About
30+ years of information and cyber security experience, both as an IC and as a leader of…
Articles by Erik
-
You Can’t Contain Cyber Risk When You Contain the CISO
You Can’t Contain Cyber Risk When You Contain the CISO
A CEO resigns after a breach, and it becomes a global headline. Not because it’s common, but because it’s rare.
3 Comments -
Kill your SOC with a D-IR model
Kill your SOC with a D-IR model
After my last article, where I tossed some gas on the fire and declared the SOC dead, I've had a lot of interest in the…
15 Comments -
RIP SOC. Hello D-IR
RIP SOC. Hello D-IR
A few years ago a post by Alex Maestretti about a SOCless approach to detection and response really got me thinking…
72 Comments -
Insider Threats: Where to begin
Insider Threats: Where to begin
One of my projects at my $lastjob, was working to establish an insider threat program that spanned our enterprise…
1 Comment -
Sorry, AI Security vendor: it's not you, it's me
Sorry, AI Security vendor: it's not you, it's me
No, your new Machine Learning or AI system isn't going to work for me. A demo isn't going to convince me.
22 Comments -
Our fractured security eco-system
Our fractured security eco-system
aka: the Infosec crazy train. (+++++++++++) (++++) (+++)…
6 Comments -
How AI Really Works For Infosec.
How AI Really Works For Infosec.
It's been about 2 1/2 years now since I starting working with PatternEx and started learning how Artificial…
1 Comment -
Why Infosec Professionals need to learn some Data Science
Why Infosec Professionals need to learn some Data Science
This is a post I've been meaning to write for a while, and over the last few months I've been finding it quite a bit…
-
How to share Threat Data without actually sharing it.
How to share Threat Data without actually sharing it.
One of the biggest challenges today around information sharing is how organizations and governments actually share…
1 Comment
Activity
12K followers
-
Erik Bloch shared thisAmazing role on an amazing team!Erik Bloch shared thisI'm hiring a Cloud Security Architect at Salesforce! This isn't your average security role. You will be the core architect defining our public cloud security vision and strategy with key focus on GCP and AWS. About the role: - The Mission: Architect our multi-cloud security baselines, control automation, and champion secure by default, and secure by design. - Cloud expertise: Deep GCP expertise, good AWS security experience, IaC (Terraform), and Kubernetes. - The Profile: 15+ years of progressive experience in cybersecurity, with significant time dedicated to Cloud Security Architecture - Locations: SF, Palo Alto, Seattle, Bellevue, or Atlanta. Ready to build the future of enterprise cloud security? Apply below or tag a friend who you makes a great fit! https://lnkd.in/gQXUDbv2 #SalesforceJobs #CloudSecurity #InfoSec #Hiring Lindsey Bruns
-
Erik Bloch posted thisAs budgets shift toward AI, companies are making real trade-offs. That shift shows up across the org; leaner teams, less depth, fewer resources in areas that used to be fully staffed. Call it efficiency or prioritization, but the outcome is the same: Every team is being asked to do more with less, while operating with a higher baseline of risk. Security isn't exempt. We're operating in the same environment, and in many cases, on top of existing gaps that don't magically go away. Which means our model has to change. For years, we've focused on prevent -> detect -> respond. That still matters, but it assumes you can keep up. Right now, most teams can't. So the shift is toward resilience. Not just stopping incidents, but making sure they don't take you down when they happen: - Simplify what you run - Automate what doesn't scale - Contain failures so they don't cascade into disasters - Design systems that fail gracefully, not catastrophically This isn't about AI replacing people. It's about trade-offs. So the real question is: are you building a security model that can operate in that reality—or one that depends on resources you no longer have? #HardTruths #CyberIsBroken
-
Erik Bloch shared thisIf you're not talking to Alpha Level about what they are doing in the D&R space, are you really even doing D&R? These guys are the smartest guys in the room, and are solving real problems that move the needle. This isn't another bandaid or shiney object, it produces measurable results and ROI. #troll #secops #socErik Bloch shared thisOne of the real blind spots of an enterprise is unmanaged devices. By this I mean devices with no endpoint monitoring. If you're a large enterprise or MSSP, you know you have them, and you know you're blind. So do the adversaries, and the sophisticated attacker will lateral between unmanaged devices to fly below detection radar. One of the advantages of Alpha Level Autonomous Hunter is that it can find attacks through many sources of telemetry, including network data that can provide coverage over unmanaged devices. In this next case study, we show how anomaly detection on network data, followed by an investigation by agentic AI, can find attack behavior on unmanaged devices. Bonus: Telnet! Check it out!
