About
As Field CISO at System 2 Security, I work closely with customers to understand their…
Activity
12K followers
-
Aaron Mog shared thisSuper impressed with Alex Hurtado and the relaunch of Detection Dispatch (Alex's Version). Proud to be the first sponsor of the podcast through detections.ai. Check it out wherever you get your podcasts!Aaron Mog shared thisSo I've enjoyed the fun-employed life...but it's quite hard to sit still when you are me. A few commits to push: 1) I spun up a new podcast that is independent now. // All previous guests have been invited back to re-record, under different x my ownership. This one stays with me beyond any gig, contract work, or any company shift. I honestly owe it to Sydney Marrone for the name that was born at BSidesSF after hanging out back to back weeks at multiple cons. How did I do the DE life without you before?? never again! 2) John Hammond is my first guest and I still don't know how that happened. // Been watching John's content for YEARS so this was a full-circle moment for me. I mean who hasn't tuned in to his live streams, watched him break open malware, and gotten smarter just from his commentary alone? You know the saying "never meet your heroes"? Couldn't be more wrong. We met at BSides and he's the most fantastic human ever. We agreed to collab and recorded this episode when we got back... after a week that did not give us a break (#mythos, #axios, #clickfix). This podcast couldn't have launched in a better way. It is now streaming on Spotify, Apple, YouTube, and YouTube Podcasts. 3) I joined Scanner to build out their detection library and they're sponsoring the production. // I get to build a detection content library and document the journey along the way. They introduced me to Darren Wong & Kathy Tieu who did amazing work bringing the vision to life..Thank you for the opportunity x trust in building out a DE program on top of your data lake, and for this amazing gift of the production to my own pod. Cliff Crosland 4) detections.ai sponsored the first 5 episodes. // Sponsorship rule from day one: if a partner can't bring real, useful value to the audience, it's likely not going to happen. Search "ClickFix" on detections.ai and you'll pull 200+ detections you can use the day you hear the episode for free. Natural fit. That's pretty much the bar as far as sponsoring goes moving forward. 5) I'm hosting this year's DEATHCon in #Chicago. // We've got a venue that goes hard. The workshop CFP is open right now! If you've been sitting on a hands-on session you've wanted to teach, we want to know about it. Ticket sales open soon...set a reminder to check the site for July 7th. Fly in if you must. #Chicago in the summer is UNMATCHED. The intro to the pod gives you a sneak preview of the venue. cc: Randy Pargman The through-line on all five: ownership, community, value-add. Same bet I've been making for a while. Just doing it on my terms now. Sorry in advanced to the folks I may trigger with it...Being the diehard swiftie that I am, it was just too good to pass up. Available now to listen wherever you get your podcasts ⬇️
-
Aaron Mog shared thisIt was great to be back at Retail & Hospitality ISAC Summit. Always amazing to see this community working together to solve some pretty big challenges facing their industry. Seeing our advisors Michael Francess & Matt B. in person, talking to everyone about what we are building at detections.ai and hanging out with Tim Peck and Caroline Matz were the highlights of my week (also Austin BBQ and Chicken).Aaron Mog shared thisWhat a week in Austin! The RH-ISAC Summit brought together some of the most dedicated professionals in retail and hospitality cybersecurity, and we were honored to be part of it. Great conversations, genuine connections, and sessions that gave us plenty to think about - this is exactly the kind of community that makes our space stronger. Grateful for every interaction and looking forward to carrying these insights forward! Tim Peck, Aaron Mog, Caroline Matz – on to the next! See you, Black Hat Asia!
