Weekly output: Trump cybersecurity policy, Mark Vena podcast

This Thanksgiving weekend ended as any end-of-a-month Sunday might have concluded: with me staying up late to get one last piece filed so I don’t have to wait another month to invoice for it.

Patreon readers got a bonus post from me on Tuesday: an explanation of the ways I’ll try to keep a story current when reality (read: my chaotic schedule management) prevents me from filing it when I’d predicted.

11/25/2025: Trump Cyber Team Wants to ‘Shape Adversary Behavior.’ Allies Are Skeptical, PCMag

Since I mentioned falled behind schedule in filing copy, this piece was a prime example of that. On the upside, waiting an extra couple of days to get expert input from another attendee of the Aspen Institute’s Aspen Cyber Summit paid off with useful context that I couldn’t have gotten in quotes from the panels at this cybersecurity conference.

11/28/2025: Ep 116 SmartTechCheck Podcast — the AI bubble, Apple iPhone launch changes, Blue Origin vs. SpaceX, Mark Vena

This podcast recording was supposed to take place Monday but got bumped to Wednesday, meaning I had to record it in the guest room in the basement of my brother’s house. If you wondered about the abstract painting on the wall behind me, thank you for recognizing the artistry of my sister-in-law Kerry Pegoraro.

#aiBubble #appleIphoneLaunchCalendar #aspenCyberSummit #blueOriginSpacex #cybersecurity #cybersecurityPolicy #seanCairncross #trumpCybersecurity

Well, this is a big one. CISA ending its agreement with CIS is going to send some serious shockwaves through state and local government IT shops. For years, those free CIS services were the baseline security for countless underfunded towns, school districts, and tribal nations.

While CISA talks about evolving its strategy, the immediate reality is that a critical safety net just got pulled away. I'm really concerned about the transition here, because the bad guys aren't going to wait around for these organizations to figure out new budgets and vendors. This feels like a solution in search of a problem, and it's the SLTTs who will likely pay the price.

TL;DR
🚨 CISA is terminating its funding agreement with the Center for Internet Security (CIS).
💸 This ends free access to key tools for state, local, tribal, and territorial (SLTT) entities.
❓ Creates a sudden and significant security gap for under-resourced public sector organizations.
📉 SLTTs must now scramble to find funding and alternative solutions, increasing their vulnerability.

https://www.theregister.com/2025/09/30/cisa_kills_cis_agreement/
#CISA #CIS #CybersecurityPolicy #GovTech #PublicSector #security #privacy #cloud #infosec #cybersecurity #SLED

Federal Cybersecurity Rollbacks: What Got Cut—And What Still Stands

In June 2025, a quiet executive order from the White House eliminated several key cybersecurity requirements for federal systems. In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down what’s changing and why it matters for your organization.

We'll share:
▪ Which cybersecurity rules were rolled back (and which ones remain)
▪ What the removal of secure software attestations means for vendors
▪ Why post-quantum encryption and the FTC Cyber Trust Mark still matter
▪ How this moment echoes past compliance gaps like PCI
▪ What security leaders should prioritize right now

▶ Watch the video: https://youtu.be/GIWBHKwydMA
🎧 Listen to the podcast: https://www.chatcyberside.com/e/executive-order-shockwave-the-future-of-cybersecurity-unveiled/

#FederalCybersecurity #CyberExecutiveOrder #CybersecurityPolicy #ExecutiveOrder #CISOs #CyberCompliance #SupplyChainSecurity #ZeroTrust #PostQuantum #LMGSecurity #Cybersecurity #CyberRisk #SecureSoftware #CybersideChats #RiskManagement

#PressCoverage #CyberFrauds

@sflcin's comment on the increased cyber fraud cases in Maharashtra appeared in Punyanagari, a Marathi publication in Maharashtra.

SFLC.in raised concern over the increased number of cases and suggested educating citizens about cybersecurity practices, and for law enforcement to ensure that complaints are addressed promptly and effectively.

#cybersecuritypolicy #digitalsafety