Todd Thiemann
@cryptodd.bsky.social
California native, Omdia (formerly Enterprise Strategy Group) analyst, cybersecurity geek, soccer goalkeeping phenom. Crypto = cryptography, Views=mine, Reposts≠endorsement
Pinned
Todd Thiemann
@cryptodd.bsky.social
· Nov 25
The Enterprise Strategy Group (ESG) Starter Pack so you can keep up with the ESG analyst team covering #cybersecurity and all thinks enterprise information technology. go.bsky.app/4axSvJz
Agentic AI, identity tool sprawl, and a surge of non‑human identities are reshaping how enterprises define and manage trust. In a new Dark Reading piece, I put on my industry analyst hat with four identity predictions for 2026 and practical steps you can take. www.darkreading.com/identity-acc...
Identity Security 2026: 4 Predictions & Recommendations
Agentic AI adoption & identity security risks, IGA expansion, SOC-identity team collaboration, & identity platform consolidation—some predictions for 2026.
www.darkreading.com
January 2, 2026 at 4:26 PM
Agentic AI, identity tool sprawl, and a surge of non‑human identities are reshaping how enterprises define and manage trust. In a new Dark Reading piece, I put on my industry analyst hat with four identity predictions for 2026 and practical steps you can take. www.darkreading.com/identity-acc...
My #identitysecurity #IAM prognostications for 2026 are published in @darkreading.bsky.social! I hope for omniscience, but am making a note to self to revisit it in 12 months to see what I got right and wrong. www.darkreading.com/identity-acc...
Identity Security 2026: 4 Predictions & Recommendations
Agentic AI adoption & identity security risks, IGA expansion, SOC-identity team collaboration, & identity platform consolidation—some predictions for 2026.
www.darkreading.com
January 2, 2026 at 6:14 AM
My #identitysecurity #IAM prognostications for 2026 are published in @darkreading.bsky.social! I hope for omniscience, but am making a note to self to revisit it in 12 months to see what I got right and wrong. www.darkreading.com/identity-acc...
Astounding amounts of equity granted to OpenAI employees according to this WSJ article. And remember that 1 year cliff that most tech companies have in their option packages? It was 6 months at OpenAI, but that was dropped because they were losing a battle for talent. www.wsj.com/tech/ai/open...
OpenAI Is Paying Employees More Than Any Major Tech Startup in History
The company’s stock-based compensation in 2025 reached an average of $1.5 million per employee.
www.wsj.com
December 31, 2025 at 2:56 PM
Astounding amounts of equity granted to OpenAI employees according to this WSJ article. And remember that 1 year cliff that most tech companies have in their option packages? It was 6 months at OpenAI, but that was dropped because they were losing a battle for talent. www.wsj.com/tech/ai/open...
Wisconsin, what is up with you? I get Alaska, Idaho, and Utah may have low vaccination rates, but didn't expect to see Wisconsin in that that group.
December 31, 2025 at 2:48 PM
Wisconsin, what is up with you? I get Alaska, Idaho, and Utah may have low vaccination rates, but didn't expect to see Wisconsin in that that group.
Reposted by Todd Thiemann
"Implementing Secure AI Framework (#SAIF) Controls in Google Cloud" security.googlecloudcommunity.com/ciso-blog-77... <- this blog launches a new paper on SAIF #AI controls in Google Cloud. More useful than fun, admittedly :-)
December 17, 2025 at 10:19 AM
"Implementing Secure AI Framework (#SAIF) Controls in Google Cloud" security.googlecloudcommunity.com/ciso-blog-77... <- this blog launches a new paper on SAIF #AI controls in Google Cloud. More useful than fun, admittedly :-)
Reposted by Todd Thiemann
Former head of trust and safety at Twitter, Yoel Roth, demonstrating the intellectual dishonesty of “In Covid’s Wake” by showing how they distorted his own words to make them say the opposite of what he was arguing.
A small (personal) example of this book’s intellectual dishonesty:
My father-in-law is reading In Covid’s Wake, and excitedly told me he found a passage where I’m quoted. The quote in question is me saying the FBI worked to censor speech on social media.
