Rob Joyce
@rgblights.bsky.social
Cyber guy. Former NSA cybersecurity director and chief of TAO. Lover of memes. Warning - occasional outrageous Christmas light content.
I testified to Congress that I believe the PRC operations prepositioning for disruptive effects in the US make it a bad idea to use TP-Link routers in millions of American homes. New reporting- the government appears to have reached the same conclusion!
www.washingtonpost.com/technology/2...
www.washingtonpost.com/technology/2...
U.S. agencies back banning popular home WiFi device, citing national security risk
The Commerce Department has proposed barring sales of TP-Link products, citing a national security risk from its China ties, people familiar with the matter said.
www.washingtonpost.com
October 30, 2025 at 8:04 PM
I testified to Congress that I believe the PRC operations prepositioning for disruptive effects in the US make it a bad idea to use TP-Link routers in millions of American homes. New reporting- the government appears to have reached the same conclusion!
www.washingtonpost.com/technology/2...
www.washingtonpost.com/technology/2...
Thrilled to share that I’ve joined Starseer as an advisor. Starseer is making AI models into transparent, understandable systems and helping to secure deployments while generating audit‑ready documentation. Make them a partner to secure your AI solutions.
www.starseer.ai?utm_content=...
www.starseer.ai?utm_content=...
August 4, 2025 at 7:07 PM
Thrilled to share that I’ve joined Starseer as an advisor. Starseer is making AI models into transparent, understandable systems and helping to secure deployments while generating audit‑ready documentation. Make them a partner to secure your AI solutions.
www.starseer.ai?utm_content=...
www.starseer.ai?utm_content=...
Wow. Spain is putting salt typhoon out of business. They are just going to hand it all to them: Huawei contracted to manage their wiretaps….
therecord.media/spain-awards...
therecord.media/spain-awards...
Spain awards Huawei contracts to manage intelligence agency wiretaps
Huawei will manage and store judicially authorized wiretaps in Spain, under a contract that bucks the trend of Western governments restricting use of the Chinese tech company's products and services.
therecord.media
July 12, 2025 at 10:56 PM
Wow. Spain is putting salt typhoon out of business. They are just going to hand it all to them: Huawei contracted to manage their wiretaps….
therecord.media/spain-awards...
therecord.media/spain-awards...
Wow. Spain is putting salt typhoon out of business. They are just going to hand it all to them: Huawei contracted to manage their wiretaps….
therecord.media/spain-awards...
therecord.media/spain-awards...
Spain awards Huawei contracts to manage intelligence agency wiretaps
Huawei will manage and store judicially authorized wiretaps in Spain, under a contract that bucks the trend of Western governments restricting use of the Chinese tech company's products and services.
therecord.media
July 12, 2025 at 10:54 PM
Wow. Spain is putting salt typhoon out of business. They are just going to hand it all to them: Huawei contracted to manage their wiretaps….
therecord.media/spain-awards...
therecord.media/spain-awards...
Have you thought about your company’s Agentic AI as a possible insider threat? Try this new perspective that I co-authored.
explore.pwc.com/autonomous-a...
explore.pwc.com/autonomous-a...
US PwC
With bold insights, proven expertise and tech that moves business forward, we help you drive your company to the leading edge.
explore.pwc.com
July 10, 2025 at 5:25 PM
Have you thought about your company’s Agentic AI as a possible insider threat? Try this new perspective that I co-authored.
explore.pwc.com/autonomous-a...
explore.pwc.com/autonomous-a...
Reposted by Rob Joyce
I was interviewed by the National Cryptologic Foundation on forensics in critical infrastructure (and a lot of other stuff!) and it was a very fun chat. They have an interesting assortment of interviews on their podcast and I really recommend you check them out: open.spotify.com/episode/5kzz...
June 27, 2025 at 3:27 PM
I was interviewed by the National Cryptologic Foundation on forensics in critical infrastructure (and a lot of other stuff!) and it was a very fun chat. They have an interesting assortment of interviews on their podcast and I really recommend you check them out: open.spotify.com/episode/5kzz...
