Wendy Nather

@wendynather@infosec.exchange
4.6K Followers
362 Following
12.8K Posts

Recovering industry analyst, research director & CISO. Senior Fellow at @AtlanticCouncil @CyberStatecraft. Single, childful cat lady.

General Content Warnings: snark, bad words, even worse puns, occasional flashes of borrowed insight, plugging of selected $employer events and publications, random brain radio songs, multilingual commentary

Note: Sufficiently advanced shitposting is indistinguishable from thought leadership. — @jwgoerlich

StageVānaprastha
PronounsShe/her
ChocolateYes please
#ScalziRuleshttps://whatever.scalzi.com/2025/04/16/the-official-john-scalzi-social-media-faq/
Wendy Nather10h ago

Just so you know, @gattaca and I are the Infosec Pros From Dover. (Haven’t figured out yet which one of us is Hawkeye and which is Trapper John.)

https://youtu.be/KojghwX_9eM

Mash 1970, The Pros from Dover

YouTube
Wendy Nather12h ago
nixCraft 🐧14h ago

Lmao.

#ai

Wendy Nather13h ago
ducksauz 🦆14h ago
I think I prefer this version
Wendy Nather13h ago
Phil Calcado1d ago
Funny how so many of the “AI will replace engineers any day now” takes come from people who’ve never been paged at 2am because a certificate expired in Tokyo.
Wendy Nather16h ago
Nick Selby 17h ago

We're not the first to promote a strategy of fractional CISOs building programs so that a full time CISO can manage it, but Pablo Breuer and I committed the strategy to a comprehensive and specific blog post I think CEOs and board members considering a CISO hire might find useful framing:

https://epsd.io/blog/strategic-deployment-of-a-fractional-ciso/

EPSD | Strategic Deployment of a Fractional CISO

Before hiring their first Chief Information Security Officer (CISO), CEOs and boards should consider a fractional CISO (F-CISO) to build foundational security programs that set the permanent CISO up for success. This strategy addresses a critical disconnect: executives often view security breaches and compliance failures as technical problems, but these business-threatening issues typically stem from cultural and process deficiencies requiring organizational transformation, not just technical expertise.

EPSD | Technical consulting driving business transformation.
Wendy Nather18h ago
elhacker.NET23h ago

Metallica tribute #StarWars Imperial band 🎸🔥

Created with @GoogleLabs
Whisk and animated with Veo 2.

Wendy Nather20h ago
KC Lemson1d ago
Kids these days will never know that they need to enter their meeting ID followed by the pound sign
Wendy Nather21h ago
Heather23h ago

Everyone’s jumping on the MCP bandwagon—but is it really an “open standard”? I took a closer look at what’s missing, why it matters, and what we risk if we skip the hard parts of standardization. If you’re watching AI infra, you’ll want to read this.

#AI #MCP #DigitalIdentity

https://sphericalcowconsulting.com/2025/06/17/the-mcp-bandwagon/

The MCP Bandwagon

MCP promises easier AI integration, but is it really a standard? Learn what it is, why standardization matters, and whether review is needed.

Spherical Cow Consulting
Wendy Nather21h ago
Tofu Golem4d ago
There are a lot of lonely men who have no idea why they are lonely.
Wendy Nather21h ago
Infosecjen21h ago
For those with an interest in the cybersecurity of enterprise IoT, the UK gov wants to hear from you (even if you aren't UK-based): https://www.gov.uk/government/calls-for-evidence/call-for-views-on-enterprise-connected-device-security. You don't need to be a policy pro or lawyer, or representing your employer; if you have relevant info to share, they want to hear from you. Consultation closes on 7/7.
Call for views on enterprise connected device security

The government is asking for views on the security of enterprise connected devices, also known as

GOV.UK