#cybersecurity

Employees report ongoing layoffs, aggressive cost-cutting measures, and a continued expansion of operations in India. Cybersecurity and operational teams have been among those affected, raising concerns about the future of U.S.-based roles.

According to discussions among employees, more work is being transferred overseas as the company focuses on reducing costs and consolidating operations. Many are questioning the long-term impact on workforce stability, service quality, and institutional knowledge.

The lack of transparency surrounding these changes has become a growing concern for employees across the organization.

Just heard AS put in his notice, was he pushed out or decided he had enough? Anyone in CIS heard from him?

Not super surprising with CIS buried in FAST. What does this mean cybersecurity at Nike?

Excessive DNS traffic overwhelming infrastructure limits

Ummmmm. . .

https://www.bloomberg.com/news/articles/2026-06-04/ibm-at-t-accused-by-whistleblower-of-covering-up-foreign-hacks

By Jake Bleiberg and Mark Anderson
June 4, 2026 at 2:58 PM CDT |
Updated on June 5, 2026 at 9:18 AM CDT

• A lawsuit from a former IBM cybersecurity official alleges that International Business Machines Corp. and AT&T Inc. concealed breaches of their computer systems by foreign hackers from the US government in violation of the law.
• The complaint claims that the companies failed to disclose multiple breaches over years and made false assurances about the security of their systems in order to win and keep federal contracts.
• The suit alleges that foreign and unidentified hackers repeatedly infiltrated IBM's cloud computing infrastructure, which is widely used by the US government, including the military, and that the companies sometimes couldn’t determine who got in, or what was taken.

International Business Machines Corp. and AT&T Inc.’s computer systems were repeatedly breached by foreign hackers, and the companies concealed those intrusions from the US government in violation of the law, according to a lawsuit from a former IBM cybersecurity official.

William Barlow, IBM’s former vice president of threat intelligence, alleged in the complaint that the companies failed to disclose multiple breaches over years by attackers linked to foreign governments and made false assurances about the security of their systems in order to win and keep federal contracts.

The whistleblower complaint against IBM and AT&T was filed under seal in 2020 and is still pending before a federal court in New York. It was made public this week, after the US government declined to intervene in the case, and hasn’t been previously reported.

The suit offers a rare account of alleged security failures at two major government contractors. It raises questions about the protection of sensitive information on the networks, and about companies’ responsibility to disclose such compromises.

Shares of IBM fell 4% to $289.65 at 10:06 a.m. New York time on Friday, outpacing the broader losses across the stock market on a US jobs report. AT&T’s stock was up about 0.4%

The hackers allegedly breached massive IBM cloud computing infrastructure that’s widely used by many parts of the US government, including the military. AT&T operates this “Core Network” on behalf of IBM, and the Dallas-based telecommunications company’s systems are part of them, according to the complaint.

The complaint alleges that foreign and unidentified hackers repeatedly infiltrated the network and that the companies sometimes couldn’t determine who got in, or what was taken. It also says IBM downplayed or concealed incidents before entering government agreements requiring it to certify it had no significant unresolved cybersecurity issues.

“This complaint was filed six years ago, and the US Department of Justice declined to intervene,” said IBM spokesperson Adam Pratt. “IBM is confident that our actions followed the letter of the law.”

Representatives of AT&T didn’t respond to requests for comment.

Barlow worked at IBM in two stints beginning in 2002, including serving as vice president of threat intelligence from 2017 until his resignation in 2019, according to the lawsuit. He was quoted in a 2018 New York Times report about IBM offering cyber trainings in a mobile command center built in a customized semitrailer truck. Since leaving the Armonk, New York-based company Barlow has maintained a profile in the security industry, attending conferences and giving talks.

Jason T. Brown, an attorney for Barlow, declined to discuss the circumstances of his client’s resignation or say whether the Justice Department has investigated the allegations in the False Claims Act suit. Government decisions to intervene in such cases often take years and federal officials choosing not to get involved doesn’t indicate the merit of a complaint, Brown said. He added that the allegations implicate billions of dollars of federal business with AT&T and IBM.

“We’re looking forward to aggressively litigating the matter,” said Brown, of the firm Brown, LLC. “You can’t sell cybersecurity to the federal government while allegedly having these security problems within your own company.”