-
Erik Bloch reposted thisErik Bloch reposted thisExchanging ideas changes how you see the problem - it sharpens questions, exposes weak assumptions, and brings clarity. I had the chance to spend time with many brilliant minds at this week - listening, discussing, and connecting dots across perspectives. What stood out wasn’t just the range of viewpoints, but how quickly the conversation converged toward first principles - Autonomous Defense. AI Trust & Security. Agentic Governance. Cybersecurity isn’t being upgraded, it’s being rewritten! Thanks, Erik Bloch, Rohit Jain, Anton Chuvakin. And thanks, Venture Dock team for getting bringing us together Neha Jain Lochan Alagh Rao Cherukuri Vineeta Saraff Gupta Vivek Vipul Murali Chirala Anuja Nale
-
Erik Bloch reposted thisFood and gas prices are soaring, and 48% of the world is living in poverty. While workers face extraordinary hardship, the world’s top CEOs have never had it so good. This International Workers’ Day, Oxfam and International Trade Union Confederation - ITUC released new data showing that in 2025, CEOs’ pay increased 20 times faster than workers’ pay. It would take 490 years for the average worker to make what the average CEO made in 2025 alone. Workers’ productivity has increased, but they have less to show for it. The economic value they generate is lining CEOs’ pockets. This isn’t a coincidence. It’s a policy choice. Governments urgently need to reign in extreme inequality by taxing the ultra-rich and supporting workers. Check out more of our findings here: https://lnkd.in/e_KQUnZ9Erik Bloch reposted thisWhat the data shows is that we cannot have a conversation about the affordability crisis without talking about extreme inequality, and in particular the extreme inequality between CEO pay and worker pay” Oxfam's Patricia Stottlemyer, Esq. Patricia Stottlemyer on the rapid rise of CEO pay that grew 20 times faster than workers’ wages in 2025 https://lnkd.in/eUF9xvRhIn the U.S., CEO pay grew 20 times faster than workers' wages in 2025, says OxfamIn the U.S., CEO pay grew 20 times faster than workers' wages in 2025, says Oxfam
-
Erik Bloch shared thisWe have some roles open on my team at Illumio. Staff Product Security Engineer - working on our ProdSec team, helping to keep our products secure. https://lnkd.in/g59aCD_F Director of Customer Trust - Come establish our customer facing function, supporting our field teams and customers. https://lnkd.in/giAeNEAg Security Program Manager - Come be Securitys first program manager, and my chief of staff. I need help herding all the cats. https://lnkd.in/g_ywAYy6 If you're not familiar with us, do some digging. We solve a foundational security problem, and we are growing like crazy. We also punch way above our weight, supporting 9 out of 10 banks, most name brand companies you're familiar with, as well as governments and organizations around the world. We have a big footprint, being in multiple clouds along with supporting on-prem deployments, and we get to play some some fun toys too. As these roles are for me, I can't refer people, but if you know anyone on my team, they can *hint*. Otheriwse, feel free to apply directly above!
