP is turned on while the user drinks alcohol, it starts ordering them to kill people. This site has academic research on the subject and related Squip disorders. "However, [avoiding alcohol] is not a foolproof plan. Marijuana and mescaline can also cause squipzophrenia, although with the mescaline we're not sure and just think it might be the mescaline, you know?" Other squip disorders include "Loss of recognition of squip insertion i.e. 'I didn't take a pill, I'm just cool naturally!'" which can be cured via the Konami code; Squip flashbacks after a Squip is removed (which the site describes as likely false claims for the sake of "perpetuating insurance fraud"); the dangers of buying used Squips on ebay; or feeling that you can't live without your squip: "acute squipdependence. The solution is to surround yourself with calming bright plastic objects and remember that everything is fine."

Squipsters Against Squips - The notorious anti-Squip lobbying group advocating for a National Squip Registry.

Squipster - A squip-based social media platform that sadly doesn't seem to have made it to the public yet.

hi okay sorry idk if it's okay to ask this or not so,,,, i am a bit hesitant.

here's the thing - i just finished my bachelor's and I'm looking for a job in cybersecurity. BUT i don't know how to get into the industry or get an entry level job and i am soooo overwhelmed. and here on tumblr some of your posts made me think it's a field you work in.. so, could you give me some tips?

again sorry if this was inappropriate i am very out of my depth rn skdhdkh

So I don't really work in cybersecurity, I'm an office admin at an MSP, I'm not even a tech, it's just that I've been hanging out with hackers for so long that I'm our default security guy because I know the *bare ass minimum* about okay security practices.

That said, I got my job because of a friend I met at a hacker meetup and I know a ton of people in the industry who got jobs in the industry exactly the same way so my advice is networking, and specifically networking with infosec nerds.

This is actually easier than it might sound because infosec nerds are fucking terrible at networking AND socializing so they've set up several easy ways to be in contact with one another regularly (though this does require seeing real human beings in person).

I'd say to start looking for hackerspaces that are local to you, nearby infosec conferences, and local infosec meetups. DC (Defcon) Groups are pretty widespread groups of people who do security stuff in geographical areas that you can find based on area code, for instance I used to go to DC 213 and I know a bunch of the people in DC 949. Check to see if there's a DC group in your area and when they have open meetups and see about getting involved with them. 2600 meetups are monthly infosec meetups that happen in large-ish cities. Search the largest nearby metro area + 2600 to see if there's a meetup that happens near you (so for instance Seattle 2600, Las Vegas 2600, Little Rock 2600).

Like. How to be "in cybersecurity" can cover a lot of ground, but one of the better ways to get into it is to go find people who work in the field. And if you're not up for a meeting at this point, find the socials of these local groups and see what they're doing and what they're talking about.

If you're looking for just any "foot in the door" basic experience in cybersecurity job, the one that is ubiquitous and kind of annoying but hey it'll get you in a building and building experience is Compliance as a Service - a lot of CaaS stuff is about the basics of incident response, access policies, and setting up secure environments. If you get started doing compliance it's a pretty easy jump to doing stuff like pentesting and that opens up more opportunities depending on where you want to go with it. But. Yeah. "cybersecurity" is so broad that I'm not sure whether you're looking to find work doing serious cryptographic math stuff or if you're interested in being a contractor for an insurance company handling cyber liability stuff. The latter is a lot easier to get into, and if you're brushing up on skills by doing the latter and going to infosec meetups and cons and stuff you're going to run into people doing the former who are going to be happy to point you at stuff you're looking for.

Is there any company that you find sus? (One that isn't owned by Lex Luthor.)

Black Rock's potential for financial destruction is shocking, 9 trillion dollars of barely constrained capitalism. Whilst we're talking private equity, Apollo bought hospitals and nursing homes, rapidly decreased quality of care whilst secretly purchasing life insurance on the patients they were actively neglecting and killing.

Bayer is really living up to its origin as IG Farben. Monsato is one of their subsidiaries just to give you a nice taster on what they do. The apple barely rolled out of the tree.

Never use a Huawei phone. They sell the most phones of any company in the world and their cyber security is deliberately waffle shaped.

Swarovski Crystals started making rifle scopes for exactly who you think - willingly - and historians aren't allowed to release their findings. Love that. They're still making those gun parts by the way.

Kodak (who previously made key components for C4, triggers, fuses, detonators and hand grenades all through WWII using forced labor, selling to both sides through Switzerland) still have weapons grade uranium. For some reason. Don't ask. Nothing to do with their previous work on the Manhattan Project.