-
Aaron Mog reposted thisAaron Mog reposted this𝗕𝗹𝗮𝗰𝗸 𝗛𝗮𝘁 𝗔𝘀𝗶𝗮 𝟮𝟬𝟮𝟲: 𝗧𝗵𝗲 𝗔𝗜 𝗔𝗿𝗺𝘀 𝗥𝗮𝗰𝗲 — 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴 𝗮𝘁 𝗠𝗮𝗰𝗵𝗶𝗻𝗲 𝗦𝗽𝗲𝗲𝗱 Excited to share that detections.ai will be hosting a sponsored workshop at Black Hat Asia 2026 in Singapore! 📅 𝗗𝗮𝘁𝗲 & 𝗧𝗶𝗺𝗲: Thursday, April 23, 2026, 10:30 AM – 12:00 PM 📍 𝗩𝗲𝗻𝘂𝗲: Peony Main Ballroom: 4405 & 4406 In this session, our 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿 𝗼𝗳 𝗧𝗵𝗿𝗲𝗮𝘁 𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵, Tim Peck, will dive into how adversaries are weaponizing AI—and how defenders can respond with detection engineering at machine speed. Key takeaways you can expect: ⚡ 𝗥𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝗰𝗮𝘀𝗲 𝘀𝘁𝘂𝗱𝗶𝗲𝘀 of AI-driven threats and compromises 🛡️ 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗹𝗼𝗴𝗶𝗰 𝗮𝘁 𝘀𝗰𝗮𝗹𝗲: writing, testing, and deploying rules faster than attackers innovate 🤝 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝘁𝘆-𝗱𝗿𝗶𝘃𝗲𝗻 𝗱𝗲𝗳𝗲𝗻𝘀𝗲: why collaboration across SecOps, researchers, and vendors is critical 👉 If you’re attending 𝗕𝗹𝗮𝗰𝗸 𝗛𝗮𝘁 𝗔𝘀𝗶𝗮 𝟮𝟬𝟮𝟲, make sure to join us for this workshop. Let’s explore how we can turn the AI arms race into an opportunity for stronger, smarter defense.🫡 #BlackHatAsia2026 #DetectionEngineering #Cybersecurity #AI #detectionsai
-
Aaron Mog shared thisYou couldn't ask for a better team then getting to work with Michael Francess and the Wyndham Hotels & Resorts folks. If you're looking for a SOC Role (Remote!) - give this a look...Aaron Mog shared thisI do not post here often, but I have three open roles on my team that are worth sharing: Cybersecurity Operations Engineer (Full-Time) - This is a SOC-anchored role with broad exposure across detection engineering, incident response, vulnerability management, and cloud security. We run a modern tool stack and expect curiosity across disciplines, not narrow expertise. Great fit for someone with 1-3 years of hands-on experience who wants room to grow. https://lnkd.in/e6Rudy7X Application Security Analyst (Contract, x2 positions, through September) - Looking for two well-rounded AppSec contractors. Key focus areas: secure code review, site reliability, and WAF experience. These are not posted on our careers site, so reach out directly if interested.
-
Aaron Mog reposted thisAaron Mog reposted thisWe had an incredible time hosting DetectCon After Dark during #RSAC 🍸 From connecting on the Expo floor to bringing the community together after hours at Starlite with Abstract, last week was everything we love about cybersecurity—smart conversations, shared ideas, and a lot of fun along the way. It was especially great to catch up with familiar faces, meet new ones, and swap detection engineering stories over drinks. A huge thank you to everyone who joined us—we loved having you there. If we missed you, we’ll be at RH-ISAC in Austin next month. See you soon 👀
-
Aaron Mog shared thisIt had been a couple year (pre-covid) since I threw a RSA party. Even though the show has changed over the years, it's still full of amazing security professionals trying to do better. In the vendor-AI-swag-hype haze, it's easy to forger that. We had a lot of fun hosting the detections.ai and Abstract sponsored DetectCon After Dark. Big thanks to Caroline Matz and Jill Pescosolido. Behind every great party, there are always people doing a ton of work to make it fun for everyone else. Appreciate everyone coming up to hang out with us.
