Ty Sbano

Here’s a pattern I’m seeing more often: More sites. More assessments. More reporting expectations. Same headcount. Security teams are being asked to scale output without scaling structure. So what happens? Assessments become episodic. Reporting takes too long. Prioritization becomes subjective. And leaders spend more time translating risk than reducing it. This isn’t a capability issue. It’s an architecture issue. At some point, physical security has to operate with the same operational discipline as finance and IT. Otherwise it stays in permanent catch-up mode. For security people overseeing medium to large portfolios (20+ sites): What’s currently your biggest bottleneck volume, visibility, or validation? And why do you think this is?

5

1 Comment

Security teams aren't under-skilled. They're outpaced. ORDR IQ applies AI where friction hits hardest: analysis, enforcement, and orchestration. One question replaces hours of coordination. Same team. Different scale.

9

Audits and forensics aren’t witch-hunts to “name the hacker.” They’re how you stop the next breach. A good audit/forensic review will: Expose misconfigurations and control gaps Surface broken processes (people • tech • vendors) Produce a clear timeline to improve response Provide evidence for insurance claims and regulators Demonstrate senior management intent and due diligence One breach costs more—in money, trust, and time—than doing the work properly up front. At Tylers, we turn incidents into hardening plans: fixes, owners, deadlines. Not blame—better security. #CyberSecurity #DigitalTrust #Forensics #Audit #IncidentResponse #Tylers

17

2 Comments

For years, security teams worked to satisfy auditors and check compliance boxes. But today, the harshest critics of your cybersecurity posture aren’t regulators - they’re insurers. Because cyber risk has become an underwriting risk. If you can’t prove control maturity, you’ll pay more - or worse, find out your coverage means nothing when you need it. Cyber risk is now a pricing, eligibility, and survivability problem, a lot more than a technical issue. Real-World Lessons: When “Covered” Didn’t Mean Protected Even well-funded organizations are learning how unforgiving insurers have become: 1. Inchcape Australia v Chubb Insurance (2022) A ransomware attack caused business disruption, but the insurer ruled losses as “indirect” and not payable. 2. Hacked Business Loses Cyber Payout (Australia, 2023) A small business breach claim was denied - missing MFA and weak controls nullified the policy. 3. Supplier Breach, No Cover (2024) A company’s AU$30K response cost claim tied to a vendor incident was rejected - policy misalignment. These aren’t mere paperwork errors. They reflect a systemic shift: insurers now validate cyber maturity at the same depth attackers exploit it. Meeting the Baseline Isn’t Enough “Compliance-ready” doesn’t mean “insurable.” Policies are being restricted, repriced, or outright denied when: Controls exist only on paper, not in enforcement, and IR playbooks haven’t been tested in 12+ months. MFA or segmentation is missing on privileged or legacy systems, while Shadow IT, unmonitored vendors, or undisclosed prior incidents exist. You can’t produce evidence - metrics, logs, or test reports - on demand. Cyber insurance is no longer a safety net. It’s a maturity audit disguised as a policy. If you approach it like compliance, you’ll overpay or be left uncovered. If you treat it like risk management, you’ll earn leverage - lower premiums, higher trust, and resilience that outlasts any claim dispute.

21

1 Comment

“Are we compliant?” is not the same question as “Are we secure?” Too many teams check every box on the compliance list… and leave the back door wide open. Compliance frameworks are baselines — minimum requirements, not maximum protections. They’re designed to raise the floor, not build your ceiling. The trap? Once the audit’s done, people relax. Old controls stay on paper but break in production. Exceptions pile up. Gaps widen. And attackers don’t care that you have a shiny certificate — they care about that one misconfiguration you forgot to fix. Use compliance as your floor, not your finish line. Keep testing, keep verifying, keep asking: Does this still make sense? Because the threat landscape won’t wait for your next audit cycle.

4

Download Pentera Labs Report - revealing three new critical injection points in the ingress-nginx controller, building on Wiz’s IngressNightmare CVE. These overlooked vulnerabilities could let attackers hijack traffic, spoof headers, or reach unauthorized backend services - They exist in one of the most widely used ingress controllers in Kubernetes, putting countless environments at risk. This research highlights how small misconfigurations can lead to major exposure in modern cloud-native architectures. What’s Inside: ✅ 3 new injection vulnerabilities in ingress-nginx ✅ How attackers find and exploit CVEs in open source ✅ Actionable tips to secure your Kubernetes environment https://lnkd.in/eHtX6EdP

6

1 Comment