Huh? When did I say that?!
My father-in-law is reading In Covid’s Wake, and excitedly told me he found a passage where I’m quoted. The quote in question is me saying the FBI worked to censor speech on social media.
Huh? When did I say that?!
December 24, 2025 at 9:31 PM
Former head of trust and safety at Twitter, Yoel Roth, demonstrating the intellectual dishonesty of “In Covid’s Wake” by showing how they distorted his own words to make them say the opposite of what he was arguing.
Reposted by Todd Thiemann
IT'S A WONDERFUL ESSAY: It seems people usually rewatch 'It's a Wonderful Life' just before Christmas. Can I commend to you this marvelous essay we published a few years ago? It could change the way you understand that classic movie.
www.thebulwark.com/p/there-is-n...
www.thebulwark.com/p/there-is-n...
There Is No Mary Problem in ‘It’s a Wonderful Life’
George’s vision of his wife without him is essential to the film, but critics continue to miss its true—and profound—meaning.
www.thebulwark.com
December 23, 2025 at 3:18 AM
IT'S A WONDERFUL ESSAY: It seems people usually rewatch 'It's a Wonderful Life' just before Christmas. Can I commend to you this marvelous essay we published a few years ago? It could change the way you understand that classic movie.
www.thebulwark.com/p/there-is-n...
www.thebulwark.com/p/there-is-n...
ServiceNOW is acquiring Armis for $7.75B in cash. This follows on NOW's acquisition of Veza for ~$1B. NOW will be bumping heads with a bunch of security incumbents (CrowdStrike, PAN, Cisco, S1, etc), but securing AI agents provides a ripe enterprise problem to solve. techcrunch.com/2025/12/23/s...
ServiceNow to acquire cybersecurity startup Armis for $7.75B | TechCrunch
The deal is expected to yield significant returns for Armis investors, including Sequoia, CapitalG, and Insight Partners.
techcrunch.com
December 24, 2025 at 12:25 AM
ServiceNOW is acquiring Armis for $7.75B in cash. This follows on NOW's acquisition of Veza for ~$1B. NOW will be bumping heads with a bunch of security incumbents (CrowdStrike, PAN, Cisco, S1, etc), but securing AI agents provides a ripe enterprise problem to solve. techcrunch.com/2025/12/23/s...
This is bad. #cybersecurity
www.politico.com/news/2025/12...
Good god
“At least six career staffers at the Cybersecurity and Infrastructure Security Agency were suspended with pay this summer after organizing a polygraph test that the agency’s acting director, Madhu Gottumukkala, failed.”
Good god
“At least six career staffers at the Cybersecurity and Infrastructure Security Agency were suspended with pay this summer after organizing a polygraph test that the agency’s acting director, Madhu Gottumukkala, failed.”
Acting CISA director failed a polygraph. Career staff are now under investigation.
At least six career staff were placed on leave after DHS opened an investigation into whether they misled the agency’s acting director, Madhu Gottumukkala, into taking the test.
www.politico.com
December 22, 2025 at 2:24 PM
This is bad. #cybersecurity
Vulnerability management solutions may detect things like missing patches, default/weak configs, insecure protocols, and exposed management interfaces. In cloud/ modern environments, that can include cloud security posture (public S3 buckets, overly permissive IAM roles). This risk requires nuance.
AWS published a report on GRU's hacks of critical infrastructure
The report highlights a shift from vulnerability exploitation to targeting misconfigured devices
aws.amazon.com/blogs/securi...
The report highlights a shift from vulnerability exploitation to targeting misconfigured devices
aws.amazon.com/blogs/securi...
Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure | Amazon Web Services
As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a ...
aws.amazon.com
December 16, 2025 at 3:03 PM
Vulnerability management solutions may detect things like missing patches, default/weak configs, insecure protocols, and exposed management interfaces. In cloud/ modern environments, that can include cloud security posture (public S3 buckets, overly permissive IAM roles). This risk requires nuance.
Identity security news is popping today! In the Identity Governance and Administration (IGA) space, Sailpoint crossed $1B ARR in their latest quarter while Saviynt announced a monster $700M Series B at $3B valuation. www.wsj.com/articles/cyb...
