Age Discrimination is Wrong, and So is Attacking Federal Employees Because of Their Age

You've probably seen the posts by now, shared on social media criticizing six young software engineers for being young and working for the Department of Government Efficiency (DOGE). And quite honestly, these posts make me sick to my stomach.

As someone with experience in the federal contracting world, working for various Federal agencies under four different administrations, including Bush, Obama, Trump, and Biden, I find it deeply troubling to see young professionals working for DOGE being thrust into the public spotlight and targeted simply because of their age. These are engineers, not even federal appointees but regular everyday employees, who are trying to do their jobs to the best of their ability, yet they are being unfairly scrutinized and harassed. This is not okay.

Some of the best software engineers I’ve worked with have been much younger than myself. Their ability to write efficient code and analyze complex data often surpassed that of more experienced engineers with decades in the field. Age is not a measure of competence, and dismissing someone’s qualifications based solely on how young they are is a disservice to the entire profession.

Do you have any idea how hard it is to find talented software engineers? And now, we're going to begin attacking them fresh out of college for collecting a paycheck? I'm so glad I left Federal contracting, or I'd be very afraid I could be next just because somebody doesn't like whatever agency I started working for.

Publicly sharing names, photos, ages, and employers of individuals—especially when they have done nothing wrong—is a deliberate act of harassment and intimidation. These young professionals did not seek out public attention; they simply accepted jobs within a federal unit that happens to be in the political spotlight. That should not make them targets. We have no idea their political affiliations, voting record, or if they even like Elon Musk or Donald Trump? I worked under four different Presidential administrations. Do you know how often that affected my willingness to do my job to the best of my ability? Never.

Even if there were any questions about the legitimacy of the agency they were hired by (which was in fact setup by the Obama administration as the United States Data Service - USDS), should their careers suffer because they took a job they believed to be legitimate? That would make them victims—not individuals who deserve public attacks.

When did it become acceptable to single out people for harassment just because of their employment? This kind of behavior is not just unfair—it borders on age discrimination. The post in question doesn’t even attempt to evaluate their qualifications. It simply highlights their names, ages, and photos, with the clear intent to stir outrage rather than foster any meaningful discussion.

It’s time to recognize that these are real people with careers and futures ahead of them. They deserve to be able to work without being subjected to this kind of public targeting. If we truly value fairness and professionalism, we must call out this kind of behavior for what it is—unacceptable.

Shame on every media outlet which has published a story with the intent of harassing these young men, and shame on every single person who has shared posts criticizing them for simply being "young." There is a line between reporting and harassment, a line between proper disclosure of Federal employees and intentional targeting with intent to harass. Attacking six young men for only being young and working for a government unit you disagree with crosses that line.

I don't like paying taxes, but I certainly don't go around posting the name, age, and photos of IRS agents. That's harassment, and not okay.

Ken Buckler was a Federal cybersecurity contractor for over 15 years. All opinions are his own, and do not reflect those of his employer or clients.

Looking at X's Grok for Potential Cyber Threat Intelligence and Guidance

I'm playing around with X's Grok from a cybersecurity perspective, and I'm very impressed so far.

Because Grok has real-time access to posts on X, it has interesting insights into what's going on in the cybersecurity realm.

For example, I asked Grok the following:

Monitor for any discussions related to specific malware, ransomware, or hacking techniques that could pose a risk to our systems running Wordpress.

The results are fascinating, and includes information about a WP-Automatic plugin vulnerability which were only released a few days ago.

I also started to explore Grok for tracking recent breaches. Once again, impressive results.

What organizations have been recently breached?