In his suit, Barlow claimed he personally witnessed numerous breaches of IBM’s core network and was pressured by executives to soften internal reports and omit details. Barlow alleged he knew of specific instances where IBM senior management “actively took steps to cover up and conceal” hacks from US regulators and government clients.

“The data breaches are so large and the core networks so poorly designed that neither IBM nor AT&T knows exactly what data was breached, who breached the data, where the data was breached or whether any data was exfiltrated, altered and/or modified in any respect,” the lawsuit alleges.

Chinese government-backed hackers were allegedly involved in some of the breaches cited in the suit.

In 2018, the US Department of Justice charged two alleged members of a Chinese hacking group that it said had waged a decade-long campaign to steal the data of 100,000 US Navy personnel. In his lawsuit, Barlow said the group, known as APT 10, had carried out that theft by infiltrating IBM’s networks.

Intelligence agencies told IBM that internet addresses associated with its network were connecting to infrastructure used by APT 10, according to the suit. An internal company investigation found more than 50,000 “potential APT 10 hits” between 2013 and 2016, the suit alleges. The following year, another internal probe allegedly found attackers had accessed nearly 400 compromised accounts and almost 200 total systems and servers in 18 countries, across every business unit, the complaint says.

But because the company didn’t keep access logs, there was nothing further it could do to investigate, according to the suit.

The Chinese Embassy in Washington didn’t respond to a request for comment.

Officials with the National Security Agency asked Barlow questions about the alleged hacks from China, but he was told to “dodge” them, according to the suit. It doesn’t say who allegedly gave Barlow this instruction.

Barlow brought his suit in 2020 and it remained secret until it was unsealed Wednesday.

The False Claims Act bars submitting false claims for payment to the US government. The law allows private whistleblowers to sue for alleged fraud against the government. Federal authorities may step in and effectively take control of such cases. The government can recover as much as three times its damages and whistleblowers can be awarded a portion of those damages.

A federal judge in New York ordered the suit be unsealed this spring after the US government declined to intervene. The court records don’t explain the government’s decision and Brown, Barlow’s attorney, said he didn’t know what motivated it.

The departments of Defense and Justice didn’t respond to emailed questions.

SentinelOne shares plunged in after-hours trading on Wall Street after the company published its first-quarter financial results and announced layoffs affecting 8% of its workforce. The cybersecurity company reported results that largely met expectations but issued a relatively weak forecast, sending the stock sharply lower in late trading.

https://www.calcalistech.com/ctechnews/article/r1goyeuxgx

IBM's targeted version of Mythos.
Once again riding coattails and scavenging scraps.

https://www.cybersecuritydive.com/news/ibm-open-source-security-ai-project-lightwell/821348/

https://www.cnbc.com/video/2026/05/28/ibm-to-spend-5b-on-new-cybersecurity-platform-for-enterprise-customers.html

AI adoption continues to drive layoffs across the technology sector. Microsoft, Amazon, and Oracle have publicly linked job cuts to AI. Meta reportedly eliminated 8,000 roles in an AI-focused restructuring. Meanwhile, demand for cybersecurity experts has surged significantly. Organizations are bolstering security teams due to AI vulnerability risks.

https://letsdatascience.com/news/cybersecurity-hiring-surges-amid-ai-driven-tech-layoffs-58b7acb5

Were there more Infosec layoffs?

What is left of Infosec?

The earnings call slide split everything between core and non-core, first time this has happened, I bet no one is calling about buying this…kind of a signal to everyone like hey we wanna get outta this business, anyone hearing anything?

Many people on my team in cyber are worried they’re next. Some well loved employees have already been let go and no one feels safe right now! One person told me they think leadership will replace her by moving her role to India. Has anyone heard anything?? They’ve made poor decisions already on who they decided to lay off.