Predatory Sparrow strikes again. This time they drained funds from an Iran-based crypto exchange. Beyond theft, they targeted trust, undermining a key tool Iran uses to evade sanctions. Nobody with options will keep crypto assets there now.
www.jpost.com/middle-east/...
www.jpost.com/middle-east/...
Israeli-affiliated hackers target Iran's cryptocurrency terror funding | The Jerusalem Post
The same group, which is reportedly affiliated with Israel, also hacked the IRGC-controlled Sepah bank on Tuesday
www.jpost.com
June 18, 2025 at 1:07 PM
Predatory Sparrow strikes again. This time they drained funds from an Iran-based crypto exchange. Beyond theft, they targeted trust, undermining a key tool Iran uses to evade sanctions. Nobody with options will keep crypto assets there now.
www.jpost.com/middle-east/...
www.jpost.com/middle-east/...
This is a big deal. Predatory Sparrow’s past cyber attacks on Iranian steel plants and gas stations have demonstrated tangible effects in Iran. Disrupting the availability of this bank’s funds, or triggering a broader collapse of trust in Iranian banks, could have major impacts there.
June 17, 2025 at 12:07 PM
This is a big deal. Predatory Sparrow’s past cyber attacks on Iranian steel plants and gas stations have demonstrated tangible effects in Iran. Disrupting the availability of this bank’s funds, or triggering a broader collapse of trust in Iranian banks, could have major impacts there.
Reposted by Rob Joyce
"At RSAC last year, I told people: 'Don't worry about the zero-day AI armageddon,' but I am increasingly worried that AI is going to be a good bug finder this year, [and] an exploit developer in the near future," Rob Joyce told me at RSAC.
Ex-NSA cyber boss: AI will soon be a great exploit dev
RSAC: For now it's a potential bug-finder and friend to defenders
www.theregister.com
May 1, 2025 at 3:18 AM
"At RSAC last year, I told people: 'Don't worry about the zero-day AI armageddon,' but I am increasingly worried that AI is going to be a good bug finder this year, [and] an exploit developer in the near future," Rob Joyce told me at RSAC.
Not a lot of people make me look small!
The point guards I played with came to my shoulders. Magic Johnson easily had me in height and reach. Wow. For scale, I’m 6’4” (6’5” in the day) and not a small guy!
The point guards I played with came to my shoulders. Magic Johnson easily had me in height and reach. Wow. For scale, I’m 6’4” (6’5” in the day) and not a small guy!
April 30, 2025 at 1:51 PM
Not a lot of people make me look small!
The point guards I played with came to my shoulders. Magic Johnson easily had me in height and reach. Wow. For scale, I’m 6’4” (6’5” in the day) and not a small guy!
The point guards I played with came to my shoulders. Magic Johnson easily had me in height and reach. Wow. For scale, I’m 6’4” (6’5” in the day) and not a small guy!
As I testified to congress, I’m worried about TP-Link products!
Breaking: DOJ “criminal antitrust investigation into pricing strategies by TP-Link Systems Inc, a California-based router maker with links to China whose equipment now dominates the American market”
www.bloomberg.com/news/article...
Breaking: DOJ “criminal antitrust investigation into pricing strategies by TP-Link Systems Inc, a California-based router maker with links to China whose equipment now dominates the American market”
www.bloomberg.com/news/article...
Router Maker TP-Link Faces US Criminal Antitrust Investigation
The US is conducting a criminal antitrust investigation into pricing strategies by TP-Link Systems Inc., a California-based router maker with links to China whose equipment now dominates the American ...
www.bloomberg.com
April 25, 2025 at 1:07 AM
As I testified to congress, I’m worried about TP-Link products!
Breaking: DOJ “criminal antitrust investigation into pricing strategies by TP-Link Systems Inc, a California-based router maker with links to China whose equipment now dominates the American market”
www.bloomberg.com/news/article...
Breaking: DOJ “criminal antitrust investigation into pricing strategies by TP-Link Systems Inc, a California-based router maker with links to China whose equipment now dominates the American market”
www.bloomberg.com/news/article...