You probably know about Nestlé killing babies and targeting water ownership in drought-stricken regions of both the US and abroad. This didn't look so good, so they sold it to private equity firm... BlueTriton... formerly Nestlé.

I personally find it a bit suspicious that the Libyan-Chad war is also called the Toyota War. Seems like the anti-paramilitary regulations didn't really work, huh.

Purdue Pharma... the US Government... Sodexo... Exxon, Chiquita...

But for legal reasons, this is a joke :)

United Health Insurance is the absolute worst insurance company. I found out today, one day before the change in coverage, that they had decided on 9/25 to stop covering LPCs, LSWs, ALMFTs, or clinicians working under a supervising psychologist/therapist. That coverage stops tomorrow.

I was not notified by United Health Insurance. Rather, I was notified by my health care provider. They had been notified today as well.

This is all because they want to recoup some of the money they lost in the cyber attacks earlier this year- and they’re doing this by reducing their mental health coverage drastically.

I have to stop my mental health care right now, because the out of pocket rate is not sustainable.

CISA’s "Secure by Demand" guidance is must-read - CyberTalk

New Post has been published on https://thedigitalinsider.com/cisas-secure-by-demand-guidance-is-must-read-cybertalk/

CISA’s "Secure by Demand" guidance is must-read - CyberTalk

EXECUTIVE SUMMARY:

Earlier today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), distributed a new “Secure by Demand” guide.

The intention is to assist organizations in driving a more secure technology ecosystem by ensuring that cyber security is embedded from the start.

“This guidance is a wake-up call for any company that missed out on the costs and outages caused by Solar Winds, Log4J, Snowflake and CrowdStrike,” says Check Point CISO Pete Nicoletti.

Why the guide

In cyber security, procurement teams tend to grasp the fundamentals of cyber security requirements in relation to tech acquisitions. However, teams often fail to identify whether or not vendors truly embed cyber security into development cycles from day one.

The guide is designed to help organizations discern this type of critical information when evaluating vendors. It provides readers with questions to ask when buying software, considerations to work through regarding product integration and security, along with assessment tools that allow for grading of a product’s maturity against “secure-by-design” principles.

More information

The Secure by Demand guide is a companion piece to the recently released Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle.

While the latter focuses on government enterprises, this guide broadens the scope to encompass a wider range of organizations across various sectors.

Key points to note

The two guides work in tandem to provide a comprehensive approach to secure software acquisition and supply chain risk management.

While the software acquisition guide targets government entities, the demand guide offers insights that are applicable to private sector organizations, non-profits and other institutions.

CISA strongly advises organizations to thoroughly review and implement the recommendations from both guides.

Each guide offers practical, actionable steps that can be integrated into existing procurement and risk management frameworks. Yet, that alone is not enough, according to Check Point Expert Pete Nicoletti…

“In addition to implementing this guidance, companies should add supply chain-related security events to their incident response planning and tabletop exercises to ensure they can recover quickly and with less impact. Further, review supplier contracts to ensure that expensive outages caused by them, offer up their cyber insurance, rather than just recovering the license cost,” he notes.

Get the Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem right here.

Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

coffeezillą aesthetic being an old-school detective in cyber future when he's basically a cop... the recent 'i got scammed by insurance company!' video had me chuckle bc how many times terms and conditions of insurance policy have changed, you tell the client, print them the important pages... and they just don't care and then call you 11pm to ask if the policy covers something. a whole lot of people opt out of stuff only to later blame you for "not convincing them" bc what they didn't want to pay for would save their ass actually 💀 and it's veeery often well-off people. i'm not saying what happened to him is okay but having an experience from "the other side" an agent/broker can get in big shit for lying to a client that's why they also have to have their own insurance that covers fuck ups

PERHAPS MORE than any other book published in recent years, The Palestine Laboratory demonstrates why Israel is a menace, not only to Palestinians and other Arabs whose countries it has invaded or bombed at one time or another, but really to people around the globe. Anyone who criticizes or mobilizes against their own authoritarian governments will likely have to contend with an Israeli weapon or technology designed to enhance government control over them and make dissent costly, if not impossible.

READ MORE https://www.wrmea.org/middle-east-books-and-more/the-palestine-laboratory-how-israel-exports-the-technology-of-occupation-around-the-world.html

Antony Loewenstein: Israel Is Testing New Weapons on Gaza as Arms Dealers Profit from Gaza War

NOVEMBER 14, 2023 Worldwide protests calling for a ceasefire are drawing attention to the role of weapons manufacturers and distributors supplying machinery to Israel’s assault on Gaza, with demonstrators blocking shipping tankers and entrances to weapons factories, and unionized workers refusing to handle military materiel over the war in Gaza. There is “a growing public awareness and anger” about the global connection between Western powers and the Israeli military industry, says Antony Loewenstein, who has investigated how Israeli weaponry and surveillance technology are used on Palestinians and exported around the world. “Israel is already, as we speak … live-testing new weapons in Gaza,” says Loewenstein. He also discusses what he characterizes as the “intelligence” and “political” failures of the October 7 Hamas incursion.