From Grok:

Based on the provided information, the organizations that have been recently breached are:

1. BoAt - A significant breach last month exposed 7.5 million records. The compromised data included names, emails, addresses, and phone numbers (source: @DataDynamicsInc).
2. Orthopedic and Fracture Clinic dba West Idaho Orthopedics and Sports Medicine - A breach affecting 5,000 individuals was submitted on April 17, 2024 (source: @OCRNewBreaches).
3. Tea store T2 - An incident last week resulted in the breach of 86k records, which included email and physical address, name, phone, DoB, purchases, and scrypt password hashes. 64% of these records were already in @haveibeenpwned (source: @haveibeenpwned).
4. Kisco Senior Living, LLC - The organization is sending out data breach notifications to 26,663 people following a cyberattack over 10 months ago in June 2023. The ransomware group, BlackByte, claimed responsibility for the attack (source: @Comparitech).
5. Department of Science and Technology Philippine Council for Industry, Energy, and Emerging Technology Research and Development (DOST PCIEERD) - A threat actor, HulkSec Philippines, has claimed to have accessed their private data, including name, email, ID, password, and username (source: @deepwebkonek).
6. Lutheran Social Services of Indiana - INC RANSOM hackers announced another target recently, indicating they managed to breach the organization on the 10th of April (source: @f1tym1).

These breaches highlight the importance of robust cybersecurity measures and the need for organizations to be vigilant in protecting their customers' and users' data.

Grok also seems to be very aware of the details of these breaches. For example:

Assess the potential impact of recent security incidents or data breaches on Lutheran Social Services of Indiana, and provide recommendations for mitigating risks for partner organizations which may be affected.

Grok's Response:

The recent security incidents involving Lutheran Social Services of Indiana (LSSI), specifically the breach by the INC RANSOM ransomware group, pose significant risks to the organization and potentially to its partners. The impact of such an incident can be severe, including the following:

1. Data Loss or Leakage: Ransomware attacks often encrypt or steal sensitive data. If LSSI's data was compromised, it could lead to the loss of confidential information or its exposure on the dark web.
2. Service Disruption: Ransomware attacks can significantly disrupt the normal operations of an organization. If LSSI's systems were compromised, it could affect their ability to deliver services to their clients.
3. Reputational Damage: Data breaches can erode the trust of clients, partners, and the public in the organization's ability to protect their data.
4. Financial Loss: The cost of recovering from a ransomware attack can be substantial, including ransom payments (if made), system restoration, and potential legal costs.
5. Legal and Regulatory Compliance: If LSSI handles personal data, they may be subject to data protection laws such as the GDPR or CCPA. A data breach could lead to regulatory fines or legal action.

To mitigate these risks for LSSI and other partner organizations, the following steps should be considered:

1. Implement Robust Security Measures: This includes regular security audits, vulnerability assessments, and penetration testing to identify and address potential vulnerabilities.
2. Regular Data Backups: Regular backups of critical data can help organizations recover quickly from a ransomware attack without paying the ransom.
3. Employee Training: Regular training on cybersecurity best practices can help employees identify and avoid common threats like phishing emails.
4. Incident Response Plan: Having a clear plan for responding to a cyber incident can help organizations minimize the impact of a breach.
5. Cyber Insurance: Cyber insurance can help cover the costs of a data breach, including legal fees, system restoration, and potential ransom payments.
6. Vendor Risk Management: If LSSI shares data with third-party vendors, they should ensure these vendors have robust security measures in place.
7. Legal and Regulatory Compliance: Ensure that the organization is compliant with all relevant data protection laws to avoid potential fines or legal action.

By implementing these measures, LSSI and other organizations can significantly reduce their risk of falling victim to a cyber attack and minimize the impact if a breach does occur.

Overall I'm very impressed with Grok so far, and look forward to further experiments with its applications for cybersecurity.

Ken is a cybersecurity professional with over 15 years of experience. All opinions are his own, and do not reflect those of his employer or clients.

Grand Theft Venture Capital: My Nightmare Experience with a Predatory Venture Capital Firm

The following is the true story of my very first venture into a business partnership, and how everything went wrong due to a predatory venture capital firm making promises of funding they had no intention of keeping. The names have been replaced with initials, because while everything in this is true, I honestly don't have the patience or time to fight a false defamation/libel suit in court.

Many years ago, an associate we'll call "TG" approached me about starting a business with him. This business would have held college fairs across the country, utilizing technology to revolutionize the industry. I reviewed the business plan and it was a solid, a sure-fire success. Of course, the challenge was startup capital. However, he found a venture capital firm run by "JF" which was willing to invest with us for a reasonable amount of stake in the company. He provided me the initial contract, and after reviewing it along with my attorney, I was quite satisfied with the arrangement. Unfortunately, the original contract was never actually on the table.