If you work in SecOps more noise equals more risk. The more alerts you have, the harder it is to find the ones that need immediate action. Yet in my experience, this idea of more noise being detrimental to understanding, does not stretch beyond the SOC into business communications.
Fresh analysis suggests FortiBleed is not merely a Fortinet credential exposure event but a large-scale identity compromise campaign that turns perimeter devices into launchpads for deeper attacks against Active Directory, LDAP, and internal enterprise infrastructure.
Chatbots created data leakage concerns. Agentic AI introduces autonomous action, persistent context, and delegated decision-making, creating a new category of security and governance challenges that most organizations are only beginning to understand. (Sponsored by Harmonic Security)
From the CYBR.SEC.Community
If you work in SecOps more noise equals more risk. The more alerts you have, the harder it is to find the ones that need immediate action. Yet in my experience, this idea of more noise being detrimental to understanding, does not stretch beyond the SOC into business communications.
A utility trusts its operating picture because measurements return in expected ranges, alarms correlate with physical events, crews report back from the field, substations behave consistently, and the model of the grid keeps meeting the grid itself. Return is how reality becomes believable.
Summer conference season in full swing, and security marketing teams are in full-on "how to we capture more mindshare" mode. Every vendor wants to hit a home run on marketing swag, but no one wants to break the bank on it. Here's your helpful guide...
The people on the ground often know whether that event is ordinary, suspicious, urgent, harmless, political, embarrassing, dangerous, or simply the latest chapter in a long operational story.
Dr. Eric Cole's cybersecurity accomplishments are legendary, but his willingness to speak openly about burnout is something that particularly resonated with me, as it is something many of us struggle to avoid.
AI Usage Intelligence
Security teams can't govern AI they can't see. As employees adopt hundreds of AI tools, agents, and assistants, a new challenge is emerging: understanding how AI is being used inside the enterprise. (Sponsored by Harmonic Security)
Vulnerability ManagementBOD 26-04
CISA's BOD 26-04 tells federal agencies how fast to patch. It's quietly telling everyone else the same thing: through insurance underwriting, vendor contracts, and regulatory alignment.
CVSSKEVVulnerability Management
The agency’s new directive replaces blunt severity-driven remediation with a four-factor risk model built around internet exposure, known exploitation, automatability and system control.
BurnoutAgentic AI
A new ISSA/Omdia study finds widespread AI adoption in cybersecurity, but security professionals say growing complexity, burnout, skills shortages, and business pressures are making the profession more challenging than ever.
OT CybersecurityCritical Infrastructure Security
Accenture's acquisition of a majority stake in Dragos and full ownership of runZero and NetRise reflects growing urgency across the cybersecurity industry to defend critical infrastructure against nation-state threats, particularly those attributed to China.
Mental Health
From our first episode of CYBR.Minded: Security teams are drowning in alerts, responsibility and impossible expectations. Until recently, the industry treated it as a personal problem instead of a systemic one.
AI and Zero Trust
Cybersecurity has been built around a simple equation: risk equals probability multiplied by impact. John Kindervag, creator of the Zero Trust Framework and chief evangelist at Illumio, says the equation assumes something defenders rarely possess: a reliable way to calculate probability.
Podcast
In this episode of CYBR.SEC.CAST, hosts Michael and Sam sit down with Alastair Patterson, CEO of Harmonic Security, to discuss the rapid evolution of AI in the enterprise.
Video
Danielle (DJ) Jablanski argues that critical-infrastructure owners must stop waiting for perfect regulation or deterrence and instead start today to map interdependencies, engineer fault-tolerant redundancy, and reduce the severity of inevitable cyber-physical impacts.
Video
Christopher Walcutt argues that AI can be used safely in OT environments if organizations first establish strong cybersecurity maturity, segmentation, visibility, and strict containment controls.
Video
Cyber-informed engineering keeps OT systems safe by adding simple physical controls that prevent catastrophic failures even if digital systems are breached.
Video
Security engineer and architect Brad Voris recounts designing zero-trust controls for legacy dairy-plant systems to protect millions of gallons of milk from tampering or contamination.
Podcast
Why mental health, overload, alert fatigue, and human resilience are cybersecurity issues.
Podcast
Michael and Phil were joined at CYBR.HAK.CON. by John Kindervag, Chief Evangelist at Illumio and creator of the Zero Trust Framework, for a wide-ranging conversation on risk vs. danger, personal resilience and the future of AI.
