FortiBleed shows why visibility matters. Also this week: CISA rewrites vulnerability management rules, enterprises struggle to understand AI usage, cybersec comms luminary Lucy Millington tackles communications overload, and more.
Featured
If you work in SecOps more noise equals more risk. The more alerts you have, the harder it is to find the ones that need immediate action. Yet in my experience, this idea of more noise being detrimental to understanding, does not stretch beyond the SOC into business communications.
Fresh analysis suggests FortiBleed is not merely a Fortinet credential exposure event but a large-scale identity compromise campaign that turns perimeter devices into launchpads for deeper attacks against Active Directory, LDAP, and internal enterprise infrastructure.
Sponsored
Community Corner
See allFrom the CYBR.SEC.Community
More Noise, More Risk: Reframing Internal Comms Overload
If you work in SecOps more noise equals more risk. The more alerts you have, the harder it is to find the ones that need immediate action. Yet in my experience, this idea of more noise being detrimental to understanding, does not stretch beyond the SOC into business communications.
We Know Reality by What Returns
A utility trusts its operating picture because measurements return in expected ranges, alarms correlate with physical events, crews report back from the field, substations behave consistently, and the model of the grid keeps meeting the grid itself. Return is how reality becomes believable.
Treat, Not Trick: The Guide to Conference Swag People Actually Want
Summer conference season in full swing, and security marketing teams are in full-on "how to we capture more mindshare" mode. Every vendor wants to hit a home run on marketing swag, but no one wants to break the bank on it. Here's your helpful guide...
Trust Is Not a Cloud Service: What Cybersecurity Can Learn from Local AI Stewards
The people on the ground often know whether that event is ordinary, suspicious, urgent, harmless, political, embarrassing, dangerous, or simply the latest chapter in a long operational story.
In Appreciation: Dr. Eric Cole
Dr. Eric Cole's cybersecurity accomplishments are legendary, but his willingness to speak openly about burnout is something that particularly resonated with me, as it is something many of us struggle to avoid.
Latest Articles
See all
Enterprise AI Security
Securing Enterprise AI Usage Goes Far Beyond Chatbots
Chatbots created data leakage concerns. Agentic AI introduces autonomous action, persistent context, and delegated decision-making, creating a new category of security and governance challenges that most organizations are only beginning to understand. (Sponsored by Harmonic Security)
Enterprise AI Security
You Don't Control AI Because You Barely See It: Why Usage Intelligence Is Becoming the Next Enterprise Security Battleground
Security teams can't govern AI they can't see. As employees adopt hundreds of AI tools, agents, and assistants, a new challenge is emerging: understanding how AI is being used inside the enterprise. (Sponsored by Harmonic Security)
Vulnerability ManagementBOD 26-04
Federal Agency or Not: How BOD 26-04 Is Coming for your Vulnerability Management Program
CISA's BOD 26-04 tells federal agencies how fast to patch. It's quietly telling everyone else the same thing: through insurance underwriting, vendor contracts, and regulatory alignment.
CVSSKEVVulnerability Management
From CVSS to KEV, CISA Rewrites Federal Patching Priorities
The agency’s new directive replaces blunt severity-driven remediation with a four-factor risk model built around internet exposure, known exploitation, automatability and system control.
BurnoutAgentic AI
AI Is Transforming Security. Burnout Is Transforming the Workforce. What It All Means
A new ISSA/Omdia study finds widespread AI adoption in cybersecurity, but security professionals say growing complexity, burnout, skills shortages, and business pressures are making the profession more challenging than ever.
OT CybersecurityCritical Infrastructure Security
Accenture's Dragos Deal Signals a New Phase in the Race to Secure Critical Infrastructure
Accenture's acquisition of a majority stake in Dragos and full ownership of runZero and NetRise reflects growing urgency across the cybersecurity industry to defend critical infrastructure against nation-state threats, particularly those attributed to China.
Mental Health
Your Biggest Security Risk: Mentally Exhausted Humans
From our first episode of CYBR.Minded: Security teams are drowning in alerts, responsibility and impossible expectations. Until recently, the industry treated it as a personal problem instead of a systemic one.
Podcasts & Video
See all
Podcast
Why AI Usage Intelligence is the Missing Layer in Enterprise AI Security with Harmonic Security CEO Alastair Paterson
In this episode of CYBR.SEC.CAST, hosts Michael and Sam sit down with Alastair Patterson, CEO of Harmonic Security, to discuss the rapid evolution of AI in the enterprise.
Video
DON’T WAIT: Engineering Outcomes Between Red Lines and Rules of Engagement
Danielle (DJ) Jablanski argues that critical-infrastructure owners must stop waiting for perfect regulation or deterrence and instead start today to map interdependencies, engineer fault-tolerant redundancy, and reduce the severity of inevitable cyber-physical impacts.
Video
Safe Use of AI in OT Environments: Gaining the Benefits without the Risk
Christopher Walcutt argues that AI can be used safely in OT environments if organizations first establish strong cybersecurity maturity, segmentation, visibility, and strict containment controls.
Video
Cyber-Informed Engineering
Cyber-informed engineering keeps OT systems safe by adding simple physical controls that prevent catastrophic failures even if digital systems are breached.
Video
Keeping your Milk Cool and your Tech Safe
Security engineer and architect Brad Voris recounts designing zero-trust controls for legacy dairy-plant systems to protect millions of gallons of milk from tampering or contamination.
Podcast
The Human Side of Cybersecurity with Bill Brenner
Why mental health, overload, alert fatigue, and human resilience are cybersecurity issues.
Podcast
There’s No Highway to the Risk Zone with John Kindervag
Michael and Phil were joined at CYBR.HAK.CON. by John Kindervag, Chief Evangelist at Illumio and creator of the Zero Trust Framework, for a wide-ranging conversation on risk vs. danger, personal resilience and the future of AI.
Sponsored
Sponsored