Jack Cable
@jackhcable.bsky.social
CEO & Co-founder at Corridor.
Previously: Senior Technical Advisor at CISA, TechCongress in the Senate, Krebs Stamos Group, CISA, Defense Digital Service, and Stanford.
Previously: Senior Technical Advisor at CISA, TechCongress in the Senate, Krebs Stamos Group, CISA, Defense Digital Service, and Stanford.
Today, I’ll be testifying to the House Homeland Security Committee during a hearing at Stanford.
Tune in here: homeland.house.gov/hearing/comm...
Tune in here: homeland.house.gov/hearing/comm...
“Innovation Nation” Field Hearing at Stanford’s Hoover Institution on US Cybersecurity Posture – Committee on Homeland Security
homeland.house.gov
May 28, 2025 at 4:26 PM
Today, I’ll be testifying to the House Homeland Security Committee during a hearing at Stanford.
Tune in here: homeland.house.gov/hearing/comm...
Tune in here: homeland.house.gov/hearing/comm...
New from Jen Easterly and me: as threats to our critical infrastructure increase, U.S. policymakers need to defend + strengthen the role of security research. This is personal for me, having received legal threats for good-faith security research.
www.lawfaremedia.org/article/adva...
www.lawfaremedia.org/article/adva...
Advancing Secure by Design through Security Research
It is essential for U.S. policymakers to actively protect and promote the role of security research within an open and transparent ecosystem.
www.lawfaremedia.org
April 25, 2025 at 4:35 PM
New from Jen Easterly and me: as threats to our critical infrastructure increase, U.S. policymakers need to defend + strengthen the role of security research. This is personal for me, having received legal threats for good-faith security research.
www.lawfaremedia.org/article/adva...
www.lawfaremedia.org/article/adva...
📢 Excited to share that I started a new company, Corridor, with Ashwin Ramaswami! Corridor is the AI-powered secure by design platform – and we're backed by @stamos.org, Chris Krebs, Christina Cacioppo, @alip.bsky.social at Neo, and Sarah Guo at Conviction.
forms.gle/3LsFxtNqzok2...
forms.gle/3LsFxtNqzok2...
Corridor Waitlist
Interested in learning more about Corridor? Fill out this form to join our waitlist.
By submitting this form, you opt in to receiving emails from Corridor.
forms.gle
March 20, 2025 at 7:56 PM
📢 Excited to share that I started a new company, Corridor, with Ashwin Ramaswami! Corridor is the AI-powered secure by design platform – and we're backed by @stamos.org, Chris Krebs, Christina Cacioppo, @alip.bsky.social at Neo, and Sarah Guo at Conviction.
forms.gle/3LsFxtNqzok2...
forms.gle/3LsFxtNqzok2...
After two incredible years, today is my last day at CISA. Immensely grateful to have been able to drive CISA's work on Secure by Design, spurring commitments from 250 software manufacturers and publishing guidance with over a dozen int'l partners.
My exit interview: cyberscoop.com/jack-cable-c...
My exit interview: cyberscoop.com/jack-cable-c...
A CISA secure-by-design guru makes the case for the future of the initiative
The initiative had led to tangible changes, Jack Cable said upon his exit from the agency as senior technical adviser.
cyberscoop.com
January 16, 2025 at 3:44 PM
After two incredible years, today is my last day at CISA. Immensely grateful to have been able to drive CISA's work on Secure by Design, spurring commitments from 250 software manufacturers and publishing guidance with over a dozen int'l partners.
My exit interview: cyberscoop.com/jack-cable-c...
My exit interview: cyberscoop.com/jack-cable-c...
🔒 New from CISA, some tips on protecting your communications in light of compromises of telecom infrastructure. Includes:
1. Use only end-to-end encrypted messaging apps such as Signal.
2. Enable FIDO auth (security keys or passkeys) wherever possible.
3. Do not use a personal VPN.
1. Use only end-to-end encrypted messaging apps such as Signal.
2. Enable FIDO auth (security keys or passkeys) wherever possible.
3. Do not use a personal VPN.
December 18, 2024 at 6:02 PM
🔒 New from CISA, some tips on protecting your communications in light of compromises of telecom infrastructure. Includes:
1. Use only end-to-end encrypted messaging apps such as Signal.
2. Enable FIDO auth (security keys or passkeys) wherever possible.
3. Do not use a personal VPN.
1. Use only end-to-end encrypted messaging apps such as Signal.
2. Enable FIDO auth (security keys or passkeys) wherever possible.
3. Do not use a personal VPN.
📣 CISA is hosting an info session on the Secure by Design Pledge on Monday, Dec 9 from 10-12pm in San Francisco. Come to hear from Bob Lord, me, and a panel with pledge signers around progress and lessons learned from the pledge.
Register here: forms.office.com/g/Ta5g0P6Q5m
Register here: forms.office.com/g/Ta5g0P6Q5m
Microsoft Forms
forms.office.com
November 27, 2024 at 6:33 PM
📣 CISA is hosting an info session on the Secure by Design Pledge on Monday, Dec 9 from 10-12pm in San Francisco. Come to hear from Bob Lord, me, and a panel with pledge signers around progress and lessons learned from the pledge.