LISTEN READ MORE Transcript https://www.democracynow.org/2023/11/14/israel_weapons

LINKS

"The Palestine Laboratory: How Israel Exports the Technology of Occupation Around the World"

19 October 2023

"Although we had always heard that people could be monitored through cell phones, we did not imagine that this could happen to us." +"When people ask us for something, we cannot afford to ask questions about ideology. The only type of regime that Israel would not aid would be one that is anti-American. Also, if we can aid a country that it may be inconvenient for the US to help, we would be cutting off our nose to spite our face not to.’ There’s rarely been a more honest appraisal of Israel’s entire weapons industry."

ISRAEL’S INSURANCE POLICY =>>"Israel’s arms sector, and its spyware industry in particular, is an insurance policy against political headwinds that may develop against the occupation."

"The lack of serious oversight benefits one actor in particular – Israel. As the lead exporter of these tools, the state is at the forefront of the intrusion technology industry. Founded in 2010, NSO Group Technologies Ltd is just one firm among a wider ecosystem of Israeli cyber-weapons companies. Of the 75 governments that have procured spyware and digital forensic technologies worldwide, 56 bought them from firms that are either based in or connected to Israel, such as NSO Group, Cellebrite, Cytrox and Candiru. These deals are all monitored and approved by the Israeli Ministry of Defence.

For Israel, spyware is not just a highly lucrative industry, but a strategic weapon to curry diplomatic favour."

Hi! this is kind of a weird topic… BUT I noticed this past the year or so of people getting literal microchips implanted into their hand and using the it to pay for groceries or unlocking doors in their house and there even was this big thing going around of Elon musk wanting to test (LITERALLY TEST ON PEOPLE) these brain chips that he claimed would make the blind see, the paralyzed walk, and eventually turn people in cyborgs??? It was rejected by the U.S regulators but it’s just so crazy and surreal to think abt but I was think if this was something Terry would do cause honestly would it be all that surprising from all the stuff that man has done? Like would he think about doing that to beloved to just track them? What I was thinking was he would cause again it’s Terry Silver but another part is thinking he wouldn’t cause where would beloved be going without him? They barely leave his house to begin with and is under watch.

---

Why do I think that after the 80's, Dynatox could've re-branded from handling toxic materials (and their often ethically questionable disposal) and went straight into the business of cyber-tech...among other things, of course. All the Billionaires are doing it, so why not Terry Silver, trailblazing along with Steve Jobs, Zuckerberg and Musk. A new company for a new age and a new, equally re-branded Terry. Allegedly re-branded Terry, of course. Also, it proved to be the marketing ploy of the century to have people conveniently forget Dynatox's undoubtedly numerous controversies from the past and draw in a hip, fresh, innovative crowd that thinks Dynatox's ultraviolet goggles are just the breakthrough of the decade and ignore the fact that Dynatox hasn't in fact 'gone green' and is still very much in the business of destroying the planet with dirty chemicals. And it works! Thing is, the court of public opinion has a notoriously short memory span when faced with consuming new technology. New things. People care more about having the next new thing than the fact that these new things are tested on other people. On animals. On destroyed environments. On nature. You give the public a new phone and they tend to neglect the fact it utilizes Third World sweatshops and child labor in the process of production.

Speaking of which, after it is deemed totally safe, of course beloved gets microchipped by Terry Silver and they don't even know it happened or maybe they consented not really realizing what they're consenting too. Their movements, their very life is literally something he can track from his phone like they're his property, which they are.

Not just that, as Terry Silver himself ages, it is not entirely unbelievable to think he'd replace organs that are failing or not functioning as well as he'd like, perfectionist that he is, that he'd have them exchanged for these cyborg-like augmentations, maintaining his prime, or what he deems as his prime for as long as possible. Just does miracles for his need to control everything, even the quality of his liver pumping out water, because he wouldn't accept a part of him having subpar quality. By-passes and Stents. Implanting new hearts from vetted donors. Blood transfusions. I can see Terry as the type to re-juvenate himself constantly at private, highly coveted clinics for the uber-wealthy, like a vampire, to keep himself vital and alive for as long as possible. In the best shape he can possibly be in. If he could insert a computerized heart made out of steel into his chest, he would. As for beloved? There's a miniscule, microscopic plate under their skin patented by Dynatox's scientists. They're quite literally marked. If they ever strayed or goodness my, ran, they would be found within hours. Minutes. There's an App for that. Hey, the wealth insure and secure their cars, estates, their antiques and their watches. Their goddamn branded Birkin bags.

