#securityleadership — Public Fediverse posts

A practical rubric by Ben Vierck lets SaaS vendors assess their product strategy against AI-driven commoditization. Applied to cybersecurity, it reveals where a strategy holds and where it needs work.

https://zeltser.com/scoring-security-product-strategy

#cybersecurity #infosec #productmanagement #AI #securityleadership

Agentic AI represents a paradigm shift in cyber threats — autonomous agents can scale attacks, exploit identity systems, and bypass many existing controls. This article breaks down the tactical and strategic implications and offers mitigation guidance for security leaders. Read more: https://wix.to/bcyQWwD

#AI
#AgenticAI
#CyberRisk
#InformationSecurity
#SecurityLeadership

AI is making commodity software nearly free to produce, exposing security vendors without real moats. Feature lists stopped being a reliable signal of which products will hold their position as commoditization sorts the market. If you were anxious about "SaaSpocalypse," here's a practical way to understand and handle it:

A seven-dimension rubric from Ben Vierck scores software products from 1 to 3 across each dimension. Three cybersecurity-specific dynamics raise scores for products with compounding defensibility. For example, an EDR platform with a shared data layer can score 20 out of 21 because its dimensions reinforce each other. Enterprise buyers generate telemetry that sharpens detection, which strengthens the compliance posture that attracts the next buyer.

Product managers and founders can apply the rubric to their own product, while buyers can apply it to their vendor shortlist. A low score names a dimension that needs investment, or a vendor likely to be bundled, absorbed, or replaced. Running the exercise honestly identifies the gaps worth examining.

https://zeltser.com/scoring-security-product-strategy

#cybersecurity #infosec #productmanagement #AI #securityleadership

Now you can receive my blog posts via email. Go ahead and sign up: https://zeltser.com/newsletter

I've enjoyed writing more frequently and deeply than I have in recent years, and I'm glad to have more ways to get those articles in front of readers who want them.

All of my posts will continue to reside on my site, but I want to make it easy for people to read them in a way that works for them, whether on social media, in their RSS reader, or in their email inbox.

I decided to maintain my own website and newsletter platform rather than using services such as Medium and Substack so I can shape the reading experience and keep it free of paywalls and ads.

#infosec #cybersecurity #securityleadership

Ignoring cyber risk is cheaper right up until it becomes spectacularly expensive💡

#CyberSecurity #InformationSecurity #Infosec #Compliance #GRC #CyberResilience #ITSecurity #CyberRisk #CyberAwareness #DigitalSecurity #SecurityLeadership #RiskAssessment #ISMS #ISO27001 #CISO

Nothing weakens a security culture faster than executive shortcut syndrome.💡

#CyberSecurity #InformationSecurity #Infosec #Compliance #GRC #CyberRisk #CyberAwareness #SecurityLeadership #ISMS #CISO

No One Said No – Overprivileged AI Systems
https://youtu.be/SFvZ_KjjAPA #AIsecurity #CyberSecurity #ArtificialIntelligence #AIrisks #AgenticAI #ZeroTrust #LeastPrivilege #AccessControl #InfoSec #CyberRisk #DataSecurity #EnterpriseSecurity #AIgovernance #SecurityLeadership

We invest hours analyzing a security risk, and that effort makes us overvalue the recommendation. An executive who hasn't shared that analysis weighs the same risk differently, and they might be right.

https://zeltser.com/rejected-security-recommendations

#cybersecurity #securityleadership #CISO #infosec

As we automate more security work, stakeholders trust what they can see. Making them feel secure is as much our job as making them secure.

https://zeltser.com/importance-of-feeling-secure

#cybersecurity #infosec #securityleadership

When DevOps overwhelmed security reviews, the same velocity let teams patch in minutes instead of waiting for quarterly releases. Vibe coding by non-developers is the next shift where that speed works in our favor.

https://zeltser.com/security-governance-vibe-coding

#cybersecurity #infosec #securityleadership #AI

We adapted security governance to SaaS adoption and DevOps velocity. Vibe coding by non-developers is the next comparable shift, and those transitions give us a starting approach, even though the timeline is shorter.

https://zeltser.com/security-governance-vibe-coding

#cybersecurity #infosec #securityleadership #AI

Every organization has a “Mike.”

The one who knows how everything works.

That’s not a strength. That’s a risk.

New article: When Security Architecture Depends on Tribal Knowledge

https://jimguckin.com/2026/03/19/when-security-architecture-depends-on-tribal-knowledge/

#CyberSecurity #SecurityArchitecture #InfoSec #SecurityLeadership

The fastest deal is useless if your vendor opens the wrong door 🚪

#CyberSecurity #DataProtection #InformationSecurity #Infosec #Compliance #ITSecurity #CyberRisk #CyberAwareness #DigitalSecurity #SecurityLeadership #BusinessContinuity #RiskAssessment #ISMS #ISO27001 #CISO

The fastest deal is useless if your vendor opens the wrong door 🚪

#CyberSecurity #DataProtection #InformationSecurity #Infosec #Compliance #ITSecurity #CyberRisk #CyberAwareness #DigitalSecurity #SecurityLeadership #BusinessContinuity #RiskAssessment #ISMS #ISO27001 #CISO

One supplier breach can turn into everyone’s bad day.