-
Erik Bloch reposted thisErik Bloch reposted thisWe're building a multi-provider, hybrid compute fabric that transparently secures and steers traffic across AWS, Azure, our on-prem bare metal, using SPIFFE (Secure Production Identity Framework For Everyone), providing vendor-agnostic workload identities, Istio and and Cilium to secure everything, all orchestrated by our multi-region control plane. We're #hiring Senior, Staff, and Sr. Staff roles. Let's talk. #istio, #spiffe, #kubernetes, #cilium, #cassandra
-
Erik Bloch reposted thisErik Bloch reposted thisHampton North is hiring. We're not in a rush, but we are being very intentional about a few important hires we'd like to make this year, and sooner is better. Senior/Principal GTM Recruiter, joining Mike Campagna's practice. Lara Hursh joined in January and has been incredible, and we expect GTM to be our largest practice by end of 2027. It's a great time to get in. Preference is for someone who knows how to hunt new logos, not just execute on searches. Jr GTM Recruiter (6 months – 2 years experience) — Focused on delivering to our active roster of clients, providing a world class candidate experience, and building a world class career with HN. If you're early in your career and want to learn from some of the best in the business, this is the spot. Senior/Principal Software Engineering Recruiter working alongside Aimee Clemson. Aimee has done an incredible job establishing this practice and we'd love for her to have a teammate as she continues to build it out. We are always open to speak with the best pure play Cyber Security Recruiters too, but we know how few of you there are and most of you work here already. Why Hampton North: - Pay is great (base and commission) - Benefits are better than most tech companies - Fully remote, work from anywhere (in the US) - One of the most talent-dense teams in the industry, and they're all incredibly kind and generous with their time (over 50% of our team are in the million dollar biller club) - We travel to awesome places and spend real time together - Our client roster for a 3-year-old company is absurd - No debt, no financing, and an incredibly strong cash position for a business our size and age What are our non negotiables in people - A 'lifer' - what do we mean by this? You've chosen agency recruiting as your career, not just a job - Your instinct will always, and I mean always, be to do the right thing. - No lone wolfs. We get that it's an individual game, but you play for the badge, and even if you're succeeding but making other people's jobs harder, you aren't welcome - You ask for help, are comfortable being wrong, but are also comfortable speaking up when you are right - You find a way to get the job done, even if it's hard, even if it's tiring, you find a way to win. - Even if you're really good today, you're obsessive over continuing to improve and get better If you're a recruiter who's been looking for the right home, the kind of place where the team is world class, the autonomy is real, and the earning potential matches the effort, reach out to me at stuart.mitchell@hamptonnorth.com. We're building something special and we'd love the right people to be part of it.
-
Erik Bloch shared thisIt works. At scale. So why aren’t you talking to Alpha Level yet?Erik Bloch shared thisSuper proud to announce our partnership with Australia Post. Adam Cartwright is a powerhouse CISO in Australia, and his team is among the best in the industry. Together, we are bringing precision threat detection to bear in the protection of Australian critical infrastructure. Read more here: https://lnkd.in/gnGHhNgs
-
Erik Bloch liked thisErik Bloch liked thisOne of the biggest challenges of existing approaches to cyber resilience is the hidden gaps firewalls alone can’t cover. That's why visibility, governance, and segmentation are paramount. Our latest blog from Illumio Senior Product Marketing Manager Irvin Maldonado breaks down how Illumio and FireMon work together to give security teams clearer visibility into how traffic actually flows across environments — so they can spot risk faster and make smarter decisions. Read the full blog here: https://bit.ly/4cFXKrW
-
Erik Bloch liked thisErik Bloch liked this*Live list of active opportunities at Hampton North* Leadership VP of Information Security - Remote (US) - Series B - $240-300k base plus equity Head of GRC (Federal) - NYC - Public Tech - $400k plus package Head of IT Security - SF - Defense Tech - $230-300k base plus equity Director of Information Security Engineering - Boston - Pre-IPO Tech (Late Stage) - $200-250k base plus equity Director of GRC - Boston - Pre-IPO Tech (Late Stage) - $190-235k base plus equity VP of IT and Security (CMMC, ITAR, DFARS) - Remote (Travel) - Aerospace and Defense - $230-265K base plus bonus Management Product Security Manager - Boston - Pre-IPO Tech (Late Stage) - $190-230k base plus equity Incident Response Lead - Boston - Pre-IPO Tech (Late