I found this article on LinkedIn -

Nike is undergoing a massive operational reset. In a move that signals a significant shift in corporate strategy, the sportswear giant is consolidating its global technology functions back to its Portland headquarters.
The Shift: Just two years ago, the strategy focused on expansion in hubs like Atlanta for #Al and #Cybersecurity.
Today, the focus has shifted to simplification. By closing tech offices in #Atlanta, #China, and #Poland, Nike is aiming to strip away organizational layers and align its tech talent more closely with core business priorities.
The Context:
Job Cuts: Part of a broader restructuring expected to eliminate ~1,400 roles.
Direct-to-Consumer (D2C) Reassessment: As growth in digital retail moderates, Nike is

No mention of all the jobs they cut in tech in the US getting reposted to rehire in India

Cybersecurity vendor Arctic Wolf laid off 250 workers. This restructuring aims to boost investment in AI initiatives. The cuts affect less than 10 percent of its total workforce. Sales, product development, and marketing roles were impacted. The company plans to focus on its Superintelligence platform and Agentic SOC.

https://www.theregister.com/ai-and-ml/2026/05/06/arctic-wolf-cuts-250-jobs-in-ai-push/5231213

Why does this company continue to treat cyber security like an afterthought? Incident after incident, no lessons learned. Hire actual professionals rather than these afterthought staff!

Verizon (sold by Russell Cellular) has 6 million customer data breach and hackers have the data for sell, for cheap which reports claim will lead to numerous entities purchasing the data to scam customers.

https://www.androidheadlines.com/2026/03/data-of-6-million-verizon-customers-put-up-for-sale-by-hackers.html

I'm sure that I'm not the only one that got/is getting the letter that Navia was hacked.

3rd "we've gotten hacked" letter this year that I have received

Wonder if they are using F5 products?

It's coming Oracle.
With layoffs comes business operations distruptions.
Good read a survey.
https://careerminds.com/blog/cost-of-ai-layoffs?hl=en-GB

Several S&P companies, such as Stryker crippled by Iran-linked hacker attack. Was MPC also targeted?

A Massachusetts couple settled a lawsuit after eBay employees carried out a cyberstalking and harassment campaign triggered by an online newsletter critical of the e-commerce company. The settlement, disclosed in a federal court order filed Wednesday, Feb. 25, halts a trial set to begin next week over multimillion-dollar claims filed by David and Ina Steiner against eBay and three former executives. The terms of the settlement were not shared. The company declined to comment beyond the order but previously said in court papers that it was committed to compensating the Steiners "fairly and appropriately for the appalling conduct they endured." https://www.usatoday.com/story/money/2026/02/27/ebay-lawsuit-settlement-cyberstalking/88883622007/

is there any fued between these two teams?

They always push each others work and delay the work for other teams?

simple changes, Needs CRM teams approval. Work blocked.
Simple approval from CRM, Appsec teams reviewed need more comments from them? Work Blocked.

when will there be a actual work done in this Fiserv?

Last Thursday, one day after the transaction officially closed, employees across the combined organization received emails outlining the status of their employment. For most, the message confirmed continuity. For an estimated 500 CyberArk employees worldwide, including roughly 100 in Israel, it signaled the end of their roles.

https://www.calcalistech.com/ctechnews/article/hy707511ube

Palo Alto Networks completed its $25 billion merger. The deal combined two major cybersecurity firms. The merger with CyberArk closed on Wednesday. Layoffs are planned following the acquisition. CyberArk employed about 300 people in Massachusetts.

https://www.bizjournals.com/boston/news/2026/02/11/cyberark-closes-merger.html

Working in TIAA’s cybersecurity department is akin to being part of an elaborate circus act, only without the clowns—because let’s be honest, they would probably steal the show. Our fearless leader, the CISO, appears to be playing hide and seek with responsibility. He seems to have magically abstracted himself from the daily grind while trying to hold the rest of us accountable for our hybrid work schedules. Imagine getting a lecture from a guy who’s dialing in from California while we’re sweating it out in the office. “Do as I say, not as I do,” right?

Culture is always a favorite topic, championed by the Cyber C.A.T. But spoiler alert: it’s all talk and no action. We keep waiting for substantive changes to materialize, but they remain as elusive as a good cup of coffee in the break room. The recent culture survey results? They came back to become just another tool for the CISO to deflect blame. He sees numbers that suggest managers are doing great, yet somehow, he’s convinced the managers are the root of our problems. Newsflash: the results reflect a total loss of trust in senior leadership, but he believes those at the top—the CEO and her directs—are where the issues lie. Most of us don’t care about what the CEO is doing because all we see is our CISO and his cohort stumbling through leadership.