#CyberSecurity #DataPrivacy #RiskManagement #InformationSecurity #CyberResilience #Infosec #CloudSecurity #CyberRisk #ITSecurity #Compliance #DataProtection #DigitalTransformation #CyberAwareness #SecurityLeadership

Removing users is easy - removing their access ghosts 👻 takes discipline

#CyberSecurity #RiskManagement #Infosec #Compliance #GRC #CyberResilience #ITSecurity #CyberRisk #CyberAwareness #SecurityLeadership #BusinessContinuity #RiskAssessment #ISMS #ISO27001 #CISO

Liat Hayun, SVP Product Management at Tenable, on ownership and exposure:
Remove “someone should fix this.”

Adopt “I am the only one who will fix this.”
“A vulnerability in a vacuum is just a line of code.”

Security teams are drowning in signals. Context defines actionability.

Read: https://www.technadu.com/from-national-security-to-enterprise-risk-turning-data-into-decisions-and-proving-excellence-has-no-gender/621106/

#WomenInCyber #ExposureManagement #SecurityLeadership #LeadHerInSecurity #Tenable

Liat Hayun, SVP Product Management at Tenable, on ownership and exposure:
Remove “someone should fix this.”

Adopt “I am the only one who will fix this.”
“A vulnerability in a vacuum is just a line of code.”

Security teams are drowning in signals. Context defines actionability.

Read: https://www.technadu.com/from-national-security-to-enterprise-risk-turning-data-into-decisions-and-proving-excellence-has-no-gender/621106/

#WomenInCyber #ExposureManagement #SecurityLeadership #LeadHerInSecurity #Tenable

Liat Hayun, SVP Product Management at Tenable, on ownership and exposure:
Remove “someone should fix this.”

Adopt “I am the only one who will fix this.”
“A vulnerability in a vacuum is just a line of code.”

Security teams are drowning in signals. Context defines actionability.

Read: https://www.technadu.com/from-national-security-to-enterprise-risk-turning-data-into-decisions-and-proving-excellence-has-no-gender/621106/

#WomenInCyber #ExposureManagement #SecurityLeadership #LeadHerInSecurity #Tenable

Liat Hayun, SVP Product Management at Tenable, on ownership and exposure:
Remove “someone should fix this.”

Adopt “I am the only one who will fix this.”
“A vulnerability in a vacuum is just a line of code.”

Security teams are drowning in signals. Context defines actionability.

Read: https://www.technadu.com/from-national-security-to-enterprise-risk-turning-data-into-decisions-and-proving-excellence-has-no-gender/621106/

#WomenInCyber #ExposureManagement #SecurityLeadership #LeadHerInSecurity #Tenable

This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now

997 words, 5 minutes read time.

If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.

This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.

What this scam actually is

You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.

It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:

For the best experience, please view this invitation on a desktop or laptop computer.

If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.

And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.

Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.

Why this is an absolute nightmare for security teams

Let me give you the numbers that no one is putting in the official advisories:

• As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
• Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
• This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
• Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.

I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.

This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.

How to not get burned

I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.

For everyone

• Real Punchbowl invites will only ever come from an address ending in @punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately.
• Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
• Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.

For SOC Analysts and Security Teams

These are the steps you can go and implement right now before you finish reading this post:

1. Add an email detection rule for the exact string for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate.
2. Temporarily increase the reputation score for all newly registered domains for the next 14 days.
3. Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
4. If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.

Closing Thought

The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.

If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

• Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
• CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
• Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
• Punchbowl Official Public Warning
• Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
• Proofpoint Threat Insight: Punchbowl Phishing Campaign
• MITRE ATT&CK T1566.001: Spearphishing Link
• Verizon DBIR 2025: Phishing Effectiveness

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now

997 words, 5 minutes read time.

If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.

This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.

What this scam actually is

You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.

It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:

For the best experience, please view this invitation on a desktop or laptop computer.

If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.

And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.

Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.

Why this is an absolute nightmare for security teams

Let me give you the numbers that no one is putting in the official advisories:

• As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
• Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
• This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
• Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.

I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.

This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.

How to not get burned

I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.

For everyone

• Real Punchbowl invites will only ever come from an address ending in @punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately.
• Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
• Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.

For SOC Analysts and Security Teams

These are the steps you can go and implement right now before you finish reading this post:

1. Add an email detection rule for the exact string for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate.
2. Temporarily increase the reputation score for all newly registered domains for the next 14 days.
3. Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
4. If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.

Closing Thought

The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.

If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

• Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
• CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
• Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
• Punchbowl Official Public Warning
• Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
• Proofpoint Threat Insight: Punchbowl Phishing Campaign
• MITRE ATT&CK T1566.001: Spearphishing Link
• Verizon DBIR 2025: Phishing Effectiveness

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now

997 words, 5 minutes read time.

If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.

This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.

What this scam actually is

You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.

It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:

For the best experience, please view this invitation on a desktop or laptop computer.

If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.

And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.

Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.

