Mastodawn

My new article on the history of the Canadian Armed Forces cyber defence program is finally out! Come read the paper that the Canadian Security Intelligence Service was too scared to publish.

https://www.cgai.ca/th_pp_following_the_digital_snail_s_trail_the_short_history_of_canadian_armed_forces_cyber_operations

Alex Rudolph Mar 10

Canadian Program for Cyber Security Certification (CPCSC) is going to really disrupt Canadian defence procurement. It is the Canadian CMMC. My friend Andrew, a CMMC and compliance expert, wrote a good introduction for SMEs.

https://www.cyberincontext.ca/p/compliance-is-cash-where-to-begin

Compliance is Cash - Where to Begin with CPCSC

The Canadian Program for Cyber Security Certification can be overwhelming, so let us start with the basics

Canadian Cyber in Context

Alex Rudolph Mar 9

The Government of Canada hints at where it is taking sovereign cloud with the latest updates to the RFI.

https://www.cyberincontext.ca/p/canadian-government-provides-next

Government Provide Next Steps to Canadian Sovereign Cloud

Is the Government of Canada headed towards true sovereign cloud?

Canadian Cyber in Context

Alex Rudolph Jul 17, 2024

My latest paper about the Canadian Armed Forces and its efforts to achieve digital transformation and pan-domain capabilities.

The CAF has started its most important force and doctrinal change in decades, and few realize it.

https://www.cgai.ca/digital_transformation_and_pan_domain_the_cafs_quiet_revolution_in_military_affairs

Alex Rudolph Jun 7, 2023

I was invited by @VVX7 to speak in the @PreludeSecurity Discord on June 22 at 7 PM EST.

I'll be giving my talk "Global Affairs? In my Threat Model?" on ways to understand threats in global affairs.

Some of you may remember this talk as "Everyone is wrong about Cyber Warfare (Except me)."

I have since expanded on this talk and will specifically be discussing how to understand the role of global affairs in risk/threat models.

Looking forward to seeing you there! http://discord.gg/fZbfdUQM4A

Join the Prelude Security Discord Server!

Check out the Prelude Security community on Discord - hang out with 2,201 other members and enjoy free voice and text chat.

Discord

Alex Rudolph Jun 1, 2023

If Canadian military and its members would please move to anywhere but Twitter.

Alex Rudolph Apr 12, 2023

Katie Moussouris (she/her)🥜👋🏼Apr 12, 2023

Ah yes, another high profile bug bounty forcing non-disclosure — even for fixed bugs.
🤦🏻‍♀️
It’s the bugs they won’t fix that will put users at risk.
All orgs need a vulnerability disclosure program that doesn’t ban Disclosure.
But what do I know.
I just coauthored the standard
#GPT

“But it’s a bug bounty & they are paying so it’s fair to ask for non disclosure”
That’s fine if everything submitted is paid work, like a penetration test.
Oh, only paying selectively & only the first of any duplicates?
That’s labor abuse & the worst gig economy deal out there.

“But pen tests don’t get you all the eyeballs”

Neither do bug bounties - you get a random number of eyeballs willing to sign NDAs.

If orgs actually care about security, they cast as wide a net s as possible to get the best researchers - especially those who won’t sign NDAs.

“This is better than no bug bounty”

No, it isn’t.

It breeds a false sense of security for users & the org itself, while actively excluding the highest skilled researchers who will never sign an NDA for speculative pay or who want to see the bugs FIXED as their motivation.

Alex Rudolph Apr 11, 2023

DEF CON Apr 11, 2023

The #DEFCON Call for Proposals (CFP) deadline is May 1st. DEFCONPolicy is hosting a public policy CFP session April 14th. It will cover what makes a strong proposal, what to expect, tips on submissions & more! Check it out and visit the forum for deets:

https://forum.defcon.org/node/244681

#DEFCONPolicy #DEF CON31 #CFP

forum.defcon.org

Hello everyone! Policy @ DEF CON will be holding an online session to walk through our CFP, on Friday, April 14, 2023, at 8:30-9:00am Pacific time. This session will cover: What is Policy @ DEF CON? Why you might want to submit? What session formats can we support? What type of content are we looking for? How to get

DEF CON Forums

Alex Rudolph Apr 11, 2023

Steve Saideman Apr 11, 2023

my latest blog post on who is entitled to police the defence and security academic/media folks https://saideman.blogspot.com/2023/04/who-gets-to-police-defence-and-security.html

Who Gets to Police The Defence and Security Community?

Driveby accusations of compromised integrity tend to create smoke that obscures. It is easy, but it does not do much to advance the cause ...

Alex Rudolph Mar 29, 2023

Horkos Mar 29, 2023

Good reporting surrounding the identification, tracking, and fallout surrounding the GRU’s bean-eatin’ illegal (BEI, aka S.V. Cherkasov)

https://www.washingtonpost.com/world/2023/03/29/russian-spy-brazilian-student-washington/

He came to D.C. as a Brazilian student. The U.S. says he was a Russian spy.

A former graduate student in Washington, who claimed to be Brazilian but was unmasked as a Russian spy, has been charged by the U.S. with acting as a foreign agent.

The Washington Post

Bluesky	https://bsky.app/profile/cyberincontext.ca
CGAI Fellow	https://www.cgai.ca/Alexander_Rudolph
Linktree	https://linktr.ee/alexfrudolph
Website	www.cyberincontext.ca