Riley Sennott, 26, is listed as a “senior advisor” in an internal NASA directory, similar to the nebulous titles given to some DOGE staff in other agencies. His name and involvement with DOGE have not been previously reported.
Like many other DOGE workers, he deleted his LinkedIn profile and made his X account private in recent months. However, Sennott did not make the Google Calendar linked to his personal email address private.
Anyone with the address could see every appointment Sennott had on the calendar going back to 2016. On January 6, for example, the calendar included a 15-minute event titled “Riley Sennott and DOGE Recruiting.” The invite came from a Gmail address that DOGE appeared to be using for recruiting.
A calendar appointment from 2023 noted that Sennott “is currently working with a non-profit team in Ukraine to efficiently deliver aid and support evacuations.” The blurb said that Sennott studied symbolic systems and environmental studies in college, “briefly dabbled in consulting,” and has an “entrepreneurial spirit.” His calendar also showed several events related to an internship at Booz Allen Hamilton in 2021.
“The Department of Government Efficiency (DOGE) has arrived onsite at the agency. We anticipate that they will start reviewing our contracts to find efficiencies,” the email reads, according to a copy reviewed by BI.
Last organisation I worked for—not for profit, health—had around 17,500 employees. One of the cybersecurity managers had every employees details and devices on a Google Sheet private account that anyone could see if they had the share URL.
Home addresses, phone numbers, MAC addresses, IMEIs, columns of PII…
I started getting all sorts of unsolicited contact and 2-step authentication alerts “randomly” after two months there and 8 months later rEvil successfully ransomwared for $3.4M.
So when I found this sheet and no one took it seriously, I declared an internal data breach, submitted it to the fed—as you legally must in this country—and shit hit the fan for that department.
I recently had to submit some PII to my employer. The person requesting that information invited me to a video meeting so that the information wouldn’t easily be accessible on record.
I’ve been working in this field for around fifteen years. This was the first time someone in charge of handling my information has even pretended to care about it.
You are a legend
That is fucking amazing.
Please tell me this ‘cybersecurity manager’ was… fired, or drawn and quartered, or something.
I don’t think so. No one higher up quite understood the severity, even after the ransom event. I kind of established the impression that not-for-profit c-suites are full of the leftovers. If they were any good, they’d be elsewhere earning much more.
sigh
This has also been my experience with non profit c suite.
I used to be co-lead of the data department for a non profit that dealt with PII… including medical data… spent a lot of time making sure we were doing things right.
… And then one day, one of the board members asked me to implement blockchain security on our postgres databases, in an in-person meeting.
I buried my head in my hands, looked uo, and told her “No, the blockchain is insanely insecure, its easily de-obfuscated… and it would make our systems run somewhere between 10,000 and 100,000 times more slowly… if its even possible to implement postgres running through or on … some kind of blockchain.”
She did a fake corpo smile and ‘politely’ ended the meeting.
… I wanted to strangle her to death.
Probably got a promotion.