🤔 Data sovereignty, cloud and security ...
"BetaNews.com spoke to Sergej Epp, #CISO at #Sysdig , and previously #CISO at #PaloAlto Networks, to explore the theme of data #sovereignty , #cloud and security. ..."
https://betanews.com/2025/12/26/data-sovereignty-cloud-and-security-qa/
Oh #PAN can DIAF
Their interview process was such a shitshow.
Like you, have used their gear in various company environments (with good & bad results). Their #RSAC parties for the #CISO s are off the hook.
I have scored a couple of their EOL gear for my home lab (and in hopes to put an open source firmware instead at some point) via craigslist and a local #ewaste facility. Thankfully I have not had as bad experience as you did (so far).
Since this model is not EOL as of yet, I would have assumed there was something wrong.
As @mmu_man mentioned, who of your followers/in the community has a #paloaltonetworks #pa440 and can provide some details/pictures from their #pa-440
Good luck, thanks for sharing.
OM$deity what a shitshow; I hope you left a suitable ebay review
#infosec #cybersecurity #networking #networkingTech #networkingTech #networkinghardware
This means for a lot of companies obey or get bancrupt. To all the people out there working as #CISO or in their offices, please adress this risk.
Is your business ready to handle today's cyber threats alone?
If not 1: You need an MSSP for Operational Support for filling the talent gap.
If not 2: You need an MSSP for Operational Support for managing the noise.
If not 3: You need an MSSP for Governance & Compliance (ensuring you meet legal standards).
If not 4: You need an MSSP for Strategic Maturity (moving from "fighting fires" to proactive protection).
If you read the cybersecurity sections of the 2026 NDAA closely, you can almost hear a weary sigh. This is not the sound of bold futurism. This is the sound of an institution that just finished grading a stack of exams and realized half the class still doesn’t lock their phone.
After a year of SignalGate and other painfully avoidable security lapses, Congress has decided to do something radical: write laws that assume people will make bad decisions unless gently, repeatedly, and legally discouraged from doing so. Hence, there is a new focus on hardened mobile devices for senior officials and actual rules around AI security. Not vibes. Rules. And it's long overdue.
The subtext is refreshingly honest. Cybersecurity failures this year weren’t caused by zero-days or shadowy genius hackers. They were caused by convenience, overconfidence, and the timeless belief that “it’ll probably be fine.” The NDAA reads like a syllabus revision after the midterm went badly.
There’s a lesson here for the rest of us. You can buy the best tools, fund the smartest teams, and write the cleanest policies. But if leadership treats security like optional homework, the final grade will reflect that.
TL;DR
🧠 Cyber law reacts to real-world faceplants
⚡ Mobile and AI security get adult supervision
🎓 Leadership behavior becomes part of the threat model
🔍 Secure tools don’t cancel careless habits
https://www.csoonline.com/article/4103754/key-cybersecurity-takeaways-from-the-2026-ndaa.html
#Cybersecurity #NDAA2026 #Leadership #RiskManagement #AIsecurity #CISO #security #privacy #cloud #infosec
4 Cybersecurity Predictions and a Wish List for 2026
https://youtu.be/B5nxLVKbhKc #Cybersecurity #AIinSecurity #CyberPredictions #FutureOfSecurity #ZeroTrust #AIThreats #CyberDefense #SecurityAutomation #DigitalTrust #IdentitySecurity #CISO #InfoSec #CyberRisk #TechLeadership
Microsoft’s upcoming 2026 security features highlight a shift many organizations are already experiencing: collaboration platforms and identity workflows are now prime attack paths.
From Teams-based impersonation to AI-driven data exposure, these updates address behaviors attackers are actively abusing — often without malware or zero-days. Security leaders should treat this roadmap as a planning signal, not a future wish list.
Read our blog for a full breakdown: https://www.lmgsecurity.com/5-new-ish-microsoft-security-features-what-they-reveal-about-todays-threats/
#Microsoft365 #CollaborationTools #IdentityAndAccess #AIinSecurity #CISO #SecurityOperations #ThreatDetection #CyberDefense
“AI shines wherever there’s high event volume and the need to aggregate weak signals into a meaningful picture.”