-
Aaron Mog posted thisLooking forward to RSA next week. We are having our party on Wednesday night at Starlite (near the hotels in Union Square). Everyone is invited to come by and say hello. It's a very cool spot with rooftop views of SF. We are also appreciative of our co-sponsor Abstract and the always helpful Chris Camacho. Please register and we will see you next week... https://luma.com/v8uxohju
-
Aaron Mog reposted thisAaron Mog reposted thisDetectCon Denver did not disappoint. 🏔️ An incredible turnout, great conversations, and a room full of detection engineers sharing ideas on how to stay ahead in the AI arms race. From hands-on sessions to happy hour debates about detections, it was a blast. Next stop: Arizona. 🌵 We’ll be in Scottsdale tomorrow to do it all again. Where should DetectCon go next? 👀 Special shoutout: Tim Peck, Aaron Mog and Aaron Beardslee for the exceptional content!
-
Aaron Mog reposted thisAaron Mog reposted thisLast week’s DetectCon workshops were an absolute blast. 🔥 From hands-on builds to real conversations about the future of detection engineering, the energy in the room was next level. Huge thank you to everyone who showed up, shared ideas, and made it what it was. Special thanks to our speakers- Aaron Mog, Tim Peck, Aaron Beardslee, and Robert Fly! And we’re just getting started. We’re bringing the series to Denver and Scottsdale next week — and trust us, you’ll want to be there. If you’re in the Mile High City or the Arizona desert, keep your eyes peeled… registration is open. 👀
-
Aaron Mog liked thisAaron Mog liked thisThe fundraising market today feels very much like haves vs have nots A lot of objectively good companies can’t raise while a small subset of companies can raise infinite capital (some with relatively no revenue) The difference is rarely just the absolute numbers anymore - in my 10 years in venture, the amount of ARR needed to raise has never been less clear Today, it's pace, momentum, narrative, and whether investors believe you can become a category-defining company Specific things I'm noticing from pitches that founders are getting wrong: - A lot of founders frame themselves defensively - "here's why we deserve to exist" vs. "here's why we own this market" - Your big vision is everything - it's not just a slide in the deck; I'd argue more founders would have success raising by articulating their vision more clearly (maybe not even using the deck?!) - Absolute traction matters, but momentum / slope matters more - $0 → $500K ARR in 2 months is more compelling than $0 → $2M ARR in a couple years - AI competition is much more intense than prior platform shifts - how defensible your position is vs. the major labs can't be an afterthought The fundraising market is rewarding companies that sound inevitable even if they're early and haven't proven anything yet - more founders need to rethink their pitch / raise strategy for that reality
-
Aaron Mog liked thisAaron Mog liked thisCTI finally got its Magic Quadrant. Long overdue. And the chart is going to create some interesting hallway conversations. CTI has always been a hard category to evaluate. One buyer wants adversary intelligence. Another wants vulnerability intelligence. Another wants dark web collection, fraud intelligence, brand protection, takedowns, geopolitical reporting, detection content, or analyst support. Sometimes the same buyer wants all of it. That is what makes CTI important. It is also what makes vendor comparisons difficult. I have seen this from both sides. As a practitioner, the only question that mattered was simple: Does this help my team make better decisions? On the vendor side, I saw how hard it is to deliver that answer consistently across source access, analyst tradecraft, integrations, workflows, reporting, and customer-specific requirements. So while everyone debates the placements, the bigger takeaway is the market shift. CTI is moving from “tell me what is happening” to “help me do something about it.” That means less emphasis on feeds, portals, PDFs, and indicators dumped into a SIEM. More emphasis on actual operational outcomes. Better detections. Better prioritization. Faster takedowns. Less noise. More context where the SOC already works. That is the next chapter. Now the market has to prove intelligence actually gets used. Where many CTI investments struggle is operationalization. Is the problem the product, the process, or the people?
