Shane

I have a hard time recognizing or appreciating Chinese innovation when I have spent my career responding to intrusions, particularly 🇨🇳 hacks of tech & data companies while at Mandiant. For so many in infosec, it’s impossible to differentiate breakthroughs from decades of cheating & theft. Here are some memorable quotes from my time at Mandiant (2014-2020): 🗣️ "We probably have somewhere in the order of 2,000 active investigations that are just related to the Chinese government's effort to steal information." - Christopher Wray, FBI Director, at the U.S.-China Economic and Security Review Commission, 2020 🗣️ "The Chinese government is known for using their military's cyber capabilities to hack into private U.S. tech firms. They steal I.P. and then transfer the technology to state-run companies for profit off of its development." - Rep. Matt Gaetz, at a hearing on Chinese IP theft, 2017 🗣️ "The greatest transfer of wealth in history is from the U.S. to China through cyber theft, and it's happening every single day." - Mike Rogers, NSA Director, 2015 🗣️ "There are only two types of companies in the United States: those who have been hacked by the Chinese, and those who don't know they've been hacked by the Chinese." - Robert Mueller, FBI Director, 2014

I still don't see enough orgs requiring hybrid Entra ID join in conditional access when accessing all cloud workloads. If done properly its a show stopper for external attackers especially if you are adding in device compliance rules in the mix. Usually when I see it I have to pivot to internal access via device compromise. External token theft is also a non starter.