Exclusive | Cyber Startup Saviynt Raises $700 Million to Secure Identity and Access
AI has businesses scrambling to ensure workers and software robots are who they say they are.
www.wsj.com
December 9, 2025 at 3:47 PM
Identity security news is popping today! In the Identity Governance and Administration (IGA) space, Sailpoint crossed $1B ARR in their latest quarter while Saviynt announced a monster $700M Series B at $3B valuation. www.wsj.com/articles/cyb...
Reposted by Todd Thiemann
We very rarely do sales at @404media.co but today is an exception so pls consider and get all this stuff:
www.404media.co/cyber-monday...
www.404media.co/cyber-monday...
December 1, 2025 at 6:25 PM
We very rarely do sales at @404media.co but today is an exception so pls consider and get all this stuff:
www.404media.co/cyber-monday...
www.404media.co/cyber-monday...
Reposted by Todd Thiemann
Realtors know that, in many parts of the country, if you educate people about climate risk, the housing market will collapse.
www.nytimes.com/2025/11/30/c...
www.nytimes.com/2025/11/30/c...
Zillow Removes Climate Risk Scores From Home Listings
www.nytimes.com
November 30, 2025 at 1:57 PM
Realtors know that, in many parts of the country, if you educate people about climate risk, the housing market will collapse.
www.nytimes.com/2025/11/30/c...
www.nytimes.com/2025/11/30/c...
Reposted by Todd Thiemann
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
Banning TP-Link won't save America from its own terrible cybersecurity
TP-Link routers face a ban in the U.S. over the company's alleged links to China, but shoddy cybersecurity is the real insider threat to the United States.
this.weekinsecurity.com
November 26, 2025 at 1:27 PM
New, by me at this.weekinsecurity.com: Router maker TP-Link faces a potential U.S.-wide ban over its alleged links to China.
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
In my latest analysis, I dive into why a TP-Link ban is unlikely to make America meaningfully safer from Chinese cyberthreats (or anywhere).
Please share!
I just noticed that @hashicorp.com Vault now supports #SPIFFE (a Kubecon 2025 announcement). Great news that better secures AI agent deployments. Lots of goodness - verifiable IDs for AI agents, zero trust architecture, and lifecycle management. www.hashicorp.com/en/blog/spif...
www.hashicorp.com
November 24, 2025 at 11:39 PM
I just noticed that @hashicorp.com Vault now supports #SPIFFE (a Kubecon 2025 announcement). Great news that better secures AI agent deployments. Lots of goodness - verifiable IDs for AI agents, zero trust architecture, and lifecycle management. www.hashicorp.com/en/blog/spif...
Reposted by Todd Thiemann
Ok @hankgreen.bsky.social is my anger translator regarding stupid controversies about Jimmy Wales and @wikipedia.org. I was going to say something, but Hank says everything I would have said here.
www.youtube.com/watch?v=9zi0...
www.youtube.com/watch?v=9zi0...
Wikipedia and the Destruction of Trust
YouTube video by Hank Green
www.youtube.com
November 17, 2025 at 6:33 AM
Ok @hankgreen.bsky.social is my anger translator regarding stupid controversies about Jimmy Wales and @wikipedia.org. I was going to say something, but Hank says everything I would have said here.
www.youtube.com/watch?v=9zi0...
www.youtube.com/watch?v=9zi0...
Comet on Android has a sweet opening screen and some slick functionality.
AI search company Perplexity launched its Comet browser today on Android. The startup debuted the AI-centric browser in July on desktop with AI-powered search. techcrunch.com/2025/11/20/p...
Perplexity brings its AI browser Comet to Android | TechCrunch
Perplexity is launching its AI browser Comet on Android with an iOS version in works.
techcrunch.com
November 21, 2025 at 1:30 PM
Comet on Android has a sweet opening screen and some slick functionality.
Reposted by Todd Thiemann
Time to look into your settings, folks.