-
Aaron Mog liked thisAaron Mog liked this2 type As meet to talk about their detection engineering claude setup when it works when it doesn't. Had the best time talking shop with you Hayden Covington for episode two of #DetectionDispatch (Alex's Version). Topics: We got into the full DE lifecycle loop, how to stay in the loop by keeping sharp on the fundamentals so you don't get Claude'd out, keeping a sharp eye for CTI vendor blogs, and why it's probably time to setup canaries so you know when your rules quietly stop firing. Hayden does D&R at Black Hills Information Security and teaches at Antisyphon Training (I'm sorry I kept saying this wrong!!) He's even got documentation setup on his home lab. new episode is live, link in comments 👇
-
Aaron Mog liked thisAaron Mog liked thisAfter 9 years at Amazon, I’ve decided it’s time for me to move on. It’s been a big part of my life. Not always easy, but definitely meaningful. I learned a lot, grew a lot, and worked with some really great people along the way. Pretty sure it’s going to take me a while to forget all the internal links and tools that are basically muscle memory at this point 😄 Grateful for this chapter. On to the next one..
-
Aaron Mog liked thisCharlie is #hiring an intern for our CTI team. Know anyone who might be interested?
-
Aaron Mog liked thisExcited to announce S Ventures has invested in XBOW's Series C. Attackers now operate with the ultimate sidekick: autonomous, non-deterministic agents. Human-led pentesting can't keep up. XBOW replaces manual, episodic pentests with autonomous AI agents that continuously test live systems, validate true exploitability, and produce near-zero false positives with speed and magnitude. This aligns with SentinelOne's belief that offensive security is foundational to defense. Our AI Red Team is already using XBOW to test faster and find more. Congrats to Oege de Moor, Nico Waisman, Jordan McTaggart and the entire XBOW team. Proud to partner alongside DFJ Growth, Northzone, Sequoia Capital, Altimeter, and NFDG. 🚀 🔗 Read the blog here: https://lnkd.in/ekXx-Csj More in the comments.
-
Aaron Mog liked thisAaron Mog liked thisSpent the weekend at the Miami Grand Prix. What stood out most was how many people from the cyber industry were there. Walking through the paddock, I kept running into vendors, partners, customers, and friends. Caught up with Kevin Tian and Mike Ferrari from Doppel. Spent time with Joe Kim from Squadra Solutions, our partner and longtime friend. Connected with the Cyera crew. Saw tech partners and customers I’ve worked with for years. It makes sense. F1 is built on speed, strategy, engineering, and execution. Milliseconds matter. Decisions get made fast. The car only goes as far as the team behind it. That’s our world too. Kimi Antonelli took the win for Mercedes. George Kurtz now sits alongside Toto with an ownership stake and CrowdStrike on the livery. I’m a McLaren Racing fan, but it’s hard not to respect how much cyber has shown up in this sport. Cyber has earned its seat in the paddock.
-
Aaron Mog liked thisAaron Mog liked thisOK, I spent two focused (and very long) days building my own endpoint malware detection tool. I call her Ava ("Anti‑Virus & AI agent") because every good security product deserves a name that sounds like it could also pilot a spaceship. She’s lightweight. She’s fast. And as the screenshot proves, she already has more settings than some commercial tools I’ve paid for. Ava currently checks for: • VirusTotal Integration: and others, because why stop at one • CVE/CERT Intelligence: straight from NVD, no middleman • Rogue AI Model Detection: catching backdoored or poisoned ML models (yes, I built my own ML for this…my brilliant friend, @yuting would call it kindergarten ML) • Threat Scoring: a brutally honest 0–100 “how bad is this?” rating Compared to Microsoft Defender, she’s missing a few things… like cloud analytics and, you know, a decade of engineering investment. Compared to CrowdStrike, she’s missing… well, CrowdStrike. So what? If I can build a “back‑of‑the‑napkin” endpoint malware detection tool in two days, what happens when enterprises and governments start doing the same? Do they keep buying from Microsoft, CrowdStrike, Palo Alto Networks, etc., or do they start rolling their own IAM, Endpoint, SIEM, and everything else? With AI dropping the cost of software creation, will organizations start building instead of buying? Innovation has to start somewhere, even if it starts with Ava, my scrappy little security agent who somehow already judges my Downloads folder. And no…I’m not getting rid of Defender today. ☺️
