⬇️ See below for timestamps/summaries/references for each topic
00:00 Highlight/theme
00:37 Intro
1:21 Hitch Partners survey of CISOs
13:34 Dangling S3 buckets
24:35 Update on Cybersecurity Innovation Executive Order
32:58 Cyber stocks - NET and CRWD at all-time highs
44:07 Okta lays off 180 employees, including security engineers
55:47 Is anyone actually doing TLS inspection?
1:03:21 Is a SOC2 certificate enough to pass TPRM?
Hitch Partners survey of CISOs
The 2025 CISO Security Leadership Survey by Hitch Partners highlights key trends in CISO compensation, reporting structures, and industry disparities. Public company CISOs see higher cash compensation and equity growth, with a 6.1% increase year-over-year, while private company CISOs face tighter financial conditions and fewer benefits like D&O insurance. CISOs in larger organizations are less likely to report directly to the CEO, instead aligning with CIOs as company size increases. Compliance, business impact, and ROI are the top budget justification factors, and signing bonuses are more common in public companies. With an average tenure of 39 months, organizations looking to attract top security leaders must focus on competitive compensation, equity incentives, and comprehensive protections.
📖 References: https://www.hitchpartners.com/ciso-security-leadership-survey-results-25
Dangling S3 buckets
watchTowr Labs detailed how they identified approximately 150 abandoned Amazon S3 buckets previously utilized by various organizations, including governments and cybersecurity firms. Upon registering these buckets, they monitored over 8 million HTTP requests within two months, revealing ongoing attempts to access software updates, binaries, and other critical resources.
📖 References: https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/
Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity The outgoing Biden administration issues an executive order aimed at enhancing cybersecurity innovation in the U.S. The order focuses on strengthening national cybersecurity infrastructure, promoting technological advancements, and ensuring robust defenses against cyber threats.
Layoffs at Okta
On February 4, 2025, Okta, a U.S. access and identity management company, laid off 180 employees, marking its second workforce reduction in just over a year. This follows a previous layoff of approximately 400 employees in February 2024. The Enterprise Security team was affected.
📖 References: https://techcrunch.com/2025/02/04/okta-lays-off-180-employees-nearly-one-year-after-last-workforce-reduction/