Gmail can read your emails and attachments to train its AI, unless you opt out
A new Gmail update may allow Google to use your private messages and attachments for AI training. Here's how to turn it off.
www.malwarebytes.com
November 21, 2025 at 12:00 PM
Time to look into your settings, folks.
""The timeline for both vulnerabilities being disclosed is only days apart. Both vulnerabilities were patched by the vendor in prior product updates and with no disclosure at the time of patching," Rapid7 noted in the technical analysis. "
Disclosure is transparency goodness.
Disclosure is transparency goodness.
Another Fortinet zero-day vulnerability under exploitation. And more questions about silent patching and disclosure practices. www.darkreading.com/vulnerabilit...
Fortinet Woes Continue With Another WAF Zero-Day Flaw
A second zero-day vulnerability in Fortinet's web application firewall (WAF) line has raised more questions about the vendor's disclosure practices.
www.darkreading.com
November 20, 2025 at 2:22 PM
""The timeline for both vulnerabilities being disclosed is only days apart. Both vulnerabilities were patched by the vendor in prior product updates and with no disclosure at the time of patching," Rapid7 noted in the technical analysis. "
Disclosure is transparency goodness.
Disclosure is transparency goodness.
My post about identity & access management and IGA app integration got published in @darkreading.bsky.social! Lots of IGA app integration knowledge goodness. #identitysecurity www.darkreading.com/identity-acc...
November 17, 2025 at 8:35 PM
My post about identity & access management and IGA app integration got published in @darkreading.bsky.social! Lots of IGA app integration knowledge goodness. #identitysecurity www.darkreading.com/identity-acc...
I am quibbling, but why can't the WSJ (and others) include in the headline that Trump is rolling back tariff that he raised? The lede paragraph has it, but not the headline. Many will read the headline and think Trump is rolling back tariffs that "the government" imposed. www.wsj.com/economy/trad...
Trump Implements Major Rollback of Food Tariffs
The president moved to lower duties on beef, coffee and dozens of other goods, as he looks for ways to address Americans’ concerns about the cost of living.
www.wsj.com
November 15, 2025 at 4:19 PM
I am quibbling, but why can't the WSJ (and others) include in the headline that Trump is rolling back tariff that he raised? The lede paragraph has it, but not the headline. Many will read the headline and think Trump is rolling back tariffs that "the government" imposed. www.wsj.com/economy/trad...
If I recall correctly, California mandated bidirectional electric vehicle chargings (previously some vehicles did not support it). A cool use case powered by bidirectional EVs.
November 14, 2025 at 9:18 PM
If I recall correctly, California mandated bidirectional electric vehicle chargings (previously some vehicles did not support it). A cool use case powered by bidirectional EVs.
Five people pleading guilty to helping the North Korean regime land fake, remote IT workers. Four were US nationals and the fifth was Ukrainian.
NEW: Five people who live in the U.S. pleaded guily for "facilitating" and helping the North Korean regime place fake remote IT workers inside American companies.
U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.
U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.
Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch
The U.S. Department of Justice said five people — including four U.S. nationals — "facilitated" North Korean IT workers to get jobs at American companies, allowing the regime to earn money from their ...
techcrunch.com
November 14, 2025 at 5:20 PM
Five people pleading guilty to helping the North Korean regime land fake, remote IT workers. Four were US nationals and the fifth was Ukrainian.
Reposted by Todd Thiemann
NEW: Google is taking legal action against Chinese cybercriminals responsible for sending out millions of scam text messages—including those parcel delivery scams.
Google hopes the lawsuit will help to disrupt the scammers' sprawling infrastructure
Google hopes the lawsuit will help to disrupt the scammers' sprawling infrastructure
This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation
Google is suing 25 people it alleges are behind a “relentless” scam text operation that uses a phishing-as-a-service platform called Lighthouse.
www.wired.com
November 12, 2025 at 10:36 AM
NEW: Google is taking legal action against Chinese cybercriminals responsible for sending out millions of scam text messages—including those parcel delivery scams.
Google hopes the lawsuit will help to disrupt the scammers' sprawling infrastructure
Google hopes the lawsuit will help to disrupt the scammers' sprawling infrastructure