-
Aaron Mog liked thisAaron Mog liked thisJob Opening at RH-ISAC Intel Team! Note: primarily what we want is knowledge of MISP. Not a lot of years xp or education required, but we need someone who knows MISP well. Junior Cyber Threat Intelligence Analyst Vienna, VA, US Salary Range: $70,000.00 To $90,000.00 Annually The cyber threat intelligence analyst will report to the executive director of intel operations and is responsible for supporting the administration and maintenance of the ISAC’s technical threat intelligence sharing environment (MISP), intelligence vetting, categorization, tagging, enrichment, and analysis of member-shared cyber threat intelligence (CTI) and other threat intel source data. The analyst in this position is required to be an active participant in CTI collaboration and relationship engagement with RH-ISAC member analysts and their teams and will also support tool and capabilities development, analytical production, and other ISAC activities designed to enhance the security and risk posture of RH-ISAC member companies and the effectiveness of their cyber security and risk management teams. This role is well-suited for a CTI analyst looking to build hands-on experience operating a threat intelligence platform in collaborative ISAC environment.
Experience
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Recommendations received
-
LinkedIn User
7 people have recommended Aaron
Join now to viewOther similar profiles
Explore more posts
-
Dan Ricci
Good morning! Here is this week's ICS Advisory, Other CERT, and Vendor vulnerability advisories weekly summary for 23 - 27 February 2026. This past week, CISA released 12 new CISA ICS Advisories for the following vendors: Copeland, InSAT, CloudCharge, EV Energy, Chargemap, SWITCH EV, Mobility46, EV2GO, Gardyn, Johnson Controls, Inc. Pelco, Inc. and Schneider Electric. One update was released this past week for Honeywell Schneider Electric, Mitsubishi Electric, Hitachi Energy, ICONICS and Mitsubishi Electric. Based on the new CISA advisory, #Energy, #TransportationSystems, #Commercial #Facilities, #Healthcare and #PublicHealth, #Defense #Industrial Base, #Food and #Agriculture, Critical #Manufacturing, #Government #Facilities, #Financial #Services, #InformationTechnology, #Water and #WastewaterSystem are the potentially affected critical infrastructure (CI) sectors. The ICS Advisory Project identified 16 new ICS Advisories for Festo, ARC Informatique, Moxa, Phoenix Contact, ABB, Bosch Rexroth, Hitachi Energy, Ubiquiti Networks, Trumpf, PDUexperts, Socomec and one update for Hitachi Energy. View the summary details of other CERT & Vendor product advisories identified last week (23 - 27 February 2026) at: https://lnkd.in/efKiMsxs This past week, CISA added 3 new Known Exploited Vulnerability (KEV) Catalog. None added this week correlated to a CISA ICS Advisory. ICS Advisory Project identified one CVE: CVE-2020-11023 – JQuery Cross-Site Scripting (XSS) Vulnerability listed in the Festo advisory for CODESYS vulnerabilities in Festo Automation Suite [VDE-2025-108]. This week, ICS Advisory Project, powered by Industrial Data Works LLC, in collaboration with EmberOT, released our 2024–2025 ICS/OT Vulnerability Intelligence Report. Check it out at: https://lnkd.in/ehG4DNPs Thank you all at EmberOT for your amazing support in getting this report out this year. Acknowledgement: Thank you Mikael Vingaard at the ICSRange for sharing with ICS[AP] the new ICS Advisory for PDUexperts. Visit the ICS[AP] CISA KEV Catalog Dashboards: https://lnkd.in/emzXBbBw View previous ICS Advisory Project weekly summaries: https://lnkd.in/eQKxhAEi To view the updated ICS Advisory Project Dashboards, visit: icsadvisoryproject.com Sign up to receive ICS[AP] Weekly Summary Slides & Other CERT and Vendor Advisory Summaries via email every Monday https://lnkd.in/eUwQrrj4 I appreciate everyone's comments & support. Have a great week! #CISA #ot #ics #otsecurity #icssecurity #cybersecurity #cybersecurityawareness #industrialautomation #buildingautomation #oilandgas #maritime #vulnerabilitymanagement Disclaimer: The views expressed in my LinkedIn posts and profiles are my own, not those of my employers or LinkedIn.
