Category: Security

Categories
Podcasts Security What I’m Up To

Ziti TV: Explaining OpenZiti to the new guy (and that’s me!)

“Ziggy,” OpenZiti’s anthropomorphic ziti mascot, wearing headphones and playing accordion.
Want to know more about my new job? Here’s the story.

Last week was my first week at NetFoundry, where I’m the Senior Developer Advocate. It was fun, and it was also like drinking from a high-tech, encrypted firehose!

To mark the occasion, I sat down with NetFoundry’s Head of Developer Experience (and also developer; he does a lot!) Clint Dovholuk for my first episode on Ziti TV. We spent an hour diving into the “meat” of Zero Trust, networking architecture, and why your traditional VPN might be the “castle and moat” that finally (and unintentionally) lets the invaders in.

If you’re a developer who has always viewed networking  infrastructure as someone else’s problem (and as a recovering mobile developer, I’m certainly guilty on that charge), here’s the deep-dive breakdown of what I learned in my first week on the job.

Notes from the video

Zero Trust

The term “Zero Trust” is everywhere. You can’t throw a rock on the tech internet without hitting a marketing department claiming they’ve “solved” it, and Clint and I joked about the “eye-roll” factor of the term.

Clint said that Zero Trust might be better understood if you called it Explicit Trust. In the old “Castle and Moat” model, if you’re in the castle, you’re trusted. In the OpenZiti model, we assume the network is already compromised. You have zero privileges until they are explicitly granted based on:

  • Authentication: “Who are you?”

  • Authorization: “What are you allowed to do?”

A lot of resources will authenticate and authorize you through some kind of sign-in process. Clint describes OpenZiti as moving the process out by one layer into the network so you can’t even connect to an OpenZiti-protected resource without being authenticated and authorized first.

Or, to quote Clint:

With OpenZiti and Zero Trust, if you have a service that’s protected by OpenZiti, you first need to authenticate to the OpenZiti overlay network, and then you need to have an authorization that permits the operation you’re trying to perform.

OpenZiti also uses a Zero Privilege approach. Once again, to quote Clint:

The whole idea is that you have no privileges until you are granted privileges, and only then are you able to take whatever operation you want.

“Jay double-you tee” vs. “Jawt”

Apparently we’re on different sides of this debate. Clint prefers referring to JWTs as “Jay double-U tees,” while I prefer to call them “Jawts.”

OpenZiti and NetFoundry: How are they related?

OpenZiti is the network overlay project, and NetFoundry is the company behind OpenZiti.

The “Open” in OpenZiti comes from the fact that it’s an open source project. This is in keeping with the philosophy that a cybersecurity product should be open source because making source code publicly visible enables a community of developers, analysts, and other experts to audit, test, and improve it.

If you have the time, tech skills, and inclination, you can use OpenZiti and run your own overlay network at zero cost — if you don’t count the cost of said time and tech skills. It’s all up for grabs here.

However, if you’d rather spend your time and technical expertise elsewhere, especially once your needs get up to scale, such as on your main line of business, NetFoundry is here to provide you with a managed OpenZiti platform.

It’s easy to run one controller and two routers on your laptop. But when you’re an enterprise managing a fleet of routers, handling upgrades, and monitoring metrics, you’re suddenly in the “overlay business” instead of your actual business. NetFoundry is the “Easy Button” that manages OpenZiti for you [19:10].

The quickstart

Clint then gave a quick demonstration of the OpenZiti quickstart, which creates a fully functional OpenZiti network overlay on your system in a couple of seconds. This overlay has both a router and a controller, and each has a specific job.

Controller

The OpenZiti controller [24:36] serves as the brain of the overlay network. It’s the authority responsible for managing the state of the environment and ensuring that all connections are secure and verified before traffic ever flows.

Its responsibilities can be broken down into several key functions:

1. API surface and management

The controller surfaces several critical APIs that different components of the network interact with. These include:

  • Edge Client API: Used by SDKs and tunnelers to authenticate and discover services.

  • Management API: The interface used by administrators (often via the Ziti CLI) to configure the network, such as creating new identities or defining service policies.

  • Fabric and OIDC APIs: Used for internal mesh communication and identity provider integration.

2. The authority on explicit trust

The controller is the primary decision-maker for the two pillars of Zero Trust security:

  • Authentication: It verifies the identity of any user, device, or “workload” attempting to connect (answering “Who are you?”).

