Cyber Security Headlines Department of Know: MITRE's weaknesses list, DoD goes postquantum, Coupang fallout
Dec 15, 2025
In this engaging discussion, cybersecurity experts Andy Ellis and Johna Till Johnson dive into critical topics affecting the industry. They tackle the urgency of adopting post-quantum cryptography amid evolving threats, and critique MITRE's software weaknesses list for its limited actionability. The conversation also touches on the implications of a recent Coupang breach, emphasizing the need for robust offboarding practices. Ransomware defenses are highlighted, with both guests advocating for actionable strategies like backups and zero trust.
AI Snips
Chapters
Books
Transcript
Episode notes
Hanukkah Candles And Year-End Priorities
- Andy needed Hanukkah candles and used chime candles by mistake.
- He prioritized finishing the year and focusing on achievable wins over over-ambitious tasks.
Begin Crypto Agility Immediately
- Start building crypto agility now and stop waiting for perfect standards or deadlines.
- Inventory cryptography, prioritize high-risk systems, and migrate proactively before harvest-now decrypt-later adversaries succeed.
Top Weaknesses Reflect Old Vulnerability Patterns
- MITRE's top-25 list mostly reaffirms long-standing web flaws like XSS and SQLi as the primary attack surface.
- Vendor-exploited CVE counts (e.g., Microsoft) reveal where attacks concentrate more than generic weakness categories.