And let’s talk about team dynamics. There’s always a lovely tension brewing between our US and India teams, pitted against each other like rival factions instead of working collaboratively. Our CISO’s pawn in India can do whatever he pleases, blissfully ignoring any input from stateside teams on the history or progress of tasks. Despite multiple reports about this ongoing issue, it’s “old no action nelly” to the rescue! The question is, is this no action or is it really built in on purpose. There are really smart people on both sides that could get everything fixed in cyber if it were one team. But hey, if neither of those work out we can always hire more contractors that have no real buy-in with the company at triple the costs….oh and not only for engineering and projects but lets also hire contractors for BAU work in operations because we all know that tying BAU to strategic dollars is a great idea, right? Speaking of operations, why do you have a deputy and an ops lead that you make an MD without a clear seat at the table. It is hard to lead from the sidelines guys, but somehow that is the story for people that actually know what they are doing in cyber.

Quarterly meetings seem to wrap up with a word cloud that supposedly sums up our thoughts on where the problems lie. It’s unintentionally hilarious that this becomes just another tool for the blame game. Newsflash again: don’t do anonymous word clouds if you don’t want to hear the truth!

And let’s not overlook the CISO's endless pursuit of patents. Why is that his priority? Especially for projects that wholeheartedly fail. Do we really think he’s there to lead, or is it all about stacking patents for his own ego, even if they go nowhere? It seems his focus is less on fostering a successful environment and more on keeping up appearances.

At the end of the day, I just hope this mounting frustration doesn’t lead to a mass exodus after bonus season. I’ve heard whispers that many good people are already on the lookout for their next opportunity, and honestly, who can blame them?

So here’s to TIAA’s cybersecurity: where leadership is absent, culture is a punchline, and accountability is clearly for the little folks. If you enjoy working under a CISO who epitomizes the phrase “lead like a mo--n,” then welcome aboard!

All those supposedly great security and cost saving decisions by moving to the cloud without knowing what was being done or securing it made by Legg and Baich just keeps on giving... why didn't their heads roll while staff did?

https://www.malwarebytes.com/blog/news/2026/02/att-breach-data-resurfaces-with-new-risks-for-customers

Now even less time for DXC. The AI bot who wrote the earnings call speech is now the DXC CEO.

TikTok USDS Joint Venture LLC Established in Compliance with U.S. Regulatory Requirements

Today, TikTok USDS Joint Venture LLC has been established in compliance with the Executive Order signed by President Trump on September 25, 2025, now enabling more than 200 million Americans and 7.5 million businesses to continue to discover, create, and thrive as part of TikTok's vibrant global community and experience. The majority American owned Joint Venture will operate under defined safeguards that protect national security through comprehensive data protections, algorithm security, content moderation, and software assurances for U.S. users.
TikTok USDS Joint Venture's mandate is to secure U.S. user data, apps and the algorithm through comprehensive data privacy and cybersecurity measures. It will safeguard the U.S. content ecosystem through robust trust and safety policies and content moderation while ensuring continuous accountability through transparency reporting and third-party certifications.
….
Data Protection: U.S. user data will be protected by USDS Joint Venture in Oracle's secure U.S. cloud environment. The Joint Venture will operate a comprehensive data privacy and cybersecurity program that is audited and certified by third party cybersecurity experts. The program will adhere to major industry standards, including the National Institute of Standards and Technology (NIST) CSF and 800-53 and ISO 27001 as well as the Cybersecurity & Infrastructure Security Agency (CISA) Security Requirements for Restricted Transactions.
Algorithm Security: The Joint Venture will retrain, test, and update the content recommendation algorithm on U.S. user data. The content recommendation algorithm will be secured in Oracle's U.S. cloud environment.
Software Assurance: The Joint Venture will secure U.S. apps through software assurance protocols, and review and validate source code on an ongoing basis, assisted by its Trusted Security Partner, Oracle.
Trust & Safety: The Joint Venture will safeguard the U.S. content ecosystem and have decision-making authority for trust and safety policies and content moderation.
Interoperability enables the Joint Venture to provide U.S. users with a global TikTok experience, ensuring U.S. creators can be discovered and businesses can operate on a global scale. TikTok global's U.S. entities will manage global product interoperability and certain commercial activities, including e-commerce, advertising, and marketing.
The Joint Venture, built on the foundation of the TikTok U.S. Data Security (USDS) organization, will operate as an independent entity governed by the following seven-member, majority-American board of directors:
…

Raul Fernandez – Independent Director and Chair of the Security Committee: Raul Fernandez is President and Chief Executive Officer of DXC Technology and a member of its Board of Directors. He brings more than three decades of experience at the intersection of technology, risk, and national security.
…

Full Press Release here: https://newsroom.tiktok.com/announcement-from-the-new-tiktok-usds-joint-venture-llc?lang=en

Oh boy. The outcome of this won’t be good.