Why this is an absolute nightmare for security teams

Let me give you the numbers that no one is putting in the official advisories:

• As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
• Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
• This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
• Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.

I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.

This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.

How to not get burned

I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.

For everyone

• Real Punchbowl invites will only ever come from an address ending in @punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately.
• Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
• Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.

For SOC Analysts and Security Teams

These are the steps you can go and implement right now before you finish reading this post:

1. Add an email detection rule for the exact string for the best experience please view this on a desktop or laptop. At time of writing this rule has a 0% false positive rate.
2. Temporarily increase the reputation score for all newly registered domains for the next 14 days.
3. Add this exact lure to your phishing simulation program immediately. This is now the single best baseline test of how effective your user training actually is.
4. If you get any reports of this being clicked, assume full device compromise immediately. Do not waste time triaging. Isolate the host.

Closing Thought

The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.

If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

• Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
• CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
• Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
• Punchbowl Official Public Warning
• Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
• Proofpoint Threat Insight: Punchbowl Phishing Campaign
• MITRE ATT&CK T1566.001: Spearphishing Link
• Verizon DBIR 2025: Phishing Effectiveness

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

Incident response isn’t a script.

If your team is just following the playbook without true situational awareness, you might be running theater, not security.

New article:
https://jimguckin.com/2026/02/11/incident-response-without-situational-awareness-is-theater/

#CyberSecurity #IncidentResponse #SecurityLeadership #CyberResilience

What if the CISO's real job is calibrating the right amount of insecurity? Information must flow. Apps must be used. Links must be clicked. To calibrate the right level of insecurity we should:

1. Learn how fast the business wants to move.
2. Define how much insecurity the organization can absorb.
3. Measure the gap between current and acceptable insecurity.

https://zeltser.com/chief-insecurity-officer

#infosec #cybersecurity #securityleadership #CISO

Not all #AI belongs in security decision making, and that is where many teams go wrong.

In this Brand Highlight, Sean Martin, CISSP is joined by Michael Roytman , CTO of Empirical Security, to talk about why purpose built models matter in preventative security. We cover prediction vs summarization, why retraining matters, and how data driven modeling changes security outcomes.

🎥 Watch the full conversation here: https://youtu.be/2sH5PQMHna8

Do you have a good story to tell?
We would love to help!
✨ https://www.studioc60.com

#cybersecurity #genai #machinelearning #riskmanagement #securityleadership #infosec #infosecurity

The AI Red Teaming Crisis: When Attackers Move Faster Than Defenders
https://youtu.be/pYcgLbjcuuE #AI #Cybersecurity #RedTeam #AIDefense #ThreatIntelligence #DeepfakeSecurity #MalwareAnalysis #PostQuantum #ZeroTrust #CyberRisk #AISecurity #FutureOfCyber #SecurityLeadership #InfoSec

More ITSPmagazine's Remote - yet amazing - CyberCon Melbourne Coverage!

Sean Martin, CISSP and I reconnected with our friend Tim Brown, CISO at SolarWinds, who is keynoting the event talking about Leading Through Crisis, Trust, Context, and Resilience.

Tim Brown's job changed overnight. December 11th, he was managing security operations at SolarWinds. December 12th, he was leading response to one of cybersecurity's most scrutinized incidents.

We caught up with our longtime friend from New York and Florence to Melbourne ahead of his keynote at #AISA CyberCon. Tim became the first CISO ever charged by the SEC—a distinction nobody wants, but one that shaped his mission to help others prepare for their own crisis moments.

What saved SolarWinds? Implicit trust. The war room team operated without second-guessing because relationships were built before December 2020.

Tim's CIO handled deployment. Engineering investigated the build system. Marketing and legal managed their domains. Everyone knew their role.

"400 engineers focused completely on security for six months in pure focus.

When you say it with emotion, it conveys the real cost," Tim explains. Written communication failed during the incident. People needed to hear, to feel the weight of decisions in real time.

Tim now mentors aspiring #CISOs through the RSA Conference CISO Bootcamp, teaching the non-technical aspects of security leadership: board communication, managing stress, building culture. He's candid about the toll—including a heart attack in Zurich the week his SEC charges were announced—and why finding your safe place isn't a luxury, it's survival.

His CyberCon keynote covers incident response stages and how culture determines who steps up versus who runs away when crisis hits.

Watch or listen:

🎬 Full Interview: https://youtu.be/4jqx_IshhWI

🎧 Podcast: https://itspradio.com/episodes/first-ciso-charged-by-sec-tim-brown-on-trust-context-and-leading-through-crisis-interview-with-tim-brown-aisa-cybercon-melbourne-2025-coverage-on-location-with-sean-martin-and-marco-ciappelli

🎬 Highlights: https://youtu.be/z5_GJEuBNdU

Click here for the full coverage with more interviews with Jacqueline Jayne, Amberley Brady, and more to come!

If you're leading security teams or aspiring to, Tim's lessons are essential. Build trust now, before you need it.

