- Identity Jedi Newsletter
- Posts
- The 67th Edition of the Identity Jedi Newsletter
The 67th Edition of the Identity Jedi Newsletter
Happy New Year!! Poll question for ya!
Hey Jedi welcome to the 67th edition of the Identity Jedi Newsletter! Happy NEW YEAR!!!
Hope you are having a fantastic 2024 so far! I’m looking forward to this year. I think this is the year we will look back on and say that identity changed forever. It will be a foundational shift in how we build products, deliver services, and bring value to organizations.
OR
We’ll do the same shit we’ve done for the past two decades.
But let’s start 2024 on an optimistic note. 😀 .
We had a MASSIVE end of the year as we welcomed a ton of new subscribers to the community. We are now over 1,000 subscribers!!
Gif by spotify on Giphy
I’m thankful for each and every one of you! I said at the end of the year I would be accessing the newsletter and planning out some changes. I’m still going through those but I will be asking all of you for input. So make sure to check out the polls in the Last Word section. ( Made it easy for you but incliding a anchor link on Last Word)
Let’s Get to the Good Stuff!
Identity is more than just users
When is a breach a breach?
Said Good Stuff 3
WHAT’S HAPPENING THIS WEEK
Identity is more than just users
This is both fascinating and scary at the same time. The joys of working in cybersecurity I guess. Attackers found an exploit in Google’s OAuth endpoint that allowed attackers to gain access to a google account, ever AFTER password reset. How?
Simple answer: Regeneration of Google service cookies.
Complex Answer: A really detailed attack ( Check out the deep dive)
We have to move past what we commonly talk about in identity. IGA, SSO, these things are administrative functions. Instead we need to add to the conversation the active portion of identity. Authentication flows, authorization flows, data access.
New year who dis?
When is a breach a breach?
Very interesting topic of conversation with this article. New SEC rules say companies have to report a material breach within 4 days. This is in an effort to protect investors. When a company is breached their is bound to be action around their stock price, and that action is usually a negative one. So to reduce the the chance of insider trading, the SEC wants to shorten the time table to release this information to the public.
However it’s a broad assumption that organizations would know within 4 days what exactly happened. Ask yourself this question. If you found out today that your company had been breached how confident are you that you would know the details in 4 days?
I see where the SEC is going with this, but I’m not sure this is the best path. Let’s see how this plays out.
Identity Jedi Show Podcast
Navigating Cybersecurity with Intent: A conversation with Dmitriy
One of the best conversations I had in 2023!
The Last Word
Happy 2024!! Wow, do I have things planned for this year! I hope you do too! But most important I hope you had a wonderful holiday break. Filled with laughs, love, hugs, good food, and just all around good things!
Some news for all of you:
1) My first course on Identity is live on LinkedIN! Check it out
2) I said at the end of last year that I was looking to expand the newsletter. I’m thinking of broadening the scope to all of cybersecurity ( with an identity centric focus), also bringing in more guest writers, and creating a private community for the premium members ( More in your section). But before I do any of these things I want you input! So for the next couple of weeks I’ll be posting polls here in this section to collect input from you. With that being said..let’s get to the first poll!!
Would you like to see other cybersecurity topics covered in the newsletter? |
3) I’m looking for guest writers add their knowledge to the newsletters. So if you know of anyone, or you yourself are interested in writing. Let’s talk!
Be Good to each other, Be Kind to each other, Love each other
-Identity Jedi
What did you think of this weeks newsletter? |
Reply