- Norman Gottschalk, Global CIO & CISO, Visionet Systems
This interview explores:
• AI-driven phishing and insider risk
• Governance gaps from shadow AI usage
• Why AI cannot judge intent without humans
https://infosec.exchange/@sbeierle/115739298158462709
Headline: 🚨 Holiday Security for Blue Teams: From Detection to Restriction
Text: Most serious security incidents don’t happen during business hours. They happen during holidays, weekends, and reduced-staff periods—exactly when detection-heavy models struggle.
I’ve published Holiday Minimal Mode (HMM), a deterministic Blue Team posture designed specifically for holiday operations.
#BlueTeam #SOC #CyberSecurity #IncidentResponse #ZeroTrust #CloudSecurity #CISO
RunAs Radio Show 1015 - Zero Trust in 2026 with Michele Bustamante and host Richard Campbell
buff.ly/jHnQLLy
#podcast #devcommunity #security #ciso #authentication #authorization #zerotrust
Zero Trust in 2026 with Michel...
A single cloud outage can disrupt every core system you depend on, which is why digital resilience has to extend far beyond traditional continuity planning.
In this quick video, we outline five steps every CISO should prioritize—from mapping third- and fourth-party dependencies to running cloud-outage tabletop exercises that mirror real conditions. Watch it here: https://www.youtube.com/watch?v=-fgyWb1dq_g
#DigitalResilience #CloudSecurity #BusinessContinuity #IncidentResponse #CISO #RiskManagement #ThirdPartyRisk #InfoSec
RunAs Radio Show 1015 - Zero Trust in 2026 with Michele Bustamante and host Richard Campbell
https://runasradio.com/Shows/Show/1015
#podcast #devcommunity #security #ciso #authentication #authorization #zerotrust
CISO Checklist cho SMBs tại New Zealand 2026: Tập trung vào điều thực sự giảm rủi ro.
- Xác định kịch bản sự cố nghiêm trọng
- Rèn luyện phản ứng sự cố định kỳ
- Kiểm thử sao lưu khôi phục, không chỉ lưu
- Quản lý danh tính như rào cản bảo mật
- Thu thập log hữu ích, truy xuất được
- Diễn giải rủi ro bằng ngôn ngữ kinh doanh
- Giám sát bên thứ ba chặt chẽ
- Xác định rõ trách nhiệm khi khủng hoảng
#Cybersecurity #NZSMB #CISO #RiskManagement #InfoSec #BaoMat #AnToanThongTin #Qua
#Anthropic Exec Forces #AI #Chatbot on #Gay #Discord Community, Members Flee
A Discord community for #gayGamers is in disarray after one of its moderators and an executive at Anthropic forced the company’s #AIChatbot on the Discord, despite protests from members.
Users voted to restrict Anthropic's #Claude to its own channel, but Jason Clinton, Anthropic’s Deputy Chief Information #Security Officer ( #CISO ) and a moderator in the Discord, overrode them.
#privacy
https://www.404media.co/anthropic-exec-forces-ai-chatbot-on-gay-discord-community-members-flee/
What Is a Supply Chain Attack? Lessons from Recent Incidents
924 words, 5 minutes read time.
I’ve been in computer programming with a vested interest in Cybersecurity long enough to know that your most dangerous threats rarely come through the obvious channels. It’s not always a hacker pounding at your firewall or a phishing email landing in an inbox. Sometimes, the breach comes quietly through the vendors, service providers, and software updates you rely on every day. That’s the harsh reality of supply chain attacks. These incidents exploit trust, infiltrating organizations by targeting upstream partners or seemingly benign components. They’re not theoretical—they’re real, costly, and increasingly sophisticated. In this article, I’m going to break down what supply chain attacks are, examine lessons from high-profile incidents, and share actionable insights for SOC analysts, CISOs, and anyone responsible for protecting enterprise assets.
Understanding Supply Chain Attacks: How Trusted Vendors Can Be Threat Vectors
A supply chain attack occurs when a threat actor compromises an organization through a third party, whether that’s a software vendor, cloud provider, managed service provider, or even a hardware supplier. The key distinction from conventional attacks is that the adversary leverages trust relationships. Your defenses often treat trusted partners as safe zones, which makes these attacks particularly insidious. The infamous SolarWinds breach in 2020 is a perfect example. Hackers injected malicious code into an update of the Orion platform, and thousands of organizations unknowingly installed the compromised software. From the perspective of a SOC analyst, it’s a nightmare scenario: alerts may look normal, endpoints behave according to expectation, and yet an attacker has already bypassed perimeter defenses. Supply chain compromises come in many forms: software updates carrying hidden malware, tampered firmware or hardware, and cloud or SaaS services used as stepping stones for broader attacks. The lesson here is brutal but simple: every external dependency is a potential attack vector, and assuming trust without verification is a vulnerability in itself.