#CISO #Leadership #IncidentResponse #Cybersecurity #CyberConMelbourne #SolarWinds #CrisisManagement #SecurityLeadership #infosec

Why Your Security Team Needs Geographic Threat Intelligence Visualization 🗺️
Traditional security dashboards show you WHAT happened, but not WHERE it's happening or HOW threats are connected geographically. Your SOC analysts are drowning in isolated alerts while missing the bigger picture - attack campaigns that span multiple IPs and locations. This geographic blind spot is costing companies millions in delayed detection and response times.
🎯 Five Reasons to Use Geographic Threat Intelligence:
Faster Incident Response - See attack patterns immediately, not after hours of analysis
Better Resource Allocation - Focus security resources on high-risk geographic areas
Enhanced Threat Hunting - Spot attack campaigns across multiple IPs and locations
Improved Prioritization - Group related threats by geography and risk level
Better Communication - Show executives the threat landscape visually
Don't let your security team fight blind. Give them the geographic intelligence they need to win the battle against cyber threats.
#Cybersecurity #ThreatIntelligence #SOC #IncidentResponse #SecurityOperations #CyberDefense #ThreatHunting #SecurityAnalytics #InfoSec #CyberThreats #SecurityTools #DataVisualization #SecurityInnovation #CyberAwareness #SecurityLeadership #RiskManagement #SecurityMonitoring #ThreatDetection #CyberResilience #SecurityStrategy

https://chickenpwny.github.io/AzureOrder365/

Why Your Security Team Needs Geographic Threat Intelligence Visualization 🗺️
Traditional security dashboards show you WHAT happened, but not WHERE it's happening or HOW threats are connected geographically. Your SOC analysts are drowning in isolated alerts while missing the bigger picture - attack campaigns that span multiple IPs and locations. This geographic blind spot is costing companies millions in delayed detection and response times.
🎯 Five Reasons to Use Geographic Threat Intelligence:
Faster Incident Response - See attack patterns immediately, not after hours of analysis
Better Resource Allocation - Focus security resources on high-risk geographic areas
Enhanced Threat Hunting - Spot attack campaigns across multiple IPs and locations
Improved Prioritization - Group related threats by geography and risk level
Better Communication - Show executives the threat landscape visually
Don't let your security team fight blind. Give them the geographic intelligence they need to win the battle against cyber threats.
#Cybersecurity #ThreatIntelligence #SOC #IncidentResponse #SecurityOperations #CyberDefense #ThreatHunting #SecurityAnalytics #InfoSec #CyberThreats #SecurityTools #DataVisualization #SecurityInnovation #CyberAwareness #SecurityLeadership #RiskManagement #SecurityMonitoring #ThreatDetection #CyberResilience #SecurityStrategy

https://chickenpwny.github.io/AzureOrder365/

Why Your Security Team Needs Geographic Threat Intelligence Visualization 🗺️
Traditional security dashboards show you WHAT happened, but not WHERE it's happening or HOW threats are connected geographically. Your SOC analysts are drowning in isolated alerts while missing the bigger picture - attack campaigns that span multiple IPs and locations. This geographic blind spot is costing companies millions in delayed detection and response times.
🎯 Five Reasons to Use Geographic Threat Intelligence:
Faster Incident Response - See attack patterns immediately, not after hours of analysis
Better Resource Allocation - Focus security resources on high-risk geographic areas
Enhanced Threat Hunting - Spot attack campaigns across multiple IPs and locations
Improved Prioritization - Group related threats by geography and risk level
Better Communication - Show executives the threat landscape visually
Don't let your security team fight blind. Give them the geographic intelligence they need to win the battle against cyber threats.
#Cybersecurity #ThreatIntelligence #SOC #IncidentResponse #SecurityOperations #CyberDefense #ThreatHunting #SecurityAnalytics #InfoSec #CyberThreats #SecurityTools #DataVisualization #SecurityInnovation #CyberAwareness #SecurityLeadership #RiskManagement #SecurityMonitoring #ThreatDetection #CyberResilience #SecurityStrategy

https://chickenpwny.github.io/AzureOrder365/

Why Your Security Team Needs Geographic Threat Intelligence Visualization 🗺️
Traditional security dashboards show you WHAT happened, but not WHERE it's happening or HOW threats are connected geographically. Your SOC analysts are drowning in isolated alerts while missing the bigger picture - attack campaigns that span multiple IPs and locations. This geographic blind spot is costing companies millions in delayed detection and response times.
🎯 Five Reasons to Use Geographic Threat Intelligence:
Faster Incident Response - See attack patterns immediately, not after hours of analysis
Better Resource Allocation - Focus security resources on high-risk geographic areas
Enhanced Threat Hunting - Spot attack campaigns across multiple IPs and locations
Improved Prioritization - Group related threats by geography and risk level
Better Communication - Show executives the threat landscape visually
Don't let your security team fight blind. Give them the geographic intelligence they need to win the battle against cyber threats.
#Cybersecurity #ThreatIntelligence #SOC #IncidentResponse #SecurityOperations #CyberDefense #ThreatHunting #SecurityAnalytics #InfoSec #CyberThreats #SecurityTools #DataVisualization #SecurityInnovation #CyberAwareness #SecurityLeadership #RiskManagement #SecurityMonitoring #ThreatDetection #CyberResilience #SecurityStrategy