  • Authorization: It checks configured policies to determine exactly what that identity is allowed to access (answering “What are you allowed to do?”).

Unlike a traditional network where a firewall might be open by default, the controller ensures the network is dark by default. No connection is permitted until the controller has explicitly authorized it.

3. Bootstrapping trust, a.k.a. enrollment

The controller is the starting point for bringing new devices into the fold through a process called “Bootstrapping Trust”.

  • It issues One-Time Tokens (OTTs) (essentially signed JSON Web Tokens) that are delivered to users.

  • When a client initiates enrollment, the controller validates the token and facilitates a Certificate Signing Request (CSR) exchange.

  • The end result is a strong, cryptographically verifiable identity that the client uses for all future secure communications.

4. Orchestrating the mesh

While the controller does not actually handle the data traffic (that is the job of the routers), it provides the “map.” It coordinates with the edge routers to broker data channels, ensuring that when a client “dials” a service, the routers know how to steer that traffic to the correct destination.

Router

The OpenZiti router [26:09] is the workhorse of the network. While the controller acts as the brain and makes policy decisions, routers constitute the data plane: the actual infrastructure that moves bits from point A to point B.

According to Clint, the router’s job can be broken down into these core functions:

1. Forming the mesh overlay

The routers are responsible for creating the “mesh overlay network”. Unlike a traditional hub-and-spoke networking model, these routers connect to one another to form an interconnected fabric. Even if you start with just one router, you can deploy many others to extend this mesh.

2. Brokering data channels

The primary job of a router is to broker data channels. When an application wants to send data, the router facilitates the creation of a secure path. It effectively “steers” the traffic through the mesh to ensure it reaches the intended destination router and, ultimately, the target service.

3. Serving as the entry point for clients

Everything in OpenZiti is technically an SDK client, whether it’s a standalone app or a “tunneler.” These clients connect directly to the routers to form the necessary channels for communication. The router acts as the listener that accepts these connections once the controller has given the “okay.”

4. Shuttling the actual data

The router is where the heavy lifting happens. It is the component that actually sends your data from one side to the other. While the controller handles the logic of authentication and authorization, it never touches the application data itself. That task is handled entirely by the routers.

5. Enforcing the “dark network”

By acting as the only point of entry into the mesh, routers help enforce the “dark by default” philosophy. Unless a client has been explicitly authorized by the controller, a router will not broker a channel for it, effectively keeping the protected services invisible to the public internet, and by extension, unauthorized and malicious parties.

The coolest part for a developer? You can spin this all up on your local machine in about seven seconds with a simple ziti edge quickstart [23:00].

Why not just use a VPN?

One of my questions was the one every developer asks: “Why can’t I just use a VPN?”

Clint insists that an OpenZiti overlay actually is a VPN [34:05] in the broadest sense, in that it’s a virtual network that’s closed off to unauthorized parties. It just functions much differently than the “one big mush” of traditional VPNs, which are open by default, and once you’re in, you can see everything.

On the other hand, OpenZiti is dark by default [35:45]. If you have a server on the open internet, it usually has an open port (such as port 22 for SSH or 443 for HTTPS). With Ziti, you close those ports entirely. The service becomes “dark,” and the ports are invisible, and you can’t attack what you can’t even find.

The “magic dance” of bootstrapping trust

I’ll admit, when I first tried to set up a client and server, I got a little lost in the “magic dance” of certificates. Clint called this process bootstrapping trust [38:47].

It starts with a One-Time Token (OTT), which is a signed JWT, and the process goes like this:

  1. The admin creates an identity on the controller [41:09].

  2. The client uses the token to find the Controller’s URL [43:11].

  3. The handshake takes place, where the client verifies the controller’s certificate, and they exchange a CSR (Certificate Signing Request) [44:43].

  4. Strong identity: The result is a JSON file containing a key that must be protected like a secret.

AI Agents and the MCP Gateway

We also took a detour into Agentic AI. Clint has been using MCP (Model Context Protocol) Gateways to let Claude interact with the Ziti CLI.

The breakthrough here is efficiency and security. By using an MCP Gateway, you don’t have to give your raw credentials to the AI [57:02]. Plus, by using a targeted MCP server, you can strip a massive 100k data object down to a 10k summary, saving a fortune in tokens [59:12].

Real-world use: From blue bubbles to drones

I asked Clint who is actually using this in the wild. The “Adopters” list is growing, including projects like Blue Bubbles (the tool that brings iMessage features to Android) [50:33].

