Cybersecurity & Tech

Lawfare Daily: What Can Be Done to Improve Cloud Security with Maia Hamin, Trey Herr, and Marc Rogers

Stephanie Pell, Maia Hamin, Trey Herr, Marc Rogers, Jen Patja
Thursday, June 20, 2024, 8:00 AM
Discussing cloud security

Published by The Lawfare Institute
in Cooperation With

The Cyber Safety Review Board’s (CSRB) report on the Summer 2023 Microsoft Exchange online intrusion sheds light on how a series of flaws in Microsoft’s cloud infrastructure and security processes allowed a hacking group associated with the People’s Republic of China (PRC) to strike the “equivalent of gold” in accessing the official email accounts of many of the most senior U.S. government officials managing the U.S. government’s relationship with the PRC. 

Lawfare Senior Editor Stephanie Pell sat down Maia Hamin, Associate Director with the Atlantic Council’s Cyber Statecraft Initiative; Trey Herr, Assistant Professor of cybersecurity and policy at American University’s School of International Service and Director of the Cyber Statecraft Initiative at the Atlantic Council; and Marc Rogers, Co-Founder and Chief Technology Officer for the AI observability startup, to discuss their recent Lawfare piece about the CSRB’s report and the lagging state of cloud security policy. They talked about ways to improve cloud service provider transparency, other investigative and regulatory tools that could facilitate better cloud security, and their thoughts on Microsoft’s response to the CSRB’s report. 

To receive ad-free podcasts, become a Lawfare Material Supporter at You can also support Lawfare by making a one-time donation at

Stephanie Pell is a Fellow in Governance Studies at the Brookings Institution and a Senior Editor at Lawfare. Prior to joining Brookings, she was an Associate Professor and Cyber Ethics Fellow at West Point’s Army Cyber Institute, with a joint appointment to the Department of English and Philosophy. Prior to joining West Point’s faculty, Stephanie served as a Majority Counsel to the House Judiciary Committee. She was also a federal prosecutor for over fourteen years, working as a Senior Counsel to the Deputy Attorney General, as a Counsel to the Assistant Attorney General of the National Security Division, and as an Assistant U.S. Attorney in the U.S. Attorney’s Office for the Southern District of Florida.
Maia Hamin is an associate director with the Atlantic Council’s Cyber Statecraft Initiative under the Digital Forensic Research Lab (DFRLab). She works on the Initiative’s systems security portfolio, including leading workstreams on technologies with systemic security impacts such as cloud computing and artificial intelligence.
Trey Herr is Assistant Professor of cybersecurity and policy at American University’s School of International Service and director of the Cyber Statecraft Initiative at the Atlantic Council. At the Council his team works on the role of the technology industry in geopolitics, cyber conflict, the security of the internet, cyber safety and growing a more capable cybersecurity policy workforce.
Marc Rogers is Co-Founder and Chief Technology Officer for the AI observability startup With a career that spans decades, Marc has been hacking since the 80’s. Professionally Marc has served as VP of Cybersecurity Strategy for Okta, Head of Security for Cloudflare and Principal Security researcher for Lookout. He’s been a CISO in South Korea and spent a decade managing security for the UK operator, Vodafone.
Jen Patja is the editor and producer of the Lawfare Podcast and Rational Security. She currently serves as the Co-Executive Director of Virginia Civics, a nonprofit organization that empowers the next generation of leaders in Virginia by promoting constitutional literacy, critical thinking, and civic engagement. She is the former Deputy Director of the Robert H. Smith Center for the Constitution at James Madison's Montpelier and has been a freelance editor for over 20 years.

Subscribe to Lawfare