https://chickenpwny.github.io/AzureOrder365/

Why Your Security Team Needs Geographic Threat Intelligence Visualization 🗺️
Traditional security dashboards show you WHAT happened, but not WHERE it's happening or HOW threats are connected geographically. Your SOC analysts are drowning in isolated alerts while missing the bigger picture - attack campaigns that span multiple IPs and locations. This geographic blind spot is costing companies millions in delayed detection and response times.
🎯 Five Reasons to Use Geographic Threat Intelligence:
Faster Incident Response - See attack patterns immediately, not after hours of analysis
Better Resource Allocation - Focus security resources on high-risk geographic areas
Enhanced Threat Hunting - Spot attack campaigns across multiple IPs and locations
Improved Prioritization - Group related threats by geography and risk level
Better Communication - Show executives the threat landscape visually
Don't let your security team fight blind. Give them the geographic intelligence they need to win the battle against cyber threats.
#Cybersecurity #ThreatIntelligence #SOC #IncidentResponse #SecurityOperations #CyberDefense #ThreatHunting #SecurityAnalytics #InfoSec #CyberThreats #SecurityTools #DataVisualization #SecurityInnovation #CyberAwareness #SecurityLeadership #RiskManagement #SecurityMonitoring #ThreatDetection #CyberResilience #SecurityStrategy

https://chickenpwny.github.io/AzureOrder365/

Innovator Spotlight: 360 Privacy – Source: www.cyberdefensemagazine.com https://ciso2ciso.com/innovator-spotlight-360-privacy-source-www-cyberdefensemagazine-com/ #PsychologicalDimensionsofRisk #CrossFunctionalIntelligence #AdaptiveThreatAssessment #HolisticSecurityStrategy #rssfeedpostgeneratorecho #DigitalandPhysicalRisk #cyberdefensemagazine #DigitalVulnerability #cyberdefensemagazine #AlgorithmicThreats #DarkWebMarketplace #Securityleadership #CyberSecurityNews #AIRadicalization #360Privacy

🎙️ Catching Up With Ken Munro After Infosecurity Europe 2025 — Hack the Planet, One System at a Time

This is our final On Location episode from Infosecurity Europe 2025, and I couldn’t think of a better way to wrap it than with Ken Munro of Pen Test Partners — a conversation that dives into real-world #hacking: from vehicles to planes to critical infrastructure, and why tangible, hands-on security education matters more than ever.

▶️ Watch the Video: https://youtu.be/5hgs01-RzjM?si=K0b9HQnAidbRgQpa

🎧 Listen to the Podcast: https://on-location-with-sean-martin-and-marco-ciappelli.simplecast.com/episodes/catching-up-with-ken-munro-after-infosecurity-europe-2025-hacking-the-planet-one-car-one-plane-and-one-system-at-a-time

As we close the London chapter, we now go full throttle into Black Hat USA — our next stop for on-location coverage.

If your company wants to join the ITSPmagazine coverage with a sponsored podcast or executive briefing, now’s the time.

Only a few spots left.

Book here https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegas

Or DM me or Sean Martin, CISSP Martin if you want in.

#HackThePlanet #InfosecurityEurope #BlackHatUSA #Cybersecurity #PenTestPartners #OnLocation #Podcast #ITSPmagazine #SecurityLeadership #CyberAwareness #HackerMindset #DefconVibes #infosec2025

Innovator Spotlight: Qualys – Source: www.cyberdefensemagazine.com https://ciso2ciso.com/innovator-spotlight-qualys-source-www-cyberdefensemagazine-com/ #rssfeedpostgeneratorecho #cybersecurityplatform #compliancevisibility #cyberdefensemagazine #cyberdefensemagazine #executivereporting #Securityleadership #CyberSecurityNews #governancetools #auditreadiness #CISOStrategy #policyaudit #cyberrisk #Spotlight #Qualys

Innovator Spotlight: Qualys – Source: www.cyberdefensemagazine.com https://ciso2ciso.com/innovator-spotlight-qualys-source-www-cyberdefensemagazine-com/ #rssfeedpostgeneratorecho #cybersecurityplatform #compliancevisibility #cyberdefensemagazine #cyberdefensemagazine #executivereporting #Securityleadership #CyberSecurityNews #governancetools #auditreadiness #CISOStrategy #policyaudit #cyberrisk #Spotlight #Qualys

Innovator Spotlight: Qualys – Source: www.cyberdefensemagazine.com https://ciso2ciso.com/innovator-spotlight-qualys-source-www-cyberdefensemagazine-com/ #rssfeedpostgeneratorecho #cybersecurityplatform #compliancevisibility #cyberdefensemagazine #cyberdefensemagazine #executivereporting #Securityleadership #CyberSecurityNews #governancetools #auditreadiness #CISOStrategy #policyaudit #cyberrisk #Spotlight #Qualys

Innovator Spotlight: Qualys – Source: www.cyberdefensemagazine.com https://ciso2ciso.com/innovator-spotlight-qualys-source-www-cyberdefensemagazine-com/ #rssfeedpostgeneratorecho #cybersecurityplatform #compliancevisibility #cyberdefensemagazine #cyberdefensemagazine #executivereporting #Securityleadership #CyberSecurityNews #governancetools #auditreadiness #CISOStrategy #policyaudit #cyberrisk #Spotlight #Qualys

A couple more news from #InfosecurityEurope25
Post Event Recordings On ITSPmagazine

🎙️ These Aren’t Soft Skills — They’re Human Skills
A post–Infosecurity Europe 2025 conversation with Rob Black and Anthony D'Alton

Yes, Infosecurity Europe 2025 is behind us, but the most important conversations are still unfolding — like this one.