But the stakes get higher. We discussed Zero Trust Drones and secure communications on the battlefield [52:12]. When you’re in a high-stakes environment like Ukraine, having secure, “dark” comms is a necessity, not a luxury.

More coming soon!

This was the first of many Ziti TV livestreams featuring Clint and Yours Truly. The next one’s scheduled for Friday, April 30th at 11:00 a.m. U.S. Eastern / 8:00 a.m. U.S. Pacific / 1500 UTC, and you can view past livestreams in the Live section of the OpenZiti YouTube channel.

Watch the full replay here: Ziti TV: Explaining OpenZiti to the New Guy

Categories
Artificial Intelligence Security What I’m Up To

Day 1 as NetFoundry’s Senior Developer Advocate

“Ziggy,” OpenZiti’s anthropomorphic ziti mascot, wearing headphones and playing accordion.
www

Today is my first day as Senior Developer Advocate at NetFoundry, the company behind OpenZiti.

I am thrilled, slightly jet-lagged from the onboarding reading, and (because some things never change)my accordion is within arm’s reach of the desk. If you are going to explain zero trust networking to developers, you might as well have an accordion-powered rock and roll backup plan.

This is the post where I tell you what the job is, what the product is, why the name makes me smile, and why I think this is going to be a good couple of years.

The short version

I am joining the team that invented and maintains OpenZiti, an open source zero trust networking platform. My job, alongside my colleague Clint, is to be the developer-facing voice of the project: write code, build demos, ship tutorials, show up in the communities where the conversations are actually happening, and make sure what we hear from developers gets back to the product and engineering teams in a form they can act on.

The timing is interesting. NetFoundry recently announced NetFoundry for AI, an AI-focused use of the platform aimed squarely at the problem every AI team is quietly panicking about right now: how do you let AI agents, MCP servers, and LLMs talk to each other and to the rest of your infrastructure without turning your network into Swiss cheese?

More on that in a minute. First, the name.

What is OpenZiti, and why is it called that?

The “ziti” in OpenZiti comes from “ZT”, as in “zero trust”. Say “Z-T” out loud a few times, let the letters slur a little, and you end up somewhere in the neighborhood of “ziti.” Then somebody noticed that ziti is also a tubular pasta, and because developers are developers, that became the visual identity. The OpenZiti logo is, essentially, a piece of pasta. I respect this deeply. My last employer’s mascot was a twerking login box. My current employer’s mascot is a delightfully cheesy, tasty dinner.

This also explains this cryptic comic I posted on my socials earlier, as a hint about the new job:

By the way, the rightmost pasta in the comic is a slouching ziti. Also, in case you need a quick explainer, here’s a helpful infographic:

Infographic from Sip Bite Go. Click to see the source.

The “Open” part is the substantive half of the name: OpenZiti is genuinely open source, Apache 2.0 licensed, and the whole thing lives in public on GitHub. You can pull it down right now, stand up a controller and some routers on your own hardware, and have a zero trust overlay network running on your laptop by lunchtime. (I know this because that is literally what I am doing this week as part of my onboarding. More on that later too.)

So what does it actually do?

Here is the mental model I am starting with, and I reserve the right to refine it as I get deeper in:

  • Today’s network model is “castle and moat.” You put a firewall around your stuff, you open ports for the services that need to be reachable, and you hope the bad guys don’t find a way through the gate. When they do (and they always do) they are inside the castle with the crown jewels.
  • Zero trust flips this. Instead of trusting the network, you trust identity. Every connection is authenticated, every connection is authorized, every connection is encrypted, and nothing is reachable just because of where it is on the network.
  • OpenZiti is the overlay that makes this practical. It gives every app, service, device, or agent a cryptographic identity, routes their traffic through a mesh of routers that only accept authenticated connections, and requires no open inbound firewall ports. This is the part that makes network engineers do a double-take. Nothing listens on the public internet. Attackers can’t port-scan what isn’t there.

If you have ever been the person who had to file a firewall change ticket to let service A talk to service B, and then waited three weeks and filled out a compliance form, you already understand the appeal.

The AI angle, which is where I am spending a lot of my first year

Here is the thing about AI agents and MCP servers: they are, architecturally, the worst possible citizens of a perimeter-based network.

