Lou Covey, Author at Cyber Protection Magazine

Vibe coding faces rough growing pains

Lou Covey February 12, 2026

Vibe coding (using LLMs to create computer code) was all the rage when 2025 began. By June, the bloom had fallen off the rose. Companies offering platforms and tools for the practice saw dramatic downturns in users. What happened? Evidence points to the traditional market practice of targeting early tech adopters.

Vibe coding was largely sold as a mean of improving efficiency professional coders and, as is their wont, professionals loved it for eliminating what they considered grunt work. But as the fad gained traction in the coding community, there was little evidence that it made coding any better, Rather, it made it possibly worse.

Illusions of efficiency

New studies showed any improvements in coding efficiency were illusions. While the coders assumed the tools made them as much as 50% more efficient, the reality is it made them, on average 19% slower. There were multiple reasons for the drag on efficiency. For one, professional coders know something about the issues of security, compliance, and quality control. LLCs don’t and neither do people without coding experience.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

a red security sign and a blue security sign

CISA is dead. Long live CISA?

Lou Covey February 5, 2026

The Cybersecurity Information Sharing Act (CISA) of 2015 expired January 30, 2026. Whether that means anything is debatable.

The 10-year old act facilitates sharing cyber threat information between the government and private sector organizations. Many security experts are unimpressed by how the act performed. Chaim Mazal, Chief AI and Security Officer at Gigamon said wasn’t a two-way street. Most of the sharing was done by private companies. There was little data shared by the government. As a result. Participation in the program cratered in the last two years.

“Allowing the law to lapse gives us the opportunity to reinvigorate the bidirectional transfer of information,” he predicted.

Scam bucket: Ticket fraud is for suckers

Lou Covey January 27, 2026

The Superbowl is a few days away, the Winter Olympics starts in February and the Summer Olympics is not far………more...

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

A world surrounded by disconnected data centers

Prediction 2026: Beginning of the end of the WWW

Lou Covey January 20, 2026

As the world stumbles head on into deglobalization we predict national sovereign clouds will replace international access to data. That is good news for in-country corporations and for security companies in specific fields. It may not be so good for large multinational tech firms and people living in authoritarian countries. It may also mean the end of the World Wide Web.

Sovereign clouds used to be referred as proprietary clouds to keep intellectual property (IP) secure. National sovereign clouds today are used to control access to citizens private data. For big tech, multiple governments require organizations to comply with data protection laws requiring specific data residency and management practices. National sovereign clouds facilitate that within the country but create significant complexity for multinational operations. Even within a specific politico-economic bloc like the EU, there are different regulations within the bloc for data security.

In a recent blog post, Cory Doctorow summed up the current business climate caused by geopolitical shifts, "There's finally political space to stop worrying about tariffs and reconsider anti-circumvention laws, to create disenshittification nations that stage raids on the most valuable lines of business of the most profitable companies in world history – Big Tech."

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

When predictions fail

Lou Covey December 15, 2025

It’s that time of year when the weather turns cold, shoppers obsess over gift ideas, and tech companies start pounding the inbox with predictions for the next year. But for Cyber Protection Magazine we collect them all through December and compile them in January. Today we will look back and see how we did on our predictions for 2025.

Usually, we do quite well. This year…not so good. It might be because we changed how we did our predictions In January 2025. We ran several prediction articles from various companies and hand-selected a few we thought we could agree with. That was a mistake.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Malicious actor considering his next act of dysinformation

Defining Dysinformation

Lou Covey November 20, 2025

Happy Holidays – our last issue of the year is out, and it’s all about Disinformation or, as we like to put it: Dysinformation.

Dysinformation is a scourge of society, fueled by social media and malicious actors, but you may not have heard the term spelled this way. Dysinformation simply means “damaging information.” It puts misinformation and disinformation in the same bucket, but what is the difference?

Disinformation

Disinformation is intentional. The authors know it is false and distribute it with the desire to defraud, destabilize and delegitimize issues and individuals. It is often defended as, “Hey, I’m just asking questions.” The first recorded instance of disinformation occurs in Genesis. After Eve explains to the serpent why she should not eat forbidden fruit, the serpent replies “Has God really said…?”

Disinformation authors do not need to prove an allegation. They just need to get a small credulous audience to wonder if what they say is true. If the allegation reflects a particular opinion of the audience, they are more likely to accept the allegation as true. Every piece of disinformation may contain an element of truth to establish the author’s qualifications, but the majority is sheer speculation.

Is cyber training worth the effort?

Lou Covey November 13, 2025

There has been a debate within the cybersecurity industry regarding cyber training effectiveness. On one side are tool providers who claim technology trumps training in securing data, networks, and people. On the other side is the $10-billion cyber training industry, growing at 20 percent per year. That says they must be doing something right.

The real answer is not black and white.
The naysayers point to a recent study done by UC San Diego of its own employee training program. The study said, “Cybersecurity training programs as implemented today by most large companies do little to reduce the risk that employees will fall for phishing scams.” It was a comprehensive study of more than 19,000 university and student employees concluded in the summer of 2025. Seems like a slam dunk, doesn’t it?
Not so fast.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

The problem with proxies

Lou Covey October 31, 2025

Proxies are absolutely crucial to the operation of the internet, but they also represent a clear and present danger to users. Finding that balance is pretty much a full-time job for cybersecurity. The recent Amazon Web Services (AWS) and Microsoft Azure outages are good examples of that.

Amazon explained the outage was caused by “failing intermediaries” monitoring system health, preventing proper traffic routing. Another word for intermediaries is “proxies”. When the monitoring subsystem malfunctioned, health check updates were not propagated properly, causing backend servers to appear offline even when they were active, which invalidated DNS lookups. This created a cascading failure.
Likewise, the Azure outage was caused by a misconfiguration of the proxy Front Door, a global entry point for content delivery network functionality, load balancing, and application acceleration.

How Proxies Function

When a user wants to access a website, the request goes to the proxy server instead of going directly to the internet. The proxy server receives the request, then forwards it to the target website. It modifies the request header to hide the user's original IP address.

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here

Bolaji Ojo and renewed importance of the press

Lou Covey October 23, 2025

Technology journalism, like the rest of journalism,has struggled for most of the 21st century. The advent of AI generated content his restoring the value of professional journalists. It is crucial not just to democracies but to business success.

One of the most prolific and successful technology journalists is Bolaji Ojo. He has headed editorial efforts for the EETimes, AspenCore Media, the recently closed Ojo-Yoshida Report and the now-defunct EBN. Some of those titles may be foreign to people in the cybersecurity world, but not to executives in the electronics world that cybersecurity rests upon. Cyber Protection Magazine's chief editor talked with him this week.

Free Membership Required

You must be a Free member to access this content.

Join Now

Already a member? Log in here

Scam Bucket: The Docusign scam is back

Lou Covey October 16, 2025

For almost a decade and generally in the summer and early fall, email boxes get hit with several phishing attempts claiming to be from Docusign. This reporter received seven just in the past few weeks. It seems appropriate to give out a few tips about how to recognize them, avoid dealing with them and what you may have to do if you clicked on the link.