I (Marco Ciappelli) reconnected with Rob Black (yeah, I kicked Sean Martin, CISSP out again… temporarily 😄) and welcomed Anthony D’Alton to dive into something we all know is important but rarely define properly: so-called soft skills — or as we prefer to call them… human skills.

From communication and trust to team resilience and real-world training, this conversation is a practical look at what truly makes cybersecurity teams work — and why these “intangibles” aren’t soft at all.

🎥 Watch the conversation:
👉 https://youtu.be/iczQBFabLno

🎧 Prefer audio? Listen to the podcast:
👉 https://eventcoveragepodcast.com/episodes/these-arent-soft-skills-theyre-human-skills-a-postinfosecurity-europe-2025-conversation-with-rob-black-and-anthony-dalton

📚 See all the Infosecurity Europe 2025 coverage:
👉 https://www.itspmagazine.com/infosec25

✅ Next stop: Black Hat USA 2025 – Las Vegas
If your company would like to join us for an On Location Brand Story or Editorial Conversation at Black Hat USA — now is the time to book:

👉 Full Sponsorship
🔗 Book here: https://www.itspmagazine.com/event-coverage-sponsorship-and-briefings

👉 On Location Briefing
🔗 Book here: https://www.itspmagazine.com/event-coverage-briefings

#Cybersecurity #InfosecurityEurope2025 #HumanSkills #SoftSkills #CyberResilience #SecurityLeadership #StorytellingInCyber #ITSPmagazine #MarcoCiappelli #RobBlack #AnthonyDalton #OnLocation #IncidentResponse #CommunicationSkills #Teamwork #BlackHat2025 #Sponsorship #MediaPartnerships #blackhat

A couple more news from #InfosecurityEurope25
Post Event Recordings On ITSPmagazine

🎙️ These Aren’t Soft Skills — They’re Human Skills
A post–Infosecurity Europe 2025 conversation with Rob Black and Anthony D'Alton

Yes, Infosecurity Europe 2025 is behind us, but the most important conversations are still unfolding — like this one.

I (Marco Ciappelli) reconnected with Rob Black (yeah, I kicked Sean Martin, CISSP out again… temporarily 😄) and welcomed Anthony D’Alton to dive into something we all know is important but rarely define properly: so-called soft skills — or as we prefer to call them… human skills.

From communication and trust to team resilience and real-world training, this conversation is a practical look at what truly makes cybersecurity teams work — and why these “intangibles” aren’t soft at all.

🎥 Watch the conversation:
👉 https://youtu.be/iczQBFabLno

🎧 Prefer audio? Listen to the podcast:
👉 https://eventcoveragepodcast.com/episodes/these-arent-soft-skills-theyre-human-skills-a-postinfosecurity-europe-2025-conversation-with-rob-black-and-anthony-dalton

📚 See all the Infosecurity Europe 2025 coverage:
👉 https://www.itspmagazine.com/infosec25

✅ Next stop: Black Hat USA 2025 – Las Vegas
If your company would like to join us for an On Location Brand Story or Editorial Conversation at Black Hat USA — now is the time to book:

👉 Full Sponsorship
🔗 Book here: https://www.itspmagazine.com/event-coverage-sponsorship-and-briefings

👉 On Location Briefing
🔗 Book here: https://www.itspmagazine.com/event-coverage-briefings

#Cybersecurity #InfosecurityEurope2025 #HumanSkills #SoftSkills #CyberResilience #SecurityLeadership #StorytellingInCyber #ITSPmagazine #MarcoCiappelli #RobBlack #AnthonyDalton #OnLocation #IncidentResponse #CommunicationSkills #Teamwork #BlackHat2025 #Sponsorship #MediaPartnerships #blackhat

A couple more news from #InfosecurityEurope25
Post Event Recordings On ITSPmagazine

🎙️ These Aren’t Soft Skills — They’re Human Skills
A post–Infosecurity Europe 2025 conversation with Rob Black and Anthony D'Alton

Yes, Infosecurity Europe 2025 is behind us, but the most important conversations are still unfolding — like this one.

I (Marco Ciappelli) reconnected with Rob Black (yeah, I kicked Sean Martin, CISSP out again… temporarily 😄) and welcomed Anthony D’Alton to dive into something we all know is important but rarely define properly: so-called soft skills — or as we prefer to call them… human skills.

From communication and trust to team resilience and real-world training, this conversation is a practical look at what truly makes cybersecurity teams work — and why these “intangibles” aren’t soft at all.