Since being part of the CSRB that reported on security shortcomings, I've seen tangible efforts improving the security at Microsoft. The Secure Futures Initiative is making progress: www.microsoft.com/en-us/securi...
Securing our future: April 2025 progress report on Microsoft’s Secure Future Initiative | Microsoft Security Blog
The Microsoft Secure Future Initiative (SFI) stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft. Now, we are sharing the second SFI p...
www.microsoft.com
April 23, 2025 at 1:00 PM
Since being part of the CSRB that reported on security shortcomings, I've seen tangible efforts improving the security at Microsoft. The Secure Futures Initiative is making progress: www.microsoft.com/en-us/securi...
TP-Link origins: “Chinese corporate records and government announcements show … much of the research, development and manufacturing operations of … new US company remain in China, entrenched in the country’s state-sponsored technology ecosystem”
t.co/mMFw4LkUDv
t.co/mMFw4LkUDv
https://www.bloomberg.com/news/articles/2025-04-11/wi-fi-giant-tp-link-s-us-future-hinges-on-its-claimed-split-from-china?accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb3VyY2UiOiJTdWJzY3JpYmVyR...
t.co
April 11, 2025 at 5:51 PM
TP-Link origins: “Chinese corporate records and government announcements show … much of the research, development and manufacturing operations of … new US company remain in China, entrenched in the country’s state-sponsored technology ecosystem”
t.co/mMFw4LkUDv
t.co/mMFw4LkUDv
How should you think about security related to the threat of Quantum Computers? Businesses need to start their multi-year journey now. In my role as PwC US Cyber, Risk & Regulatory Senior Fellow, I offered some thoughts here:
www.pwc.com/gx/en/issues...
www.pwc.com/gx/en/issues...
The Quantum Conundrum: How to prepare now
Explore quantum computing's risks and benefits for data and cybersecurity. Learn strategies for transitioning to quantum-resistant systems.
www.pwc.com
March 28, 2025 at 7:25 PM
How should you think about security related to the threat of Quantum Computers? Businesses need to start their multi-year journey now. In my role as PwC US Cyber, Risk & Regulatory Senior Fellow, I offered some thoughts here:
www.pwc.com/gx/en/issues...
www.pwc.com/gx/en/issues...
Huawei not only uses predatory pricing practices to undercut the more secure western products but it appears they use bribery too…
www.reuters.com/world/europe...
www.reuters.com/world/europe...
Five charged in European Parliament Huawei bribery probe
The Belgian prosecutor's office said on Tuesday that it has charged five people in connection with a bribery investigation in the European Parliament allegedly linked to China's Huawei (HWT.UL).
www.reuters.com
March 20, 2025 at 12:18 AM
Huawei not only uses predatory pricing practices to undercut the more secure western products but it appears they use bribery too…
www.reuters.com/world/europe...
www.reuters.com/world/europe...
AI empowered software development is advancing at an astonishing pace. Check out my story about creating a custom iPhone app in only 30 minutes. New tools enable friction-free development with remarkable efficiency. It is the dawn of a new era...
www.joycecyber.com/my-post
www.joycecyber.com/my-post
The AI Productivity Revolution: How I Built a Custom App in 30 Minutes
www.joycecyber.com
March 15, 2025 at 1:20 PM
AI empowered software development is advancing at an astonishing pace. Check out my story about creating a custom iPhone app in only 30 minutes. New tools enable friction-free development with remarkable efficiency. It is the dawn of a new era...
www.joycecyber.com/my-post
www.joycecyber.com/my-post
I got to testify to the House Select Committee on the Chinese Communist Party last week. One focus area was the threat from TP-Link routers. Having 60% of the US consumer Wi-Fi market flooded with devices that get automatic software updates from the PRC is a risk we can't accept.
March 13, 2025 at 2:07 AM
I got to testify to the House Select Committee on the Chinese Communist Party last week. One focus area was the threat from TP-Link routers. Having 60% of the US consumer Wi-Fi market flooded with devices that get automatic software updates from the PRC is a risk we can't accept.
