Abhinav Singh

It’s clear the authors of this framework have real hands-on experience with detection-as-code and the realities of detection use cases. I really appreciate how they emphasize not just building rules, but tying them to actual threat intelligence and managing configuration drift. It’s a solid, practical read for anyone serious about improving their detection quality. Kudos to the authors for sharing these grounded insights!

9

1 Comment

Here’s a pattern I’m seeing more often: More sites. More assessments. More reporting expectations. Same headcount. Security teams are being asked to scale output without scaling structure. So what happens? Assessments become episodic. Reporting takes too long. Prioritization becomes subjective. And leaders spend more time translating risk than reducing it. This isn’t a capability issue. It’s an architecture issue. At some point, physical security has to operate with the same operational discipline as finance and IT. Otherwise it stays in permanent catch-up mode. For security people overseeing medium to large portfolios (20+ sites): What’s currently your biggest bottleneck volume, visibility, or validation? And why do you think this is?

5

1 Comment

GOI's Sanchar Saathi app asking for torch-light access is a collapse of the Principle of Least Privilege. A SIM-fraud checker needing hardware illumination is not modern security practice, it is an unnecessary risk surface that invites misuse and teaches users to normalize bad permissions. Why this matters • Overreaching permissions create privacy leakage. • Users start ignoring genuine red flags. • Teams ship code without basic permission hygiene. If you build or regulate apps, fix this. If you use them, deny permissions that make no functional sense. What is the strangest permission you have seen an app request? #AppSec #Privacy #TechEthics #GOI #MakeInIndia

21

1 Comment

It’s an honor to gain insights from such a seasoned leader in the cybersecurity field! 🛡️ In this exclusive session, we'll dive into how top security experts tackle daily first attack - those initial threats that can set the stage for larger breaches. 💡 Learn firsthand how to stay ahead of evolving cyber risks and keep our defenses strong. #Cybersecurity #ProudMoment #CISO #Navy #SecurityLeadership #FirstLineDefense #TechInnovation #CyberAwareness

12

📖 https://lnkd.in/g5YDnuCw Is ASLR giving us a false sense of security? Side channel attacks — like timing analysis, cache probing, and page fault observations — are quietly undermining memory randomization. Once ASLR is bypassed, even basic memory exploits become deadly again. The takeaway? Side channels aren’t just theoretical—they’re subtle, powerful, and growing. With each hardware or OS innovation, new side channel paths emerge. 💡 We need layered defenses: dynamic ASLR, low-resolution timers, stricter sandboxing, and better detection of recon patterns. Are side channels the next major frontier in memory exploitation? What should modern threat models include that they often don’t? #Cybersecurity #InfoSec #ASLR #SideChannel #MemorySecurity #ThreatModeling

3

OpenAI just quietly unveiled an AI agent that finds source code vulnerabilities and prescribes patches. Let’s see how this impacts startups and bigger vendors doing the same. Or doesnt. 🤔

17

1 Comment

Cybersecurity hiring is complex, and we are still early in the journey of bringing more structure to it. Our goal is simple. Help teams move beyond keywords and toward capability-based clarity. April 2026 will be an important milestone for us, and we are thankful for everyone supporting the vision!

111

46 Comments

It’s common to report something as serious as a hardcoded secret and get a pushback like “what’s the impact?” The truth is, not all secrets are equal, and proving impact can be tricky. Take GCP service accounts: they carry specific permissions, and the IAM APIs can tell you exactly what actions are allowed. Sometimes that means limited risk, other times it’s a clear path to sensitive data or operations. We paired Ostorlab’s secret detection with our new AI Pentest Engine to automatically assess impact: enumerate permissions, identify what actually works in practice, and safely exercise those permissions to show exactly what we can see and do. That evidence cut out the usual back-and-forth and got the bug fixed in four days, no questions asked. Our new article walks through the engine’s step‑by‑step reasoning and shares the final report. We also benchmarked multiple models and saw real differences by vulnerability class. For example, Gemini tended to perform better on Google‑linked issues. That said, throwing models at a bug without the right tooling and context produced no meaningful results across the board. The combination of precise secret detection plus targeted, context‑aware automation is what made the difference. https://lnkd.in/g9p9uySy #security #ai #gcp #secret

23

🎙️I had an amazing recording with Purusottam Mupunu at the #ScaleToZero podcast powered by Cloudanix on Proactive Security and Leadership. Our latest episode is now live! 🎧 Listen now or watch the full episode - don't miss this valuable discussion! 🔑 𝐊𝐞𝐲 𝐓𝐚𝐤𝐞𝐚𝐰𝐚𝐲𝐬: ✺ Understanding business risk and its impact is fundamental to any successful risk management program. By analyzing these factors, organizations can safeguard their assets, empower informed decision-making, and foster resilience in the face of uncertainty. ✺ Asset management, training, and table-top exercises are essential and non-negotiable components of effective risk management. ✺ For effective cross-team collaboration and alignment, engage with leaders on the security roadmap. This approach helps build trust and prevents last-minute security issues. What's your biggest challenge in proactive security? Share your thoughts in the comments! 👇 RIGA Cyber RIGA Cyber Foundation #DemocratizingCybersecurity #RIGACyber #RIGACyberFoundation #CyberSecurity #SecurityLeadership #RiskManagement #Podcast #ProactiveSecurity #CyberSecurityCommunity

20

1 Comment