Register here: forms.office.com/g/Ta5g0P6Q5m
Register here: forms.office.com/g/Ta5g0P6Q5m
ICYMI: CISA published the Product Security Bad Practices for public comment, due Dec 16.
Included in the bad practices: development of new products in memory unsafe language, inclusion of user input in SQL queries/OS commands, default passwords, and more.
www.cisa.gov/resources-to...
Included in the bad practices: development of new products in memory unsafe language, inclusion of user input in SQL queries/OS commands, default passwords, and more.
www.cisa.gov/resources-to...
Product Security Bad Practices | CISA
This voluntary guidance provides an overview of product security bad practices that are deemed exceptionally risky, particularly for software manufacturers who produce software used in service of crit...
www.cisa.gov
November 15, 2024 at 4:52 PM
ICYMI: CISA published the Product Security Bad Practices for public comment, due Dec 16.
Included in the bad practices: development of new products in memory unsafe language, inclusion of user input in SQL queries/OS commands, default passwords, and more.
www.cisa.gov/resources-to...
Included in the bad practices: development of new products in memory unsafe language, inclusion of user input in SQL queries/OS commands, default passwords, and more.
www.cisa.gov/resources-to...
My keynote from All Things Open is now online, covering Secure by Design, open source AI, and our Product Security Bad Practices guidance: www.youtube.com/watch?v=Furf...
Jack Cable - The U.S. Government's Approach to Open Source Security - All Things Open 2024
YouTube video by All Things Open
www.youtube.com
November 13, 2024 at 10:03 PM
My keynote from All Things Open is now online, covering Secure by Design, open source AI, and our Product Security Bad Practices guidance: www.youtube.com/watch?v=Furf...
Reposted by Jack Cable
It's the six-month anniversary of CISA's secure-by-design pledge. I talked to @jackhcable.bsky.social about how things are going and what's next: therecord.media/cisa-jack-ca...
New details in here about participant workshops, CISA's plans for tracking progress, and version 2.0 of the pledge.
New details in here about participant workshops, CISA's plans for tracking progress, and version 2.0 of the pledge.
November 8, 2024 at 5:46 PM
It's the six-month anniversary of CISA's secure-by-design pledge. I talked to @jackhcable.bsky.social about how things are going and what's next: therecord.media/cisa-jack-ca...
New details in here about participant workshops, CISA's plans for tracking progress, and version 2.0 of the pledge.
New details in here about participant workshops, CISA's plans for tracking progress, and version 2.0 of the pledge.
Today, I published in the Harvard Business Review on how business leaders of software manufacturers can prevent ransomware attacks at scale with more secure by design software.
Read here: hbr.org/2024/04/prev...
Read here: hbr.org/2024/04/prev...
Preventing Ransomware Attacks at Scale
Ransomware attacks — like the one on Change Healthcare — continue to cause major turmoil. But they are not inevitable. Software manufacturers can build products that are resilient against the most com...
hbr.org
April 23, 2024 at 9:15 PM
Today, I published in the Harvard Business Review on how business leaders of software manufacturers can prevent ransomware attacks at scale with more secure by design software.
Read here: hbr.org/2024/04/prev...
Read here: hbr.org/2024/04/prev...
Great joining @rosenzweigp.bsky.social on the Lawfare Podcast! Tune in for some holiday listening to hear from Lauren Zabierek, Bob Lord and me on CISA's path forward on Secure by Design.
www.lawfaremedia.org/article/the-...
www.lawfaremedia.org/article/the-...
December 22, 2023 at 6:08 PM
Great joining @rosenzweigp.bsky.social on the Lawfare Podcast! Tune in for some holiday listening to hear from Lauren Zabierek, Bob Lord and me on CISA's path forward on Secure by Design.
www.lawfaremedia.org/article/the-...
www.lawfaremedia.org/article/the-...
Have thoughts on Secure by Design? Yesterday, CISA announced a Request for Information on Secure by Design.
Have thoughts on eliminating classes of vulns, security education for developers, economics, AI, OT, and more? Check it out and respond (by Feb 20): www.federalregister.gov/documents/20...
Have thoughts on eliminating classes of vulns, security education for developers, economics, AI, OT, and more? Check it out and respond (by Feb 20): www.federalregister.gov/documents/20...
Request for Information on “Shifting the Balance of Cybersecurity Risk: Principles and Approaches ...
CISA requests input from all interested parties on the white paper ``Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software.''
www.federalregister.gov
December 21, 2023 at 6:13 PM
Have thoughts on Secure by Design? Yesterday, CISA announced a Request for Information on Secure by Design.
Have thoughts on eliminating classes of vulns, security education for developers, economics, AI, OT, and more? Check it out and respond (by Feb 20): www.federalregister.gov/documents/20...
Have thoughts on eliminating classes of vulns, security education for developers, economics, AI, OT, and more? Check it out and respond (by Feb 20): www.federalregister.gov/documents/20...