The company’s SAP software is still down and many processes are being done manually, the people said. The company still cannot access system platforms on which accounting, payments and production data run.

https://www.bloomberg.com/news/articles/2026-01-15/venezuelan-oil-industry-is-running-on-whatsapp-after-cyberattack

Employees in Charlotte will focus on emerging cyber threats, designing defenses using AI and serving as part of AT&T Dynamic Defense, a network-based security service designed to detect and stop threats before they impact a business.
New office to be located approximately 1 mile from the Charlotte NRC.
And yes, RTO will be in full effect

My role was eliminated in Cybersecurity. Put in 9 years of hardwork to keep Pearson safe. I have 7 different managers in 9 years because managers kept leaving. Saved the company from so many disasters. Sigh!

https://www.kiro7.com/news/local/lawsuit-claims-seattle-based-f5-overstated-cybersecurity-strength-before-revealing-major-breach/EVFK25KTSRDUXH5IXHL6JVZF3I/

I let my managers and directors know of the decline in quality for the last many years. And I was ignored.

Any layoffs planned for ISRM?

“The acquisition of Armis marks a clear entry by ServiceNow into cybersecurity”

https://www.calcalistech.com/ctechnews/article/qagxm0z4y

Wrn Leggs is gone at the end of the month

Cyber security executives have recently been firing people because they have been putting their own spin on executive orders and thus individuals have been terminated for not meeting company expected standards. Starting in quarter one management is further informed to start cutting manpower based on personal perception and end of year reviews. It's not about your job it's about popularity contest and thus as long as you make your manager and managers above them happy then you're in a good place but if you try to protect the bank or do something that is against the CISO new secure design plan they are going to terminate you without a chance to redeem yourself. Management is further encouraged to get rid of people who do not get above meets.

In short the new management chain wants nothing more than mindless monkeys to push buttons and follow scripts where pictures match the words this is why cybersecurity management is incapable of protecting its employees and throwing them underneath the bus.

Majority of the roles that cybersecurity fulfills will be replaced by AI and managers will be displaced or move to another team to fulfill another role depending on if that executive likes them or not. For managers who are not near a hub location and were promised a year and a half to two year extension to keep their job that's expected to end in quarter one and those managers are expected to be laid off or terminated.

To those individuals in the cyber security line of business good luck now that you are forced to compete like a model competes in a beauty pageant there is no reason for you to even willingly stay here now that you are degraded even more.

And for those who are not aware of cyber security is making this adjustment in quarter one because they're taking advantage of the PTO burn for the holiday season.

If you are not liked by your manager or your manager has given you biased end of year reviews in the last 2 years then your ticket is punched you are going to be gone quarter one

Fiserv faces security issue lawsuit : A civil complaint alleges the payment processor misled its customers about the use of two-factor authentication to access systems containing sensitive information.

Trying to split britive permissions down to granular level based on what a random vp in cyber thinks a developer does. Fails to account for the fact we've been doing every role since frank's reign of te---r. I for one am going to feel great saying I cant do the work because cyber says it's not my responsibility

What was the deal today with that firm wide system outage between 12-1:00? Comms screens, Outlook, Zoom, Surpas all went down and rumors were saying cyber attack. It was down for over 45 minutes in my area. Not one email was sent out by the powers that be to keep us in the loop of what was broken and what ETA was. Very odd and not normal. Not sure if anyone else heard anything?

Nasrin laid off a bunch of cyber sec workers in a Group Webex this morning. Way to keep it classy.

Anyone get this when the logged in this morning. Of course makes me ultra paranoid to have seen a security patch reboot prompt as soon as I unlocked my computer