A keycard on a lanyard is a pretty outdated security measure, but at GoFundMe, YubiKeys never go out of style for employees, thanks to their freshly minted role in the company’s zero-trust strategy.

John Downey, CISO of the fundraising platform, told IT Brew that his “CISO card” would be revoked if he didn’t have a zero-trust initiative in place at his company and that he began implementing the industry’s beloved framework as a strategy after he settled into the role in 2021. A 2024 Gartner report shows that almost two-thirds of companies (63%) around the world have either fully or partially rolled out a zero-trust strategy.

“I remember an engineer was like, ‘Did you know you had to be on the VPN to access our systems and deploy our production even when you’re in the office?’” Downey said. “I was like, ‘Yes, that’s actually by design. Let me talk to you and explain to you why we feel like that’s a better mechanism.’”

That’s the key! The company has continued to invest and tinker with its zero-trust strategy, four years later. In April of last year, the CISO gave YubiKeys a more official role in the strategy, along with traditional multi-factor authentication (MFA), in response to an uptick in phishing attempts against the fundraising platform’s employees. While YubiKeys were always given to GoFundMe employees over the years, Downey told IT Brew that enforcement around use of the physical security device was loose.

Read the rest here.—BM

Companies are addressing the elephant in the room around the growing anxiety many CISOs feel over their sense of liability in the event of a cybersecurity incident.

A new Fastly report that surveyed 1,800 IT leaders found that close to half of the queried decision-makers (41%) are making their CISO more involved in strategic decisions at the board level to address concerns around CISO liability. Other changes across organizations include increased legal support for security staffers (38%), additional scrutiny of security disclosure documents from supervisory agencies (38%), and reminding CISOs that they are in fact, “not above the law” (21%).

In total, 93% of organizations surveyed reported making some form of policy change to address liability concerns from CISOs.

Perfect timing. The changes come at a time where personal liability continues to keep the C-suite executives on edge after two high-profile leaders faced legal repercussions over their individual liability in security-related events. In 2023, SolarWinds and its CISO Tim Brown were slapped with SEC charges for misrepresenting its cybersecurity practices to investors and customers. The charges have since been largely dismissed. The year before that, Uber CSO Joe Sullivan was convicted for covering up a data breach in 2016.

Read more here.—BM

DeepSeek who?

Nvidia said demand for its AI chips remained strong in its first quarterly earnings report since DeepSeek’s cheaply trained models raised questions about the need for Nvidia’s state-of-the-art chips. The Nvidia results—often read as tea leaves for broader AI momentum—came after a post-DeepSeek earnings season left the rest of Big Tech largely unscathed.

So, what happened to those fears that the upstart Chinese lab’s innovation could mark a new era of shoestring budgets? Analysts say they may have been overblown—and the real story is a bit more complicated.

To recap: DeepSeek’s ability to train AI that performs on par with leading models despite export controls curbing access to the latest chips triggered a sell-off of Nvidia and other Big Tech stocks earlier this year.

As the company that’s cornered the market on AI chips, Nvidia has a lot riding on the tens of billions that tech giants are planning to plow into AI infrastructure this year. But DeepSeek’s efficiency measures—if its budget disclosures indeed hold water—raised questions about whether that scale was even necessary.

“It was a shock to the system in terms of realizing that you didn’t have to maintain the current course of spending more, faster,” Alvin Nguyen, senior analyst at Forrester Research, told Tech Brew.

Keep reading here.—PK