Traditional security operations: CTI feeds piped into a SIEM, alerts routing into a ticket queue, and analysts triaging the resulting flood is running out of road. A new operational model is emerging in its place, and it doesn’t look much like what most security teams currently have in place.
Medin covers the evolution of penetration testing and why defenders need to stop relying solely on compliance checklists and start thinking like attackers.
In this episode, hosts Michael Farnum and Phillip Wylie sit down with penetration tester and Red Siege founder Tim Medin to talk about turning attacker tactics into practical defensive wins.
Here are several organizations and initiatives dedicated to mental health for security professionals.
Federal agencies and tech providers are accelerating AI security programs but organizations responsible for water systems, emergency services, and local government operations are struggling to keep pace. (Article includes an infographic to help security teams understand the operational challenges.)
There are many great communities out there that focus on CISOs and those who report to them. But at CYBR.SEC.Community, we've decided to build a bigger tent.
New survey results show that medical device procurement standards are tightening and budgets are growing, yet organizations are not keeping pace with threat actors as their attacks become more frequent. And the security gap between legacy and newly deployed devices isn’t closing.
Cybersecurity is more than keyboards, dashboards, and job titles. At CYBR.SEC.Community, we’re researching the broader ecosystem of roles, skills, and people that make this community work—and why that broader view should encourage more people to find their place in it.
Feeling the mental strain that is often part of working in cybersecurity? I'll admit that I am. But we're not alone, and we have allies to see us through. This post celebrates Mental Health Hackers. We will spotlight other great efforts in the community throughout the month.
Cybersecurity treats nonprofits as a single category, despite vast differences in mission, data sensitivity, and risk. From animal shelters to domestic violence services to hospitals, each faces a distinct threat landscape.
With NIST's National Vulnerability Database now triaging only a fraction of incoming CVEs, security teams must diversify beyond NVD while rethinking patch SLAs and risk scoring.
Here are just a few of the voices who inject cutting-edge insights into the community we are building.
This week's newsletter tackles the cognitive threats to cybersecurity and old thinking about identity being the "new" perimeter. Also: The disconnect between CISOs and security vendors continues.
Security pros often don’t understand why their business won’t accept certain types of solutions. Thus, they can’t articulate those problems to vendors. If both sides can't grasp why existing solutions aren’t organizationally viable, they stand no chance at building better solutions that are viable.
Dave Lewis, Global Advisory CISO at 1Password, says if you treat identity as your perimeter, you stop caring about where traffic comes from and start caring about who is asking for access, how they proved it, and what they are allowed to do. Here's how to go about it.