Stage) $150-190k base plus equity GRC Lead - NYC - Hedge Fund - $250-300k base plus high TC Sr Manager Identity Governance - Remote - Big Tech - $200-220k base plus bonus Manager Data Security - Remote - Big Tech - $185k base plus bonus IC AI Security Engineer (x3) - NYC - Hedge Fund - $400-550k Cash Comp Founding Security Engineer - SF - Series A - $250-400k base plus equity Security Engineer (AppSec/Infra) - SF or NY - Series C Tech - $230-300k base plus equity Sr/Staff AppSec Engineer -SF - Series E Tech - $200-275k base plus equity Mobile AppSec Engineer - Remote - Social Media Tech - $200-230k base plus stock Sr Detection Engineer - Boston - Security Company - $180-210k base plus equity Detection Engineer - Boston - Pre-IPO Tech (Late Stage) - $130-160k base plus equity Sr Detection Engineer - Remote - Fintech - $140-180k base plus package AppSec Engineer - Remote - Fintech - $130-160k base plus package Vulnerability Automation Engineer - Remote - Fintech - $170-190k base plus package Sr Platform Security Engineer - Remote - Fintech - $175-190k base plus package Security Operations Engineer - NYC - Hedge Fund - $200-300k base plus big TC package Security Engineer (1-3 yrs, Infra/SecOps) - Remote - Pre-IPO Tech - $140-160k base AI Compliance Analyst - Boston - Pre-IPO Tech (Late Stage) - $100-140k base plus equity Sr Risk Analyst - Boston - Pre-IPO Tech (Late Stage) - $120-155k base plus equity IAM Engineer - Boston - Pre-IPO Tech (Late Stage) - $130-170k base plus equity AI Security Engineer - Boston - Pre-IPO Tech (Late Stage) - $150-200k base plus equity Software Security Engineer - Remote - Fintech - $170-300k base plus equity Sr. CND Engineer (TS clearance) - Quantico -Defense - $170-190k base For more info on any of these searches, reach out to me at stuart.mitchell@hamptonnorth.com and I'll put you in the right direction of the appropriate recruiter at HN. Will send our updated GTM and SWE opportunities tomorrow.
-
Erik Bloch reacted on thisErik Bloch reacted on thisI'm hiring a Cloud Security Architect at Salesforce! This isn't your average security role. You will be the core architect defining our public cloud security vision and strategy with key focus on GCP and AWS. About the role: - The Mission: Architect our multi-cloud security baselines, control automation, and champion secure by default, and secure by design. - Cloud expertise: Deep GCP expertise, good AWS security experience, IaC (Terraform), and Kubernetes. - The Profile: 15+ years of progressive experience in cybersecurity, with significant time dedicated to Cloud Security Architecture - Locations: SF, Palo Alto, Seattle, Bellevue, or Atlanta. Ready to build the future of enterprise cloud security? Apply below or tag a friend who you makes a great fit! https://lnkd.in/gQXUDbv2 #SalesforceJobs #CloudSecurity #InfoSec #Hiring Lindsey Bruns
-
Erik Bloch reacted on thisErik Bloch reacted on thisThe AI Build-Buy Cycle Is Repeating Itself I'm seeing some patterns emerging around the AI Build-Buy Cycle. This of course is limited to my small view of the world of the cutting edge companies and their security teams but it's enough of a hint that I think it deserves a post. As Claude Code exploded on the scene we clearly saw an explosion of prosumers and enterprises enter the start of the build vs buy cycle. The pattern is the same as we went thru with cloud and is so consistent I can almost map it on a calendar (minus the time compression aspect): Month 1: "This is amazing. Look what AI can do" Month 3: "Why are we paying a vendor for this? We have engineers. Let's build it ourselves." (Spin up 100 parallel projects) Months 4-8: Massive internal sprawl. Every team builds its own RAG pipeline. Every workflow gets an LLM wrapper. You have 40 alpha-quality demos, three kind of work, none of them are trusted in production. Months 9-12: The honest reckoning. Outputs vary. Quality drifts every time a model gets updated. The eval framework someone promised never got built. Token costs are climbing. The team is now spending more time keeping the AI alive than shipping new things. Month 12+: "We can build it. We just don't want to manage it." Welcome to the buy phase. I am hearing this now from teams that are cutting-edge. Companies that have the talent to do everything themselves. They ran the experiment. Building a wrapper is easy. Operating a reliable, consistent, accountable AI product on top of a layer that changes every two months is a totally different problem. One most teams don't actually want to own. The right question used to be "can we build this ourselves?" The right question now is "do we want to be the team accountable for this every day for the next five years?" Those are different questions. Teams answering the second one honestly are writing checks they swore last year they never would. The moat is turning out to be not so surprising. It's consistent, reliable, scalable software that has accountability. What is "old" is now new again.
