I say this as a CEO: From now on, when children’s health data is compromised because multi factor authentication was not enforced, fire the CEO, not the CISO. I mean, sure, fire the CISO as well, but the CEO bears the responsibility. An update on the PowerSchool breach from the ever-incise @dangoodin https://arstechnica.com/security/2025/01/students-parents-and-teachers-still-smarting-from-breach-exposing-their-info/