Every week, the cybersecurity community produces more great content than any of us could possibly read. This week's Follow Friday rounds up five pieces that stood out because they offer practical insight, fresh perspective, or a timely reminder about where our industry is headed.
Whether it's preparing for Black Hat, rethinking the lessons of FortiBleed, building resilience when life throws you a curveball, sharpening your leadership mindset or exploring how mindfulness can make us better defenders, each is well worth a few minutes of your time. My thoughts on each are below.
1. Black Hat USA 2026 Survival Guide
Author: Cris Thomas (Space Rogue)
Few, if any, are more qualified to give advice about navigating Black Hat USA 2026 than my ShmooBus brother, Space Rogue. (For two consecutive ShmooCons, including the Snowpocalypse year, he and I rode from Boston to Washington DC in an RV full of other cybersecurity friends who were attending). He has legendary status in the industry/community and has been around the world a hundred times over.
Black Hat can be overwhelming, especially for first-time attendees, and he offers a practical roadmap for getting the most value out of the week before you even arrive in Las Vegas. Rather than focusing solely on conference logistics, the guide emphasizes preparation, intentional networking, realistic scheduling, and protecting your energy throughout one of cybersecurity's busiest weeks. The underlying message is that Black Hat isn't just about collecting swag or sitting through presentations, but also about building relationships, learning strategically, and returning home with ideas you can immediately put into practice.
2. FortiBleed: What Security Teams Need to Know (and Why This Story Is Bigger Than Fortinet)
Author: Jennifer Jabbusch
It may seem redundant that I'm including this right after doing an article on it. But it's a meaty read, with more detail than I had room to publish the other day. So I'm putting it here so no one forgets to go read her full analysis.
JJ argues that FortiBleed should not be viewed as simply another vendor-specific incident. Instead, it highlights a much broader problem: organizations continue to expose critical edge infrastructure while relying too heavily on passwords and perimeter devices as security boundaries. The piece shifts the conversation away from blaming Fortinet and toward the systemic issues that allow credential theft, credential reuse, and identity compromise to become enterprise-wide risks. It's a wake-up call about identity, exposure management, and operational resilience—not just firewall security.
3. What To Do with a Curveball in Your Day
Author: Erin Shrimpton
What I like about Erin, an organizational psychologist, is that her focus is on tools and techniques to survive being human. Her insights apply to every walk of life, including those of us in the cybersecurity community.
Here, she explores what happens when an unexpected setback threatens to derail your entire day. Rather than trying to eliminate uncertainty, she encourages readers to build the psychological flexibility needed to respond constructively when plans inevitably change. Her message is that resilience isn't about avoiding curveballs, but about developing habits and perspectives that help you recover quickly, maintain perspective, and continue moving toward what matters most despite disruption.
4. To Catch a Thief: North Korea On Our Payroll
Author: Nicole Perlroth
I've asked Nicole about coming on our CYBR.SEC.CAST podcast and it's just a matter of when. We'll have to wait, because she has been busy of late working on and promoting the excellent "To Catch a Thief" series.
This post offers a sample – a reminder that cybersecurity leadership extends well beyond technical expertise. It encourages practitioners to think critically about how they approach their work, communicate with others, and continue growing in a profession defined by constant change. Rather than offering another technical deep dive, the message focuses on the mindset and professional behaviors that help security practitioners remain effective over the long term, even as the threat landscape continues to evolve.
Most importantly, it captures the humanity of the story. I look forward to doing that podcast recording soon.
5. Mindfulness & Motivation in Cybersecurity Research
Author: William Bohler
This is important for anyone who wants to do more to bolster mental health in cybersecurity. It's an invitation to participate in a survey that could eventually help lead to more tools and techniques to deal with industry burnout and all that comes with it.