Why wouldn't Terry Silver insure and secure the one he loves?

Amid a concerted effort by global law enforcement to crack down on ransomware attacks, payments to hackers and even the volume of attacks fell in 2022. But the trend doesn’t seem to be holding for 2023, and attacks have shot up again.

Data from cryptocurrency tracing firm Chainalysis indicates that victims have paid ransomware groups $449.1 million in the first six months of this year. For all of 2022, that number didn’t even reach $500 million. If this year’s pace of payments continues, according to the company’s data, the total figure for 2023 could hit $898.6 million. This would make 2023 the second biggest year for ransomware revenue after 2021, in which Chainalysis calculates that attackers extorted $939.9 million from victims.

The findings track with general observations from other researchers that the volume of attacks has spiked this year. And they come as ransomware groups have become more aggressive and reckless about publishing sensitive and potentially damaging stolen information. In a recent attack against the University of Manchester, hackers directly emailed the UK university’s students telling them that seven terabytes of data had been stolen and threatening to publish "personal information and research" if the university didn’t pay up.

“We think as a result of their budgetary shortfalls in 2022 we’ve seen these more extreme extortion techniques, ways to kind of twist the knife,” says Jackie Burns Koven, head of cyber threat intelligence at Chainalysis. “In 2022 we were very surprised to find that decline. Then we talked to external partners—incident response firms, insurance companies—and they all said, yeah, we’re paying less, and we’re also seeing fewer attacks.”

Chainalysis and other organizations attributed the slump in 2022 to a number of factors. Expanded security protections and preparedness played a role, as did the availability of decryption tools offered by private companies and the FBI to help ransomware victims unlock their data without paying attackers. Chainalysis also believes that Russia’s invasion of Ukraine impacted the day-to-day operations of a number of prominent ransomware groups, which are primarily based in Russia.

Improvements in how potential victims defend themselves along with government deterrence initiatives haven’t fallen off in 2023. But Chainalysis researchers suspect that the evolving state of Russia’s war in Ukraine must explain this year’s increased ransomware activity, or at least be playing a role.

“I really think the tide of the Russia-Ukraine conflict has impacted these numbers,” Chainalysis’ Koven says. “Whether that’s actors have settled into safe locations, whether their year of military service has finished, or whether perhaps there’s a mandate to release the hounds.”

Chainalysis specializes in cryptocurrency surveillance and tracking, so researchers at the company are well positioned to capture the scope and scale of ransomware payments. The company says it takes a conservative approach and is rigorous about continuing to retroactively update its annual totals and other figures as new data comes to light about historic transactions. In general, though, many researchers emphasize that true totals for ransomware attacks or payments are virtually impossible to calculate given available information, and that numbers like those from Chainalysis or government tracking can be used only as broad characterizations of trends.

"We still have such poor insights on the actual number of attacks," says Pia Huesch​, a research analyst at the British defense and security think tank Royal United Services Institute. She adds that companies are still reluctant to talk about attacks, fearing reputational harm.

In May, officials at the UK's National Cybersecurity Center and data regulator the Information Commissioner's Office said they were increasingly concerned about companies not reporting ransomware attacks and “the ransoms paid to make them go away.” They warned that if incidents are “covered up,” the number of attacks will only increase.

"Individuals who engage in cybercrime, to them the benefits still massively outweigh the risks of perhaps being prosecuted," Huesch says.

Regardless of their ability to independently validate ransomware revenue totals like those put forward by Chainalysis, researchers agree that ransomware represents a dire threat in 2023 and that the most prolific groups, most of whom are based in Russia, are evolving to counter defenses and meet the current moment.

“The ransomware groups who are still around are really good at what they do, and it is hard for organizations to secure against all possible points of entry,” says Allan Liska, an analyst for the security firm Recorded Future who specializes in ransomware. “And what’s worse, the groups seem to be mastering new techniques.”

One such tactic that researchers and governments have their eye on is mass exploitation campaigns in which a ransomware group finds a vulnerability in a widely used product that they can exploit to launch extortion campaigns against many organizations at once. The Russia-based gang Clop, in particular, has refined this technique.

All of this bodes poorly for anyone who hoped after last year that the tide was turning against ransomware actors.