Reflecting on CyberMarketingCon
Presenting live at CyberMarketingCon was an energizing experience, especially seeing how much more dynamic the conversation with David Ebder became on stage compared to our practice sessions. The audience’s engagement and thoughtful questions reinforced just how powerful live discussions can be.
Off the Mic: Cloud Security Can’t Be an Afterthought
Cloud security isn’t just about adding tools—it’s about making them work together. This week, Off the Mic dives into the shift toward prevention-first security, new CISA vulnerabilities, MFA bypass tactics, and the latest cyber threats shaping the landscape.
Are You Leaving the Backdoor Open for Hackers?
What Caught My Attention This Week?
China Breaches U.S. Treasury: A stark reminder of the dangers lurking in supply chain vulnerabilities.
AI Deepfakes Target Elections: Sanctions reveal how Russia and Iran weaponize disinformation campaigns.
Chrome Extensions Compromised: Trusted tools turned into silent data thieves by hackers.
And on Threat Vector this week, I had a conversation with Margaret Kelly about the hidden dangers of cloud misconfigurations. From loose permissions to exposed infrastructure, we explored how these gaps are a dream for nation-state attackers like those behind the Treasury breach. This is a reminder that fixing your cloud is no longer optional—it’s urgent.
Are EVs Worth the Hype? My Experience with the Mustang Mach-E
Is switching to an EV really worth it? After leasing the Mustang Mach-E, I’ve discovered how this sporty electric SUV redefines convenience, fun, and practicality. From home charging to exhilarating acceleration, here’s what makes the Mach-E a game-changer—and where it still has room to improve.
What Happens When Cyber Hygiene Fails?
What happens when cyber hygiene fails? Businesses face breaches, data loss, and sometimes devastating financial fallout—all because of overlooked basics like updates, strong passwords, and multi-factor authentication.
Cybercriminals thrive on these gaps, turning simple mistakes into major crises. But it doesn’t have to be this way. By mastering a few foundational habits, individuals and organizations can turn the tables and build resilience against even the most sophisticated attacks.
North Korean Hackers Master the Art of Invisibility
What Caught My Attention This Week?
Unit 42 revealed Silent Skimmer
Germany’s New Law: A Win for Security Researchers
Snowflake Data Breach Arrest
And on Threat Vector this week, I had a conversation with Assaf Dahan about what makes North Korean hackers a cyber force to be reckoned with. Their motivations go beyond financial gain to include sabotage, espionage, and political influence.
Iran’s Cyber Arsenal Blends Deepfakes with Disruption
Kyle Wilhoit and Michal Goldstein join me on Threat Vector to discuss how adaptive, intelligence-led incident response is key to tackling hybrid threats like deepfakes, doxing, ransomware, and stealthy espionage campaigns. From Iran’s disinformation playbook to China’s prolonged intrusions, war rooms must be ready for it all. Plus, Macron’s Strava leak highlights the privacy risks of location-tracking apps.
Crisis Leadership Secrets to Survive Cyber Chaos
Crisis Tips from Chris Scott
Decisiveness, drills, and transparency are vital as SEC penalties highlight the cost of secrecy.
Microsoft Rootkit Risk
A driver flaw opens systems to stealthy rootkits. Monitor kernel activity.
SolarWinds Fines Warn CISOs
SEC penalties stress the need for honest breach disclosure.
Crackdown on Disinfo Domains
Senator Warner targets Russian-linked sites, increasing scrutiny on registrars.
Inside Threat Vector’s Bold Conversations on IoT, XDR, and Quantum Security
This week, Unit 42 exposed "Deceptive Delight," a method for bypassing AI safeguards by embedding harmful prompts in harmless ones, underscoring the need for stronger AI defenses. Meanwhile, Lumma Stealer malware is bypassing CAPTCHAs to steal sensitive data, and Bumblebee malware has resurfaced, more dangerous and harder to detect, highlighting the urgency of robust ransomware defenses. On Threat Vector, I had thought-provoking conversations with Dr. Daniel Ford on cyber hygiene, Dr. May Wang on IoT security, and Allie Mellen from Forrester on XDR, offering fresh insights into evolving cyber challenges.
Why Education Can’t Afford to Wait on Cybersecurity
In the ever-evolving landscape of cybersecurity, educational institutions face unique challenges. From limited budgets to the expansive attack surfaces created by remote learning, schools are increasingly vulnerable to cyber threats. In the latest episode of Threat Vector, I sat down with Mike Spisak, a seasoned cybersecurity expert, to explore these challenges and uncover practical strategies for schools to enhance their security posture.
Why Your Identity Is the Only Perimeter That Matters
In a recent episode of Threat Vector, I spoke with Jamie Fitz-Gerald, Sr. Director of Product Management at Okta, about the crucial role of identity security in the hybrid work era. With employees accessing resources from various locations, identity has become the new perimeter, necessitating robust controls like multifactor authentication (MFA) and passwordless authentication. Jamie emphasized that identity is the cornerstone of a zero trust security strategy, where every user, device, and application is verified before access is granted. He also highlighted emerging trends like phishing-resistant authentication and identity proofing as vital tools in the fight against cyber threats. Tune in to the full interview to learn more about Jamie's insights and the future of identity security.
Insights into the Evolution of Cyber Conflict and Defense Strategies
In the latest episode of Threat Vector, I had the privilege of watching Michael Sikorski, CTO of Unit 42, and Jason Healey, Senior Research Scholar at Columbia University, dive deep into the evolution of cyber conflict and defense strategies. Their discussion highlighted the need for innovation and collaboration to outpace threat actors. Key takeaways include the importance of evolving defense tactics and using outcome-based metrics to measure success. This episode is a must-listen for cybersecurity leaders looking to make a real impact and secure our digital future.
My Work From Home Office
What do you need to succeed as a WFH employee? Discipline, maturity, a company that has the connectivity tools to allow it, sure. And a bit of kit doesn't hurt. This is an ongoing entry as I document my remote work setup, my command center, if you will. I started working remotely full-time in April of 2011 as part of the amazing team at Cynergy. After that, I worked remotely at Salesforce as a leader of a global team. I returned to the office in the early days of my tenure with IBM, but when the pandemic sent the world home, I returned to the efficiency and rhythm of remote work. I am now a remote employee with Palo Alto Networks. Over more than a decade, I have logged what works or doesn't for me, and this is where I share my thoughts on the topic.
Unpacking Congressional Testimony on Ransomware Attacks and Cyber Defense
This post features takeaways from an episode of Threat Vector with Sam Rubin, VP and global head of operations at unit 42, discussing his testimony to Congress on the evolving sophistication and speed of ransomware attacks, the changing tactics of threat actors, and the impact on sectors like education, healthcare, and government. The conversation also emphasizes the importance of public-private partnerships in combating cyber threats, the impact on strengthening collaborations, and the significance of preparing the cyber workforce for the future.