And I want to update on the story of Defense Secretary Hegseth and his use of Signal. US Defense Secretary Pete Hegseth reportedly shared sensitive details regarding the March 15th military strikes in Yemen during a personal Signal chat, which included family and friends rather than government officials. According to The New York Times, the conversation involved flight schedules for F/A-18 Hornets targeting Houthi positions, similar to information previously shared in a separate chat that mistakenly included a journalist. The newly revealed chat, created by Hegseth in January before his confirmation, included approximately a dozen individuals from his personal and professional circles. Sources indicated that while the group chat was informal, aides had advised Hegseth against discussing sensitive military operations, urging him to use his government phone for such matters. Despite these warnings, he continued to use private chat to communicate regarding the strikes.
Why do we care?
This is a cautionary tale about operational security, app misuse, and the human layer of cybersecurity, all of which directly impact how MSPs and SOPs should advise clients.
When leaders break protocol with impunity, it erodes trust in the security culture
If the Defense Secretary can knowingly ignore guidance and share sensitive operational details in an unsecured chat with friends and family—and face no apparent consequences—what message does that send?
Cybersecurity isn’t just about tools or policies; it’s about culture and leadership modeling behavior. When top officials disregard best practices, it legitimizes noncompliance across the organization.
To sell cybersecurity, encourage policy with teeth: Tie violations—regardless of role—to clear consequences, or don’t expect buy-in from anyone else. Thus, it is important to hold accountability for Secretary Hegseth.

