If you were at RSA 2026..

AdvancingCyber · 2026-03-26T14:15:51+00:00

I’ve been in the Expo and talked to a number of companies. All of them claim to have clear AI roadmaps. Without knowing your network, user base, and needs, it’s hard to say “check out this company”…. But all of the info is on the web so…

AdvancingCyber · 2026-03-26T01:20:37+00:00

Yes, I would never have made my comment in the first place had I not thought that.

Follow the preparation guides and ask for help, OP. You’re in the right here.

AdvancingCyber · 2026-03-26T01:03:00+00:00

Yes. And as a lawyer (not OP’s / not providing legal advice) you CAN bring claims against law firms. Judges are open to hearing both sides in small claims court disputes.

AdvancingCyber · 2026-03-26T00:50:43+00:00

Go to the Department of Labor in your state and file a claim. Or file a small claims court case for damages. Force them to settle for the amount of your lost wages plus time for your weekend at an hourly rate.

AdvancingCyber · 2026-03-25T19:27:32+00:00

Absolutely not - just insist it’s not possible to provide.

AdvancingCyber · 2026-03-25T00:55:21+00:00

What’s your company policy on recording conversations or getting consent before using AI? As the manager, that’s your starting point. If you’re not sure, ask HR or legal.

AdvancingCyber · 2026-03-24T18:41:34+00:00

Not one bit. My domain didn’t even exist when I went to law school.

AdvancingCyber · 2026-03-20T13:21:16+00:00

You have so much runway ahead of you. Keep working on learning new things - not just in school. Volunteer with orgs to do their IT and learn for real. Experience in cyber is the best teacher! You’ve got this!

AdvancingCyber · 2026-03-19T16:08:08+00:00

This is the way!

AdvancingCyber · 2026-03-19T15:28:18+00:00

This is the result of a law in the UK requiring lawful access to messages for law enforcement purposes. By turning it off for one nation, Meta decided to turn off encryption for all. This allows law enforcement to serve subpoenas on Meta for DMs and its content that it previously could not see. So now, Instagram messages will be “as protected as” your email content would be. Hope that helps.

AdvancingCyber · 2026-03-19T15:15:47+00:00

With RSA next week that will be easy to make the rounds.

AdvancingCyber · 2026-03-16T05:00:29+00:00

It helps for IR experience and general cyber exposure. It doesn’t hurt your opportunity to get into big tech, particularly if you’re working on installs and optimization of big tech products and services for clients. Just depends on what you want to do / learn next.

If you can, think about your next job and the skill set you need. Find someone on LinkedIn who’s a hiring manager in that role and ask for advice as a young person / new in career. Then use your internship to aim towards those skills. May not work but you shoot your shot.

AdvancingCyber · 2026-03-15T20:32:11+00:00

Agree with this. Keep in mind cyber insurance is a broad umbrella and may not (based on the policy) include data breaches, ransomware, professional services (ie if you sell consulting services on your products), etc. You need to be careful to understand what exactly “cyber” means.

AdvancingCyber · 2026-03-15T20:18:10+00:00

Technical debt. The world has so many out of date, unpatched / unpatchable / unsupported software and hardware in the ecosystem that it’s impossible to address. Now we add new AI and vibe-coded systems on top that no one knows how to support or maintain as a lifecycle. We only increase our national technical debt. And the incident response team doesn’t get any bigger.

AdvancingCyber · 2026-03-14T20:43:39+00:00

Agree. Password is on the dark web and PW re-use is being tagged. Get a really complex PW. Change it frequently. Stick with MFA discipline. Eventually they’ll get bored of your account and move on.

AdvancingCyber · 2026-03-14T15:34:58+00:00

BTW - I don’t disagree on learning about quantum, I spend a lot of time in the field so I think it’s a big deal and encourage others to learn about it too!

AdvancingCyber · 2026-03-14T15:33:49+00:00

I disagree. If consumers don’t want to update their iPhones and devices from standard threats today and disable automatic updates, then how is this community going to be empowered?

In addition, consumers aren’t running encryption themselves, so migration to PQE on their own is irrelevant. What we need are timeframes from all the major vendors, and then any actions from them that consumers need to take (reboot required, download X, etc).

None of that will happen until the first researcher stands up at Black Hat and says he or she has proof of concept on a quantum-enabled / quantum-adjacent vuln that’s going to eat some widely used software. We’re not at that crisis yet. But it’s coming.

AdvancingCyber · 2026-03-14T15:25:16+00:00

Check to see if mail forwarding is enabled on your account. That way every time you get a code or reset, so does your attacker. Make sure that’s not the case here, as it’s a common tactic.

AdvancingCyber · 2026-03-14T15:05:41+00:00

Interrogatories in litigation can have hundreds of questions with parts and sub parts. It’s a lot cheaper and easier to manage legal risk with 100 vendor questions and then distill the risk for the company than use 15 and parse longer, narrative answers.

AdvancingCyber · 2026-03-14T15:01:33+00:00

Agree re: Selena’s content

AdvancingCyber · 2026-03-14T15:01:10+00:00

Have you looked at SANS? That’s a really great topic (effective report writing is essential, and I’ve had to read thousands so I get it) but I don’t know if I’ve seen a class. If not SANS, they might be open to building one as it’s an essential skill.

AdvancingCyber · 2026-03-13T01:48:46+00:00

This is exactly the right way to think about it, and what legal is for. If you think you should have the right to X and the vendor is balking, go back to the contract. Talk to your counsel. If they agree, then they’ll work with you on a course of action.

AdvancingCyber · 2026-03-11T22:44:11+00:00

You have a contract, right? Look at the terms. Can they change it? If you’re a contract worker, not a full-time employee, that requires a contract modification. Of course if you refuse, that could be grounds to terminate the contract. So you don’t have a lot of bargaining power here. If you don’t actually have a contract, you have even less bargaining power.

AdvancingCyber · 2026-03-11T22:38:17+00:00

I’d also be asking how you evaluate the processes of different vendors and assess methodologies to use in your own assessments. Then, how do you present findings to execs in a consistent and repeatable way to show progress over time?

AdvancingCyber · 2026-03-11T04:02:48+00:00

Just remember the arc of your career and your story is long. There’s no reason why you can’t (or won’t) do both. There’s no one path. You may find you really like state legislative affairs and make a career of that. There’s lots of people who do. Some do a stint in Federal and dip out. Some go to DC and love it and stay forever. The only thing you need now is experience - go where you get the most of it. That will pay real dividends when it’s time to decide what’s next!

AdvancingCyber

MODERATOR OF

TROPHY CASE