Always great to be on the Risky Business podcast! Give it a listen here!
This week's show is up! Adam (@metlstorm.risky.biz) and I chat with special guest co-host Rob Joyce (@rgblights.bsky.social) about the security news of the week:
Video: www.youtube.com/watch?v=28s8...
Audio: risky.biz/RB783/
Video: www.youtube.com/watch?v=28s8...
Audio: risky.biz/RB783/
Risky Business Weekly (783): Evil webcam ransomwares entire Windows network
YouTube video by Risky Business Media
www.youtube.com
March 12, 2025 at 5:58 PM
Always great to be on the Risky Business podcast! Give it a listen here!
Reposted by Rob Joyce
This week's special guest co-host is @rgblights.bsky.social, who'll be joining @metlstorm.risky.biz and I to talk through the week's news. Then we'll chat with SpecterOps about new features they've built in Bloodhound to address NTLM-related risks to your network
NTLM.. still a problem
In 2025 :(
NTLM.. still a problem
In 2025 :(
March 11, 2025 at 10:38 PM
This week's special guest co-host is @rgblights.bsky.social, who'll be joining @metlstorm.risky.biz and I to talk through the week's news. Then we'll chat with SpecterOps about new features they've built in Bloodhound to address NTLM-related risks to your network
NTLM.. still a problem
In 2025 :(
NTLM.. still a problem
In 2025 :(
March 5, 2025 at 7:01 PM
Reposted by Rob Joyce
Former top NSA cyber official: Probationary #firings ‘devastating’ to cyber, #nationalsecurity. Rob Joyce emphasized during a House hearing how important probationary employees are to #NSA efforts to counter #China and other threats in #cyberspace.
cyberscoop.com/joyce-china-...
cyberscoop.com/joyce-china-...
Former top NSA cyber official: Probationary firings ‘devastating’ to cyber, national security
Rob Joyce emphasized during a House hearing how important probationary employees are to NSA efforts to counter China and other threats in cyberspace.
cyberscoop.com
March 5, 2025 at 4:50 PM
Former top NSA cyber official: Probationary #firings ‘devastating’ to cyber, #nationalsecurity. Rob Joyce emphasized during a House hearing how important probationary employees are to #NSA efforts to counter #China and other threats in #cyberspace.
cyberscoop.com/joyce-china-...
cyberscoop.com/joyce-china-...
Sinking to new depths…
KrebsonSecurity: Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab krebsonsecurity.com/2025/02/noto... @briankrebs.infosec.exchange.ap.brid.gy #cybersecurity #malware
March 1, 2025 at 1:14 AM
Sinking to new depths…
Australia beat us to the Huawei ban. The US got rid of Kaspersky first.
Australia bans government use of Kaspersky software over Russian espionage concerns https://buff.ly/4k9DQZn
Australia bans government use of Kaspersky software over Russian espionage concerns
Kaspersky software "poses an unacceptable security risk to the Australian government, networks, and data,” Home Affairs Secretary Stephanie Foster said in announcing a ban on the cybersecurity…
buff.ly
February 26, 2025 at 3:11 AM
Australia beat us to the Huawei ban. The US got rid of Kaspersky first.
I continue to be impressed by the capabilities of Sandfly Security. If you run Linux—whether on big servers or embedded devices—you should check out their creative and powerful agentless approach!
www.linkedin.com/feed/update/...
www.linkedin.com/feed/update/...
Sandfly Security on LinkedIn: Sandfly 5.3.1 - New License Tiers and SELinux Support
Sandfly 5.3.1 introduces a cost-effective Linux Home User Edition, alongside Professional and Air-Gapped options. We've also added SELinux support, improved…
www.linkedin.com
February 25, 2025 at 9:20 PM
I continue to be impressed by the capabilities of Sandfly Security. If you run Linux—whether on big servers or embedded devices—you should check out their creative and powerful agentless approach!
www.linkedin.com/feed/update/...
www.linkedin.com/feed/update/...