-
Erik Bloch liked thisErik Bloch liked thisWe (Discord) are also looking for a world class Enterprise security engineer to join our team in SF. HMU with questions or apply directly! https://lnkd.in/gr8qZsUuDiscord — Senior Security Engineer, Enterprise SecurityDiscord — Senior Security Engineer, Enterprise Security
-
Erik Bloch reacted on thisErik Bloch reacted on thisHey #Cybersecurity friends, how are you? No really, how are you? Things are feeling a bit tough in cyber right now, and AI may or may not be contributing to this. What is NOT helping much? Being told to: - Stay curious - Learn AI before someone else does - Automate All The Things What IS Helping? - Staying curious - but not about All The Things, just Some Things - Learning AI - for yourself, not your company - Automating All The Things... and using the time you get back to do something for yourself And I'm curious, how are you keeping your head above the Cyber Water? #InquiringMindsWantToKnow
-
Erik Bloch reacted on thisErik Bloch reacted on thisThat's a wrap on Workflow Live 2026! 1,500 registrants. Six sessions. One room full of people figuring out the future of work. Thank you to every speaker, every attendee, and the Tines team who made it happen. See you next year. 🙌
-
Erik Bloch reacted on thisI’m very proud of what the team built yesterday with Workflow. The speakers were outstanding, the conversations were real and truly helpful, and 1,500 of you took time to be part of it. That's not nothing. Thank you again… and we're already thinking about next year.Erik Bloch reacted on thisThat's a wrap on Workflow Live 2026! 1,500 registrants. Six sessions. One room full of people figuring out the future of work. Thank you to every speaker, every attendee, and the Tines team who made it happen. See you next year. 🙌
Experience
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Education
-
California State University-Chico
-
-
Activities and Societies: Founder of the Chico State Linux Users Group
-
-
-
Volunteer Experience
-
Co-Founder, Uber Tinkerer, Former Member Board Of Directors
Security Tinkerers
- Present 9 years
Science and Technology
-
-
Hacktivismo
Cult of the Dead Cow
- 7 years 6 months
Human Rights
Patents
-
Method and system for tracking entities in a computer network
Issued US 7398310
A method and system for tracking entities in a computer network. A method includes receiving node information related to a node coupled to a computer network. The method further includes determining whether an entity associated with the node has been previously identified in the computer network. If the entity has been previously identified in the computer network, the node information is linked to an entry for the entity in the database. If the entity has not been previously identified in the…
A method and system for tracking entities in a computer network. A method includes receiving node information related to a node coupled to a computer network. The method further includes determining whether an entity associated with the node has been previously identified in the computer network. If the entity has been previously identified in the computer network, the node information is linked to an entry for the entity in the database. If the entity has not been previously identified in the computer network, a new entry is created in the database, and the node information is linked to the new entry.
Other inventors -
Projects
-
United Nations Counter Terrorism Committee and ICT4Peace workshop on responding to terrorists' use of information technologies.
See projectA joint project on private sector engagement in responding to terrorists' use of information and communications technologies (ICT). Behind the project are the United Nations Security Council Counter-Terrorism Committee Executive Directorate (CTED) and the Swiss non-governmental organization ICT4Peace.
-
Plinko - the smart parser
See projectPlinko was originally an experiment with Prefix Trees and log parsing. The general concept is to have a single end point you can send any data to, in a "fire and forget" fashion. Plinko should identify and parse the data completely without the sending system caring what it sent. The latest version supports named fields in the STL files for tagging data parsed in the Prefix Tree and anonymous functions for parsing dynamic message payloads. We now output JSON objects and I'm working on HBase…
Plinko was originally an experiment with Prefix Trees and log parsing. The general concept is to have a single end point you can send any data to, in a "fire and forget" fashion. Plinko should identify and parse the data completely without the sending system caring what it sent. The latest version supports named fields in the STL files for tagging data parsed in the Prefix Tree and anonymous functions for parsing dynamic message payloads. We now output JSON objects and I'm working on HBase integration. By outputting to JSON it also leaves open the possibility for on the fly in memory correlation between events. Read the included README before starting, it has a quick start guide and info on the constructors.