They need to talk to a lot of things. They hold API keys. They get spun up and torn down on timelines that do not match anybody’s firewall change window. They are, by design, non-human identities with significant privileges, and most of the infrastructure around them was designed for humans with laptops.

NetFoundry for AI is the pitch for applying OpenZiti’s identity-first model to this mess:

  • A zero trust enclave for your users, agents, MCP servers, and LLMs, so none of them are reachable over the open network
  • Strong identities for the non-human participants (agents and MCP servers have been running around with service accounts and bearer tokens for too long)
  • API keys and service credentials held separately from the agents themselves, so a compromised agent isn’t also a compromised credential vault
  • Token tracking, cost accounting, and LLM routing across multiple providers, because once you have the identity layer you might as well use it to see what is happening

There is a NetFoundry for AI early access program open right now, and if you are building anything nontrivial with agents, it’s worth a look.

Why this job, specifically?

If you have been reading Global Nerdy for a while, you know the pattern. I spent three and a half years at Auth0 explaining OAuth 2.0, OIDC, and identity to mobile developers who would rather do literally anything else. The work was: take something that sounds like a standards committee threw up on a whiteboard, anchor it to a problem the developer actually has, and give them working code that does not require them to read 400 pages of RFC.

Zero trust networking is the same shape of problem. The concepts are genuinely hard. The vocabulary is dense. Most developers have never had to think about overlay networks before. But the underlying motivation, “I don’t want my AI agent’s API key to become somebody’s weekend project,” is something every builder can feel in their bones.

And some of you might remember my monthly Tampa Bay AI Meetup, which is now sitting around 2,200 members. The through-line of that community has been the same thing I am now getting paid to do full-time: take genuinely complicated infrastructure and make it feel approachable. Zero trust for AI agents is squarely in that Venn diagram.

What happens next

For the next little while, the plan is mostly “shut up and build.” I am standing up OpenZiti from scratch on my own hardware, embedding the SDK in a demo app, running MCP Gateway with Claude Desktop and a couple of backends, running LLM Gateway with a local model and a commercial one, and lurking in every community where OpenZiti and MCP get talked about. No hot takes until I have earned them.

After that, the usual Joey stuff: blog posts, short demo videos, office hours, and actual conversations in the places where developers hang out: r/openziti, r/mcp, the OpenZiti Discourse, and wherever else the work takes me.

If you build on OpenZiti, or you have been curious about it, or you just want to commiserate about explaining infrastructure to developers, my DMs are open. I am @AccordionGuy on GitHub, Joey de Villa on LinkedIn, and the accordion is here if anyone wants a rock cover of something topical as a celebratory interlude.

Time to rock!

Categories
Artificial Intelligence Career Security What I’m Up To

A Fake Recruiter Tried to Scam Me — I Caught Him Using ChatGPT

The newest video on the Global Nerdy YouTube channel is now online! It’s called A Fake Recruiter Tried to Scam Me — I Caught Him Using ChatGPT. Watch it now!

It’s the story of how a scammer posing as an executive recruiter tried to con me out of hundreds (and possibly thousands) of dollars using AI-generated emails, a fake job description, and a fabricated “internal document” from OpenAI.

He had me… for thirty seconds, and then I thought about it.

The short version

A “recruiter” emailed me out of the blue about a developer relations role. This isn’t out of the the ordinary; this has happened before, and it’s happened a couple of times in the past couple of months.

However, this role stood out: it was Director of Developer Relations role at OpenAI. Remote-first, $230K–$280K base, Python-primary, and AI-focused. It was basically my dream job on paper.

Over the course of several emails, he asked for my resume and salary expectations while giving me nothing concrete in return: no company name, no hiring manager, no specifics.

When I finally got suspicious and asked three simple verification questions:

  1. Who’s your contact at OpenAI?
  2. Is this a retained or contingency search?
  3. What’s your formal relationship with the hiring organization?

He went silent for over a day, then came back with a wall of text that answered none of them.

Then came the real play: he told me that OpenAI required three purportedly “professional documents” before I could interview, and they had to be ready in the next 48 hours:

  1. An “Executive Impact Matrix,”
  2. A “Technical Leadership Competency Assessment,” and
  3. A “Cross-Functional Influence & Initiative Report”

The descriptions of these documents made it look as if they were complex and would take hours to prepare. The recruiter “helpfully” offered to connect me with a “specialist” who could prepare them for a fee.