-
Deura Information Security Consulting LLC | InfoSec leadership on demand
🔍 **Can Burp Suite Pro find smart contract vulnerabilities?** Short answer: **Not directly — and that distinction matters.** Burp Suite Pro is excellent at testing **Web3 front-ends, APIs, and wallet interactions**. It can uncover broken authentication, parameter tampering, insecure APIs, and flawed transaction construction. But when it comes to **actual smart contract vulnerabilities**—like reentrancy, access control failures, logic flaws, or gas abuse—Burp simply isn’t built for that job. That’s where many teams get it wrong. Our latest blog explains **where Burp Pro fits in a smart contract security program — and where it doesn’t**. More importantly, it shows why relying on a single tool creates blind spots that attackers are happy to exploit. 👉 Read the full breakdown here: [https://lnkd.in/gzFsWzry) At **DISC InfoSec**, we help organizations design **end-to-end security strategies**—covering Web apps, APIs, cloud, and emerging technologies like blockchain and smart contracts. Whether it’s tool selection, secure architecture reviews, or governance-driven risk assessments, we focus on **real risk reduction**, not tool theater. 💡 **Security isn’t about the tool you run — it’s about the risks you understand and manage.** 🔗 DISC InfoSec — Practical security. Real assurance. [https://lnkd.in/gEufQ9aq](https://lnkd.in/gEufQ9aq) If you’re building or assessing Web3 platforms and want clarity on **what to test, how to test it, and which tools actually matter**, let’s talk. https://lnkd.in/g6NA67d4 #CyberSecurity #Web3Security #SmartContracts #BlockchainSecurity #BurpSuite #AppSec #PenTesting #RiskManagement #InfoSec #DISCInfoSec #SecurityStrategy #vCISO
-
SofTECH
🔍 **Can Burp Suite Pro find smart contract vulnerabilities?** Short answer: **Not directly — and that distinction matters.** Burp Suite Pro is excellent at testing **Web3 front-ends, APIs, and wallet interactions**. It can uncover broken authentication, parameter tampering, insecure APIs, and flawed transaction construction. But when it comes to **actual smart contract vulnerabilities**—like reentrancy, access control failures, logic flaws, or gas abuse—Burp simply isn’t built for that job. That’s where many teams get it wrong. Our latest blog explains **where Burp Pro fits in a smart contract security program — and where it doesn’t**. More importantly, it shows why relying on a single tool creates blind spots that attackers are happy to exploit. 👉 Read the full breakdown here: [https://lnkd.in/gzFsWzry) At **DISC InfoSec**, we help organizations design **end-to-end security strategies**—covering Web apps, APIs, cloud, and emerging technologies like blockchain and smart contracts. Whether it’s tool selection, secure architecture reviews, or governance-driven risk assessments, we focus on **real risk reduction**, not tool theater. 💡 **Security isn’t about the tool you run — it’s about the risks you understand and manage.** 🔗 DISC InfoSec — Practical security. Real assurance. [https://lnkd.in/gEufQ9aq](https://lnkd.in/gEufQ9aq) If you’re building or assessing Web3 platforms and want clarity on **what to test, how to test it, and which tools actually matter**, let’s talk. https://lnkd.in/g6NA67d4 #CyberSecurity #Web3Security #SmartContracts #BlockchainSecurity #BurpSuite #AppSec #PenTesting #RiskManagement #InfoSec #DISCInfoSec #SecurityStrategy #vCISO
-
InfoSecAdvisor | InfoSec leadership on demand | CyberSecurity solutions through mentorship