Languages
-
English
Native or bilingual proficiency
-
German
Elementary proficiency
-
Swedish
Elementary proficiency
Other similar profiles
Explore more posts
-
The Cyber Security Hub™
Download Pentera Labs Report - revealing three new critical injection points in the ingress-nginx controller, building on Wiz’s IngressNightmare CVE. These overlooked vulnerabilities could let attackers hijack traffic, spoof headers, or reach unauthorized backend services - They exist in one of the most widely used ingress controllers in Kubernetes, putting countless environments at risk. This research highlights how small misconfigurations can lead to major exposure in modern cloud-native architectures. What’s Inside: ✅ 3 new injection vulnerabilities in ingress-nginx ✅ How attackers find and exploit CVEs in open source ✅ Actionable tips to secure your Kubernetes environment https://lnkd.in/eHtX6EdP
1 Comment -
The Cyber Security Hub™
Download Pentera Labs Report - revealing three new critical injection points in the ingress-nginx controller, building on Wiz’s IngressNightmare CVE. These overlooked vulnerabilities could let attackers hijack traffic, spoof headers, or reach unauthorized backend services - They exist in one of the most widely used ingress controllers in Kubernetes, putting countless environments at risk. This research highlights how small misconfigurations can lead to major exposure in modern cloud-native architectures. What’s Inside: ✅ 3 new injection vulnerabilities in ingress-nginx ✅ How attackers find and exploit CVEs in open source ✅ Actionable tips to secure your Kubernetes environment https://lnkd.in/eHtX6EdP
1 Comment -
The Cyber Security Hub™
Download Pentera Labs Report - revealing three new critical injection points in the ingress-nginx controller, building on Wiz’s IngressNightmare CVE. These overlooked vulnerabilities could let attackers hijack traffic, spoof headers, or reach unauthorized backend services - They exist in one of the most widely used ingress controllers in Kubernetes, putting countless environments at risk. This research highlights how small misconfigurations can lead to major exposure in modern cloud-native architectures. What’s Inside: ✅ 3 new injection vulnerabilities in ingress-nginx ✅ How attackers find and exploit CVEs in open source ✅ Actionable tips to secure your Kubernetes environment https://lnkd.in/eHtX6EdP
-
Emutare
Operationalizing Trust: Fixing the Broken Feedback Loop in Modern SOCs Is your security team chasing ghosts or hunting threats? The "swivel chair" workflow is costing you talent and money. Stop adding more tools and start fixing the broken feedback loop. Discover how to build a human-centric SOC for 2026. Link to the article: https://lnkd.in/dEds7SaQ #CyberSecurity #SOCBurnout #CISO
-
SECITHUB.COM | The HUB for Cyber Security, Cloud & IT Infrastructure insights
Browsers have become the biggest attack surface where compliance, visibility, and data protection all converge. A proxy security strategy is no longer optional. It’s how modern organizations enforce Zero Trust, strengthen ISO compliance alignment, and stop breaches before they happen. Discover how Proxy integrates with SASE See why unmanaged browsing costs companies millions every year Learn how to design a scalable, compliant proxy framework for hybrid teams read the full guide https://lnkd.in/dJARdp-s #Cybersecurity #ProxySecurity #SASE #ISO27001 #ZeroTrust #Compliance #CloudSecurity #NetworkSecurity #SMB #Secithub #TechLeaders #DataProtection #BrowserSecurity #EnterpriseIT #InfoSec
-
CYBER DEFENSE MAROC
Not all alerts are created equal. Master alert triage by focusing on context: asset criticality, attack vector, and threat intelligence. Prioritize what threatens your crown jewels first, then tackle the noise. Efficient triage = faster response, less burnout. Your SOC’s secret weapon? Smarter, not harder. 🔍 #Cybersecurity #AlertTriage
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content