None of these documents are real. No company asks for them. It’s a document preparation fee scam, and the whole weeks-long email exchange was just the runway to get me to that moment.

But the best part? When I didn’t bite, he followed up with a fake “OpenAI Candidate Review” document showing my name alongside other “candidates” with star ratings. This would be a massive HR violation if it were real:

But it wasn’t real! He generated it with ChatGPT. And he left behind evidence — the dumbass forgot to crop out the watermark.

How the AI gave him away

One of the most interesting things about this scam is how AI was both the scammer’s greatest tool and his undoing.

Every email he sent me was written in polished, flawless corporate English.

But in the one paragraph where he steered me toward paying the “specialist,” the grammar suddenly fell apart:

“a professional I have known for years that specialise in this kind of documents with many great and positive result.”

The AI wrote the con. But the human wrote the close. And the seam between the two is where the truth leaked out.

This is a pattern worth watching for. As AI-powered scams become more common, the tell is going to be a shift in quality at the moment where the scammer needs to speak in their own words. You’ll see well-written text, abruptly followed by different writing style marked by poor, non-idiomatic grammar (because they’re communicating with you in a language they don’t know  well). Keep an eye out for that sudden transition.

The 3 questions real recruiters can answer

If you’re job searching right now and a recruiter reaches out, ask them these three questions:

  1. Who is your contact at the hiring company?
  2. Is this a retained or contingency search?
  3. What is your formal relationship with the hiring organization?

A real recruiter answers these in seconds. A fake one dodges, deflects, or disappears.

8 fake recruiter red flags

Based on my experience, here are eight things to watch out for:

  1. The job seems tailor-made for you. LLMs make it trivially easy to generate a convincing “JD” (job description) from someone’s LinkedIn profile. If it checks every single box, ask why.
  2. The information only flows one direction. They ask for your resume, salary, and preferences. They give you nothing concrete: no company name, no hiring manager, no search terms.
  3. The email footer doesn’t add up. Gmail addresses or mismatched domains, vague or incomplete street addresses, and an “alphabet soup” of certifications are all warning signs.
  4. They dodge verification questions. Real recruiters are proud of their client relationships. Fake ones ghost you when you ask for specifics.
  5. They ask you to pay for documents or preparation. No legitimate employer requires this. Ever. This is always the scam.
  6. Watch for the grammar shift. Polished emails that suddenly drop in quality when money enters the conversation? That’s AI-generated content with a human-written sales pitch sloppily stitched in.
  7. Check the metadata. If they send you an “official” document, look at every corner, every file property, every detail. Scammers are playing a numbers game, and as a result, they’re often rushed and sloppy. Sometimes they literally leave the watermark.
  8. The emotional setup is part of the scam. Flattery, validation, and the sense that someone finally sees your worth is intoxicating, especially when you’ve been job hunting for months. That’s by design. The best time to be skeptical is when you most want to believe.

Why this matters right now

This isn’t just my problem. It’s an epidemic:

AI tools are making these scams more polished, more personalized, and harder to detect. The “spray and pray” emails with obvious typos are being replaced by tailored, multi-email campaigns that build trust over weeks before making their move.

If you’re job searching (or know someone who is), please share this post and the video. The more people know what to look for, the less effective these scams become.

Watch the video

Once again, here’s the video, where I walk through the entire scam step by step, from the first email to the ChatGPT watermark:

And if you haven’t already, subscribe to the Global Nerdy YouTube channel. There’s more coming soon, and I promise it’ll be less infuriating than this one. Probably.

Report it

If this has happened to you, here’s where to report it:

And if you’ve got your own story about a fake recruiter, drop me a line on LinkedIn! Let’s make these scams harder to pull off.

Categories
Conferences Meetups Security Tampa Bay What I’m Up To

This Tuesday in Tampa: Two tech events, four minutes apart!

On Tuesday, two popular tech events take place in Tampa, and you may be wondering which one you should attend. I’ll answer your question by quoting the little girl from that classic Old El Paso commerical:

The two events in question are:

Here’s the interesting wrinkle: these two events are only a couple of blocks or a four-minute walk apart!

So if you’re feeling ambitious — and I just might be — you can attend both events with a little judicious scheduling.

Categories
Artificial Intelligence Security What I’m Up To

A simple AI fake voice and face example

This past Tuesday (July 15, 2025), I appeared on a news segment on Tampa’s WFLA Channel 8 evening news, where I was brought in to comment about ways to not fall for AI-powered phone scams. The video from that news segment is pictured above.

