I Heard They Had LAPSUS$ on the Buffet This Week, Johnny

Yeah, I read the whole thing. Printed it even so I could annotate with some pink ink and then talk about it.

I'm talking about the National Cybersecurity Strategy Implementation Plan of May 2024 (version 2). 14 pages of set-up that also includes a Table of Contents. 5 Pillars, 26 Strategic Objectives, a summary, and a list of acronyms.

Let's GO...right into the meat of it. The Pepperoni. Grab the red pepper.

Pillar Two: Disrupt and Dismantle Threat Actors

Let's do THAT! Jump to the left into Strategic Objective 2.1.7 that states thus: "Prevent, deter, and disrupt cybercrime and cyber-enabled crime committed by juvenile offenders"

(My pink note: Why's this separate?)

Initiative Description: "The Department of Justice will collaborate with the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) and, as appropriate, federal, state, local, tribal and territorial governments, international and industry partners, to develop a whole-of-society approach consistent with CSRB's recommendations from its review of Lapsus$. This approach will seek to enhance existing U.S. Government programs and policies to improve prevention, deterrence, and redirection of juvenile cybercrime offenders and disruption of future malicious cyber activity conducted by juvenile offenders."

So we've separated the teenagers and put them over in section Z, aka "Their Room" Whywhywhy? And what are we going to do about it? We here living inside Heather Noggle's Mom brain have some thoughts.

So, I owe the publication a promotion for poking fun at it. Here are a few reasons why you should read it.

1. It's well-organized and a good review of priorities to come. As a governance document, yeah, read it.
2. The acronyms at the back really help readers navigate both this publication and other government lists you'll read in the future
3. I absolutely LOVE the part about public/private collaboration. We need it. Don't forget about your cybersecurity-centric non-profits, like Missouri Cybersecurity Center of Excellence . These regional non-profits offer great regional resources and connection/amplification of efforts. Ready to go. They just need some funding that's not so difficult to obtain. Funding SPECIFIC to cybersecurity efforts that'll bring widespread future impact. Like assessments for municipalities and counties. Yeah; let's do that! Big (and small) companies can bolster these advocate organizations directly with contributions. Let's talk!

Expect more content about the document in the days and weeks to come. And of course, share your favorite part about it in the comments.

P.S. If you reprint page 2 over and over again, you've got a great template that looks like YOU are the author of this plan. (I'm going to make you look that up - here's the link).

Straight Outta WordPress...BOOM.

https://www.whitehouse.gov/wp-content/uploads/2024/05/National-Cybersecurity-Strategy-Implementation-Plan-Version-2.pdf

Grammar and Writing with Heather

Sponsored (but not remunerated) this week by LinkedIn

Have you seen that on your feed? It's wrong. Analytics are measurable, so it should be "Show fewer analytics."

For bulk or mass quantities, use less.

• I would like less rice
• I would like fewer bowls of rice

"Please, revise your code so that there are fewer bugs." Fewer vulnerabilities. Fewer ransomware incidents in our industry. Less emphasis on fear, uncertainty, and doubt to bolster your marketing.

[The difficult part about this is that "more" is the right opposite word of both]

I'd like more cybersecurity staff. I'd like more emphasis on training in cybersecurity.

So, strive for fewer grammar errors. Less confusion.

Puke on Vectors

Physics, high school. This music and English natural did manage to squeeze in 4 years of weighted science classes, and I saved physics for the last year.

My mom's best friend taught physics, and one day she asked me what I was studying.

"Vectors"

The title is her response.

I was pretty sure I'd never use any form of math beyond the basic operations once I left high school. Took Teacher's Math in college - and only Teacher's Math. My tech career has been business and logic based.

So what was I studying this weekend? Linear algebra, 30+ years later. Double puke on vectors.

Gotta dive a little bit into the quantum pool, though. It'll make for better and more accurate jokes and also help me understand at least a bit beyond the surface of some of this emerging tech. So, into the quantum pool full of vectors and imaginary and real numbers go I.

Yes, that's worth its own image. What color should Qubiticus' Speedo be? [Generates Image] Or, better yet, meet Queen Vectra? Pretty sure this is Queen Vectra.

Review the Few

Favored posts this week.? There was an extra newsletter last Tuesday. I got my weeks mixed up.

Passwords and Passkeys graphic - https://www.dhirubhai.net/posts/heathernoggle_passwords-passkeys-by-the-keymaster-activity-7194668065656041475-zjcM

Here's the Team Tim conversation we had about the National Cybersecurity Strategy -? it was Friday, and I was a bit goofy.

https://www.dhirubhai.net/posts/timothygolden_msps-activity-7194320517674221568-juRf

Introducing The Keymaster, with a special appearance by Qubiticus.

https://www.dhirubhai.net/posts/heathernoggle_this-is-the-keymaster-you-shall-not-pass-activity-7193957095216500736-Dm3H

-=-=-=-=-=-=-=-=-=-=-=-=-=-

Heather Noggle is a responsible adult (usually) - though sometimes merely a simple girl in a complex world. The sweetest cherry in an apple pie (credit: Tori Amos).

Truly, yes, owner of all of the Internet's cats.

When she's serious she's exceptionally serious and that's typically half the week or more. Like the little girl with the curl in the middle of her forehead.

You'll find her speaking and writing about all things cybersecurity, especially the human part. Ways to do better and understand more about this invisible world around us and its not-so-imaginary threats. https://www.heathernoggle.com/speaking

Her current biggest professional passion is the Missouri Cybersecurity Center of Excellence, where she's working to build the cybersecurity workforce, protect the region, and bring awareness of this need: https://www.mccoe.org

You can find her on LinkedIn daily doing just these things, and she's available for writing and speaking, consulting with technical clients about business and business clients about technology, and - hopefully - making the world a more understandable and pleasant place, regardless of this one-time foray into speaking about herself in the third person.