Organizations spend real money on penetration testing and too often walk away afterwards with the same vulnerabilities they started with. The test happened. The report landed. The checkbox got checked. Nothing significant has changed.
Featured
From SOC burnout and alert fatigue to resilience and psychological sustainability, these five cybersecurity mental health articles helped shape one of the industry’s most important conversations.
Built by the team behind HOU.SEC.CON. (now CYBR.SEC.CON.) and partnered with renowned penetration tester Phil Wylie, CYBR.HAK.CON. aims to reconnect cybersecurity conferences with their grassroots hacker culture through hands-on training, community collaboration, and practitioner-first experiences.
Sponsored
Community Corner
See allFrom the CYBR.SEC.Community
The Vulnpocalypse Isn’t Your Problem
But it might be your company’s problem.
One Sector, A Million+ Data Environments
What a nonprofit collects, captures, manages, and is responsible for protecting isn't uniform. And in many cases, the sensitivity of that data maps directly back to their unique mission in ways that should fundamentally shape how we approach security for these organizations.
Cybersecurity Is More Than Keyboards and Dashboards
Cybersecurity is more than keyboards, dashboards, and job titles. At CYBR.SEC.Community, we’re researching the broader ecosystem of roles, skills, and people that make this community work—and why that broader view should encourage more people to find their place in it.
Stop Securing Nonprofits. Start Securing Their Missions
Cybersecurity treats nonprofits as a single category, despite vast differences in mission, data sensitivity, and risk. From animal shelters to domestic violence services to hospitals, each faces a distinct threat landscape.
Fix it! NO, Not Like THAT
Security pros often don’t understand why their business won’t accept certain types of solutions. Thus, they can’t articulate those problems to vendors. If both sides can't grasp why existing solutions aren’t organizationally viable, they stand no chance at building better solutions that are viable.
Latest Articles
See all
Vulnerability ManagementSOCCVECVSS
From Threat Intel to ‘VulnOps’: Why Level 1 SOC as We Know It Is Heading to Extinction
Traditional security operations: CTI feeds piped into a SIEM, alerts routing into a ticket queue, and analysts triaging the resulting flood is running out of road. A new operational model is emerging in its place, and it doesn’t look much like what most security teams currently have in place.
Blue Teamred team
Hack the Defenders: Tim Medin on Why Blue Teams Need an Offensive Mindset
Medin covers the evolution of penetration testing and why defenders need to stop relying solely on compliance checklists and start thinking like attackers.
Agentic AIAI Security
Agentic AI Security Risks Are Growing Faster Than State and Local Defenses
Federal agencies and tech providers are accelerating AI security programs but organizations responsible for water systems, emergency services, and local government operations are struggling to keep pace. (Article includes an infographic to help security teams understand the operational challenges.)
Medical Device Security
Medical Device Cybersecurity in 2026: More Investment, More Attacks, More Harm
New survey results show that medical device procurement standards are tightening and budgets are growing, yet organizations are not keeping pace with threat actors as their attacks become more frequent. And the security gap between legacy and newly deployed devices isn’t closing.
Vulnerability ManagementCVECVSS
How to Build a Vulnerability Intelligence Pipeline That Doesn't Rely on NIST's NVD
With NIST's National Vulnerability Database now triaging only a fraction of incoming CVEs, security teams must diversify beyond NVD while rethinking patch SLAs and risk scoring.
Mental HealthBurnout
Have We Already Had a Cognitive Pearl Harbor?
Winn Schwartau warned of a “Digital Pearl Harbor” decades ago and is now raising a more unsettling possibility: the real attack may already be underway, targeting human perception itself.
DDoSMental HealthBurnout
Security Teams Are Fighting the Wrong DDoS: The One Happening in Their Heads
Security teams have spent years trying to reduce alert fatigue, but the real bottleneck isn’t tooling, but the human brain’s inability to process the volume of information being thrown at it.
Podcasts & Video
See all
Podcast
CYBR.HAK.CAST Episode 14: Tim Medin
In this episode, hosts Michael Farnum and Phillip Wylie sit down with penetration tester and Red Siege founder Tim Medin to talk about turning attacker tactics into practical defensive wins.
Video
OT Resilience in Action: A Framework for Utilities
Podcast
CYBR.HAK.CAST Episode 13: Winn Schwartau
Winn Schwartau argues that the biggest threat facing defenders isn’t just technical, but cognitive: overwhelming information flows that push humans into “mental DDoS.” He has introduced the concept of “critical ignoring” as a prerequisite to critical thinking.
Video
Enhancing OT Cybersecurity in Maritime Environments
Video
The Executive Imperative: Acting Decisively When You Need to Defend OT
Video
Agentic AI in OT: The Ultimate Insider Threat
Video
From Static Controls to Dynamic Risk: How OT Cybersecurity Risk is Finally Becoming Actionable
Sponsored
Sponsored