🎥 Watch the conversation:
👉 https://youtu.be/iczQBFabLno

🎧 Prefer audio? Listen to the podcast:
👉 https://eventcoveragepodcast.com/episodes/these-arent-soft-skills-theyre-human-skills-a-postinfosecurity-europe-2025-conversation-with-rob-black-and-anthony-dalton

📚 See all the Infosecurity Europe 2025 coverage:
👉 https://www.itspmagazine.com/infosec25

✅ Next stop: Black Hat USA 2025 – Las Vegas
If your company would like to join us for an On Location Brand Story or Editorial Conversation at Black Hat USA — now is the time to book:

👉 Full Sponsorship
🔗 Book here: https://www.itspmagazine.com/event-coverage-sponsorship-and-briefings

👉 On Location Briefing
🔗 Book here: https://www.itspmagazine.com/event-coverage-briefings

#Cybersecurity #InfosecurityEurope2025 #HumanSkills #SoftSkills #CyberResilience #SecurityLeadership #StorytellingInCyber #ITSPmagazine #MarcoCiappelli #RobBlack #AnthonyDalton #OnLocation #IncidentResponse #CommunicationSkills #Teamwork #BlackHat2025 #Sponsorship #MediaPartnerships #blackhat

A couple more news from #InfosecurityEurope25
Post Event Recordings On ITSPmagazine

🎙️ These Aren’t Soft Skills — They’re Human Skills
A post–Infosecurity Europe 2025 conversation with Rob Black and Anthony D'Alton

Yes, Infosecurity Europe 2025 is behind us, but the most important conversations are still unfolding — like this one.

I (Marco Ciappelli) reconnected with Rob Black (yeah, I kicked Sean Martin, CISSP out again… temporarily 😄) and welcomed Anthony D’Alton to dive into something we all know is important but rarely define properly: so-called soft skills — or as we prefer to call them… human skills.

From communication and trust to team resilience and real-world training, this conversation is a practical look at what truly makes cybersecurity teams work — and why these “intangibles” aren’t soft at all.

🎥 Watch the conversation:
👉 https://youtu.be/iczQBFabLno

🎧 Prefer audio? Listen to the podcast:
👉 https://eventcoveragepodcast.com/episodes/these-arent-soft-skills-theyre-human-skills-a-postinfosecurity-europe-2025-conversation-with-rob-black-and-anthony-dalton

📚 See all the Infosecurity Europe 2025 coverage:
👉 https://www.itspmagazine.com/infosec25

✅ Next stop: Black Hat USA 2025 – Las Vegas
If your company would like to join us for an On Location Brand Story or Editorial Conversation at Black Hat USA — now is the time to book:

👉 Full Sponsorship
🔗 Book here: https://www.itspmagazine.com/event-coverage-sponsorship-and-briefings

👉 On Location Briefing
🔗 Book here: https://www.itspmagazine.com/event-coverage-briefings

#Cybersecurity #InfosecurityEurope2025 #HumanSkills #SoftSkills #CyberResilience #SecurityLeadership #StorytellingInCyber #ITSPmagazine #MarcoCiappelli #RobBlack #AnthonyDalton #OnLocation #IncidentResponse #CommunicationSkills #Teamwork #BlackHat2025 #Sponsorship #MediaPartnerships #blackhat

A couple more news from #InfosecurityEurope25
Post Event Recordings On ITSPmagazine

🎙️ These Aren’t Soft Skills — They’re Human Skills
A post–Infosecurity Europe 2025 conversation with Rob Black and Anthony D'Alton

Yes, Infosecurity Europe 2025 is behind us, but the most important conversations are still unfolding — like this one.

I (Marco Ciappelli) reconnected with Rob Black (yeah, I kicked Sean Martin, CISSP out again… temporarily 😄) and welcomed Anthony D’Alton to dive into something we all know is important but rarely define properly: so-called soft skills — or as we prefer to call them… human skills.

From communication and trust to team resilience and real-world training, this conversation is a practical look at what truly makes cybersecurity teams work — and why these “intangibles” aren’t soft at all.

🎥 Watch the conversation:
👉 https://youtu.be/iczQBFabLno

🎧 Prefer audio? Listen to the podcast:
👉 https://eventcoveragepodcast.com/episodes/these-arent-soft-skills-theyre-human-skills-a-postinfosecurity-europe-2025-conversation-with-rob-black-and-anthony-dalton

📚 See all the Infosecurity Europe 2025 coverage:
👉 https://www.itspmagazine.com/infosec25

✅ Next stop: Black Hat USA 2025 – Las Vegas
If your company would like to join us for an On Location Brand Story or Editorial Conversation at Black Hat USA — now is the time to book:

👉 Full Sponsorship
🔗 Book here: https://www.itspmagazine.com/event-coverage-sponsorship-and-briefings

👉 On Location Briefing
🔗 Book here: https://www.itspmagazine.com/event-coverage-briefings

#Cybersecurity #InfosecurityEurope2025 #HumanSkills #SoftSkills #CyberResilience #SecurityLeadership #StorytellingInCyber #ITSPmagazine #MarcoCiappelli #RobBlack #AnthonyDalton #OnLocation #IncidentResponse #CommunicationSkills #Teamwork #BlackHat2025 #Sponsorship #MediaPartnerships #blackhat

This week I've been:

✅ Finalising a strategic partnership with a vulnerability assessment company
✅ Creating video-based security training that people actually want to watch
✅ Conducting Cyber Essentials assessments (yes, they still catch critical gaps!)
✅ Providing technical leadership to growing companies
✅ Deep-diving into AWS security best practices

Cybersecurity isn't just about the latest tools or threats – it's about building security into the fabric of how organisations operate.