While the segment talked about using AI to mimic people’s voices and faces and have them say whatever you want, there wasn’t time to demonstrate this capability — so I’m doing it here.

Here’s a video I recorded back in October 2023 to promote a Python course that I was teaching:

I then fed that video to HeyGen, the AI avatar service,  and used it to translate my video into Spanish. Here’s the result:

I don’t speak Spanish anywhere as fluently and smoothly as my HeyGen-generated version, and note that HeyGen went so far as to sync my lips with the Spanish words!

The Spanish voice is also a decent approximation of mine — close enough that it might fool even people who know me well, given a stressful situation full of emotion and other distractions, which is the sort of scenario that con artists try to create in a phone scam.

You should also note that the Spanish video was made with the version of HeyGen from October 2023. I’m sure it’s undergone significant improvements since then.

Categories
Conferences Security Tampa Bay

BSides Tampa 12: This coming weekend!

BSides Tampa 12, Tampa’s big cybersecurity conference, takes place this weekend at the University of South Florida!

BSides Tampa is one of Tampa Bay’s biggest tech conferences, with 1,900 attendees at last year’s event:

It’s worth checking out, even if cybersecurity isn’t your main focus. For starters, in today’s incredibly networked and AI-powered environment, security is everyone’s concern.

You’ll also learn a lot, whether it’s from one of presentations spread across seven tracks, the villages (the Social Engineering Adventure Village, the Lockpick Village, and the Network Security Village), the two Capture the Flag events, or the people you’ll meet.

Yours Truly, presenting at last year’s BSides Tampa. You can find out more about my presentation here.

BSides Tampa will take place over two days:

  • Friday, May 16: Training and workshops
  • Saturday, May 17: The main conference and post-conference happy hour

The tickets for the main conference are very reasonably priced:

  • General admission: $45
  • Students / active-duty military / veterans: $30

You can buy tickets to BSides Tampa here.

BSides’ history

BSides gets it name from “b-side,” the alternate side of a vinyl or cassette single, where the a-side has the primary content and the b-side is the bonus or additional content.

In 2009, the Black Hat conference in Las Vegas received way more presentation submissions than they could take on. The rejected presenters had very good presentations; there just wasn’t enough capacity for them. Those presenters, disappointed at not having their presentations accepted, banded together and made their own “b-side” conference in the spirit of Bender from Futurama.

That event was the first BSides, a small, hastily-assembled event that ran at a BSides organizer’s house at the same time as Black Hat on July 29 and 30, 2009.

Here are some photos:

Here’s the summary of that first BSides from the BSides history page:

It was a wild success: the talks were good, the party was better, and it was clear that the security community was excited at the idea of a conference that focused on conversations and personal interaction with peers. Those involved in the first event had a vision of rolling the idea out at a regional level, enabling local organizers to set up similar conferences in their own area.

In 2010, BSides took place again in Las Vegas, but there were also BSides conferences in Atlanta, Austin, Berlin, Boston, Dallas, Delaware, Denver, Kansas City, Ottawa,  and San Francisco. In 2011, it would expand to over 40 events, with Africa and Australia joining the list of continents that had a BSides conference.

Tampa had its first BSides on February 15, 2014, and it’s grown over the years to become one of the biggest Tampa Bay tech events of the year.

BSides Tampa is sponsored by the Tampa Bay chapter of (ISC)², which is clever and mathematically-correct shorthand for “International Information System Security Certification Consortium”. (ISC)² is a non-profit specializing in training and certifying information security professionals.

Join us at BSides Tampa this weekend!

Categories
Current Events Security

This is horrifying: U.S. Defense Secretary Orders Cyber Command to stand down from all planning to counter Russia

According to cybersecurity news site The Record (they’re pretty good; you should bookmark them), newly-appointed U.S. Defense Secretary (and former FOX News host, philanderer, and raging alcoholic with a track record that “falls short of military standards”) ordered U.S. Cyber Command to stand down from all planning against Russia last week.

This is the same Russia that brought us cybersecurity threats such as:

Here’s what CISA — the Cybersecurity and Infrastructure Security Agency — has to say about Russia. This is from their Russia Cyber Threat Overview and Advisories page, which was on their website at the time of writing, but it might not be for much longer:

Friends in the cybersecurity industry — prepare a lot of headaches in the near future.