🔍 **Can Burp Suite Pro find smart contract vulnerabilities?** Short answer: **Not directly — and that distinction matters.** Burp Suite Pro is excellent at testing **Web3 front-ends, APIs, and wallet interactions**. It can uncover broken authentication, parameter tampering, insecure APIs, and flawed transaction construction. But when it comes to **actual smart contract vulnerabilities**—like reentrancy, access control failures, logic flaws, or gas abuse—Burp simply isn’t built for that job. That’s where many teams get it wrong. Our latest blog explains **where Burp Pro fits in a smart contract security program — and where it doesn’t**. More importantly, it shows why relying on a single tool creates blind spots that attackers are happy to exploit. 👉 Read the full breakdown here: [https://lnkd.in/gzFsWzry) At **DISC InfoSec**, we help organizations design **end-to-end security strategies**—covering Web apps, APIs, cloud, and emerging technologies like blockchain and smart contracts. Whether it’s tool selection, secure architecture reviews, or governance-driven risk assessments, we focus on **real risk reduction**, not tool theater. 💡 **Security isn’t about the tool you run — it’s about the risks you understand and manage.** 🔗 DISC InfoSec — Practical security. Real assurance. [https://lnkd.in/gEufQ9aq](https://lnkd.in/gEufQ9aq) If you’re building or assessing Web3 platforms and want clarity on **what to test, how to test it, and which tools actually matter**, let’s talk. https://lnkd.in/g6NA67d4 #CyberSecurity #Web3Security #SmartContracts #BlockchainSecurity #BurpSuite #AppSec #PenTesting #RiskManagement #InfoSec #DISCInfoSec #SecurityStrategy #vCISO
-
Ran Nahmias
Big Story here, in my opinion: The group responsible for cybersecurity information sharing across state lines is hemorrhaging funds, and its operator is in emergency funding mode. It’s hard to overstate the importance of basic information-sharing in cybersecurity. When the name of the game is prevention, siloed state agencies rely on threat detection and vulnerability research services from their peers around the country, shared via open lines of communication. https://lnkd.in/gfwFgaiR
-
Thomas LaFayette
The document is primarily meant for federal agencies, but CISA hopes businesses will also use it to push vendors for software bills of materials. The Cybersecurity and Infrastructure Security Agency (CISA) has updated its recommendations for the minimum features of a software bill of materials (SBOM), the latest step in the agency’s campaign to encourage transparency in the software market. “The updates and additions included in this document will better position Federal Government agencies and other SBOM consumers to address a range of use cases, understand the generation process, and improve data quality,” CISA said in the new publication, which it released on Thursday. #confidentialcomputing #PQCReadiness #CBOM #KeyInsight #DataSecurityManager #ArmetAI #GRC #TPRM #CodeSigning #Tokenization
-
Adam Shnider
✴️ 10 years. That’s the offline retention requirement CMS is now pointing to for business audit records, tied to 45 CFR §155.1210 guidance. This isn’t just “keep logs longer.” It’s “design your environment to retain, protect, and produce records on demand.” Ian Walters Principal at Coalfire explains the v1.04 updates and how to get ahead of them. 👉 Read now: https://ow.ly/hXzZ50XVCiw #Healthcare #RegulatoryCompliance #GRC #Cybersecurity #Audit
-
COFENSE
Heading to FutureCon CyberSecurity Events Milwaukee this week? Don't miss Cofense's own Joshua Bartolomie, as he presents "From OSINT to Compromise: The AI Phishing Attack Pipeline.” His 10:30 AM session will cover: 1️⃣ How adversaries turn your OSINT into personalized, polymorphic phishing emails that bypass traditional security. 2️⃣ Real-world examples of AI-generated attacks that have hit enterprise inboxes. 3️⃣ Actionable strategies to reduce your digital footprint and mitigate these advanced threats. While there, visit the Cofense booth to meet our team and learn how to strengthen your phishing defense program. See you soon!
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content