The manufacturing client who was eager to learn despite having basic gaps impressed me more than the financial services firm with all the right tools but inconsistent processes.

Security culture > Security technology. Every time.

Three things that stood out this week:

🎯 Cyber Essentials still matters – Even "basic" frameworks catch significant vulnerabilities when properly implemented
🎥 Training works when it's human – Scenario-based learning beats policy recitation every single time
☁️ "Security as code" is the future – Treating security configurations with the same rigor as application code

The variety in this field never stops amazing me. In five days I touched business development, content creation, regulatory compliance, technical consulting, and professional development. Each area informed the others in ways that wouldn't be possible in a more specialised role.

Question for my network: What's been the most surprising security challenge you've encountered recently? I'm always curious about the problems others are solving.

Full weekly roundup here: https://paulreynolds.uk/weekly-roundup-partnership-training-and-cloud-security/

#CyberSecurity #InfoSec #SecurityLeadership #CyberEssentials #CloudSecurity #SecurityTraining

🎙️ When AI writes code, builds models, and simulates threats… who checks the checker?

In this last On Location Conversation from #RSAC2025, Alex Kreilein and John Sapp Jr. join Sean Martin, CISSP to explore what trust actually means in the age of AI-generated security tooling — and how modern #AppSec teams must rethink validation, #resiliency, and #risk.

This episode cuts deep into:

Why “trust the output” is not enough in AI-driven workflows
How #AI security debt is becoming the new tech debt
Why we need #zerotrust thinking applied to models and agents
The real shift: from patching CVEs to building resilient architecture
The role of traceability, governance, and context-driven decision-making

If you’re serious about secure AI, application security, and shifting AppSec left (the right way), this conversation will challenge what you think you know — and help reframe what secure development actually looks like.

🎥 Watch the full video:
👉 https://youtu.be/kJdQz9LmT6s

🎧 Listen to the audio podcast:
👉 https://eventcoveragepodcast.com/episodes/why-we-cant-completely-trust-the-intern-even-if-its-ai-an-rsac-conference-2025-conversation-with-alex-kreilein-and-john-sapp-jr-on-location-coverage-with-sean-martin-and-marco-ciappelli

✨ Thank you to our Full Coverage Sponsors:
ThreatLocker 👉 https://itspm.ag/threatlocker-r974
Akamai Technologies 👉 https://itspm.ag/akamailbwc
BLACKCLOAK 👉 https://itspm.ag/itspbcweb
SandboxAQ 👉 https://itspm.ag/sandboxaq-j2en
Archer Integrated Risk Management 👉 https://itspm.ag/rsaarchweb
ISACA 👉 https://itspm.ag/isaca-96808
Object First 👉 https://itspm.ag/object-first-2gjl
Edera 👉 https://itspm.ag/edera-434868

🎙️ Explore more RSAC 2025 coverage:
👉 https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage

🎧 Catch all of our event conversations:
👉 https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage

🎤 Want to tell your Brand Story Briefing as part of our coverage?
👉 https://itspm.ag/evtcovbrf

📆 Want Sean Martin, CISSP and Marco Ciappelli to cover your event or moderate your panel?
👉 https://www.itspmagazine.com/contact-us

#RSAC2025 #cybersecurity #AppSec #AIsecurity #zerotrust #infosec #securityleadership #riskmanagement #technology #eventcoverage #secureAI #shiftleft #CISO

Are cybersecurity ratings giving us a false sense of security? While external scans offer valuable insights, relying on them alone often misses critical internal vulnerabilities and human factors. In my experience, a more holistic approach is needed to truly understand supply chain risks.

What's worked for you in getting a comprehensive view of your security landscape?

#cybersecurity #supplychainrisk #securityleadership

From Sunday, part of our American team will be joining the North American Information Security Summit, in Denver. Contact us if you'll be there, please!
https://www.relianoid.com/about-us/events/north-american-information-security-summit/
#NAISS2024 #InfoSecSummit #CybersecuritySummit #Denver2024 #InfoSecExecutives #CyberDefense #ITSecurity #CyberThreats #SecurityLeadership #DataPrivacy #ZeroTrust #RansomwareDefense #AITechnologies #CyberWorkshops #IndustryNetworking

Ready to take on the role of #CISO? Let us guide you through your first 100 days in this essential role with our talk track "New CISO," filled with expert insights and strategies to set you up for success.

#securityleadership #cybersecurity #CISOs

https://bfx.social/48EqXzZ