YOU get a cloud! YOU get a cloud!
To:Brew Readers
IT Brew // Morning Brew // Update
How to handle provisioning for new employees.
May 30, 2025View Online | Sign Up

It’s Friday! Our wondrous May stretch of palindrome dates has ended, following yesterday’s 5/29/25 finale. If you miss the ’dromes, remember today that you can always make a 404 error.

In today’s edition:

Handing over the cloud keys

🥸 Faux real

Living in a simulation

—Brianna Monsanto, Eoin Higgins, Patrick Lucas Austin

IT OPERATIONS

For instance

Connected computers sitting on clouds

Francis Scialabba

Handing over the keys to the new driver in the family? Daunting. Handing over the keys to cloud instances at your company to a new hire? Perhaps just as daunting.

A new employee’s first day is a big deal for everyone, and especially for the IT department, which is responsible for setting up the appropriate permissions and access controls for all of the organization’s cloud-based applications. It’s a massive responsibility, given the potential risks if those same permissions are not properly supervised. A 2024 Tenable report found that 23% of cloud identities, both human and non-human, have “critical” or “high severity” excessive permissions.

Jay Martin, CISO at IT solutions and services provider Blue Mantis, told IT Brew that the industry is in a “fairly immature state” when it comes to handling cloud permissions and that having a standardized process around it is critical.

“The last thing you want to do is onboard an administrative assistant on the HR side into your financial system,” Martin said. “So, there’s practices that need to be set up in advance.”

Learn the “last thing you want to do” when onboarding.BM

Presented By ThreatLocker

What can you do in 100 days?

CYBERSECURITY

Frauds and ends

SentinelOne software company headquarters in Silicon Valley.

Sundry Photography/Getty Images

For cybersecurity vendors, the recruitment process has seemingly become a real-life version of Among Us as threat actors continue to masquerade as fake IT workers seeking a gig.

SentinelOne can attest to this. A recent report from its research division SentinelLabs disclosed that the threat intelligence platform tracked about 360 fake personas and more than 1,000 job applications linked to the DRPK-linked IT fake worker scheme in the applicant pool for the cybersecurity firm. Tom Hegel, a distinguished threat researcher and research lead at SentinelOne, told IT Brew that the malicious ploy has become a “numbers game” for North Korea-based threat actors as they apply for positions in “the masses in very automated ways.”

“It’s pretty consistent,” Hegel said. “Every couple of weeks, we see a good flood of them come in.”

Know how to spot those little red flags.BM

IT STRATEGY

Simulating conversation

A three-dimensional image of a cloud overlaid on computer chips.

Olemedia/Getty Images

When it comes to cybersecurity, if you teach a firm to defend itself, you just might protect it for a lifetime.

That’s the approach taken by an increasing number of cybersecurity companies, as IT Brew found at this year’s RSAC. RSA CEO Rohit Ghai—RSA and RSAC are now separate businesses—told us that the shift from cybersecurity being a fundamentally “elitist” industry to one that recognizes the importance of education and awareness is significant for the security sector.

“Demystifying cyber and netting it out in terms of cyber, you can also get overwhelmed,” Ghai said. “One is to get educated in terms of why you do what you do, things to worry about, things to pay attention to—but it’s a pretty complex equation. And for the mere mortal, for the normal human, it can be overwhelming, so netting it out and simplifying it is critical.”

That kind of simplification appeals to Debbie Gordon, founder and CEO of Cloud Range, an attack simulation company. She told IT Brew that the platform’s simulated environment, or range, is intentionally vulnerable, allowing users to see the gaps in their system and work on closing them, rather than adapting for one quick fix.

One IT pro messes with client firewalls.EH

PATCH NOTES

Picture of data with "Clean Me" written on it + bottle of cleaner in front of it, Patch Notes

Francis Scialabba

Today’s top IT reads.

Stat: 42%. That’s the proportion of office workers who use generative AI tools like ChatGPT at work; and 1 in 3 keep it a secret, according to Ivanti’s Technology at Work report. (Axios)

Quote: “Once an employer picks up someone from the ex-forces community, they will want to come back for another one.”—James Murphy, director of veterans and families at the Forces Employment Charity, on vets’ valuable skills for the cybersecurity industry (BBC)

Read: What happens to hyperscale hardware when it’s retired. (Ars Technica)

100 days of skills: This tactical weekly webinar series by ThreatLocker offers a step-by-step walkthrough on hardening your IT environment and keeping your rankings high. Picture you, 100 days from now, all galaxy brain. Register here.*

*A message from our sponsor.

SHARE THE BREW

Share IT Brew with your coworkers, acquire free Brew swag, and then make new friends as a result of your fresh Brew swag.

We’re saying we’ll give you free stuff and more friends if you share a link. One link.

Your referral count: 5

Click to Share

Or copy & paste your referral link to others:
itbrew.com/r/?kid=9ec4d467

         

Written by Brianna Monsanto, Eoin Higgins, and Patrick Lucas Austin

Was this email forwarded to you? Sign up here.

Take The Brew to work

Get smarter in just 5 minutes

Interested in podcasts?

  • Check out ours here
ADVERTISE // CAREERS // SHOP // FAQ

Update your email preferences or unsubscribe here.
View our privacy policy here.

Copyright © 2025 Morning Brew Inc. All rights reserved.
22 W 19th St, 4th Floor, New York, NY 10011

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.