Lessons from Real-World Supply Chain Attacks
History has provided some of the most instructive lessons in this area, and the pain was often widespread. The NotPetya attack in 2017 masqueraded as a routine software update for a Ukrainian accounting package but quickly spread globally, leaving a trail of destruction across multiple sectors. It was not a random incident—it was a strategic strike exploiting the implicit trust organizations placed in a single provider. Then came Kaseya in 2021, where attackers leveraged a managed service provider to distribute ransomware to hundreds of businesses in a single stroke. The compromise of one MSP cascaded through client systems, illustrating that upstream vulnerabilities can multiply downstream consequences exponentially. Even smaller incidents, such as a compromised open-source library or a misconfigured cloud service, can serve as a launchpad for attackers. What these incidents have in common is efficiency, stealth, and scale. Attackers increasingly prefer the supply chain route because it requires fewer direct compromises while yielding enormous operational impact. For anyone working in a SOC, these cases underscore the need to monitor not just your environment but the upstream components that support it, as blind trust can be fatal.
Mitigating Supply Chain Risk: Visibility, Zero Trust, and Preparedness
Mitigating supply chain risk requires a proactive, multifaceted approach. The first step is visibility—knowing exactly what software, services, and hardware your organization depends on. You cannot defend what you cannot see. Mapping these dependencies allows you to understand which systems are critical and which could serve as entry points for attackers. Second, you need to enforce Zero Trust principles. Even trusted vendors should have segmented access and stringent authentication. Multi-factor authentication, network segmentation, and least-privilege policies reduce the potential blast radius if a compromise occurs. Threat hunting also becomes crucial, as anomalies from trusted sources are often the first signs of a breach. Beyond technical controls, preparation is equally important. Tabletop exercises, updated incident response plans, and comprehensive logging equip teams to react swiftly when compromise is detected. For CISOs, it also means communicating supply chain risk clearly to executives and boards. Stakeholders must understand that absolute prevention is impossible, and resilience—rapid detection, containment, and recovery—is the only realistic safeguard.
The Strategic Imperative: Assume Breach and Build Resilience
The reality of supply chain attacks is unavoidable: organizations are connected in complex webs, and attackers exploit these dependencies with increasing sophistication. The lessons are clear: maintain visibility over your entire ecosystem, enforce Zero Trust rigorously, hunt for subtle anomalies, and prepare incident response plans that include upstream components. These attacks are not hypothetical scenarios—they are the evolving face of cybersecurity threats, capable of causing widespread disruption. Supply chain security is not a checkbox or a one-time audit; it is a mindset that prioritizes vigilance, resilience, and strategic thinking. By assuming breach, questioning trust, and actively monitoring both internal and upstream environments, security teams can turn potential vulnerabilities into manageable risks. The stakes are high, but so are the rewards for those who approach supply chain security with discipline, foresight, and a relentless commitment to defense.
Call to Action
If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.
D. Bryan King
Sources
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
#anomalyDetection #attackVector #breachDetection #breachResponse #CISO #cloudSecurity #cyberattackLessons #cybersecurity #cybersecurityGovernance #cybersecurityIncident #cybersecurityMindset #cybersecurityPreparedness #cybersecurityResilience #cybersecurityStrategy #EndpointSecurity #enterpriseRiskManagement #enterpriseSecurity #hardwareCompromise #hardwareSecurity #incidentResponse #incidentResponsePlan #ITRiskManagement #ITSecurityPosture #ITSecurityStrategy #Kaseya #maliciousUpdate #MFASecurity #MSPSecurity #networkSegmentation #NotPetya #organizationalSecurity #perimeterBypass #ransomware #riskAssessment #SaaSRisk #securityAudit #securityControls #SOCAnalyst #SOCBestPractices #SOCOperations #softwareSecurity #softwareSupplyChain #softwareUpdateThreat #SolarWinds #supplyChainAttack #supplyChainMitigation #supplyChainRisk #supplyChainSecurityFramework #supplyChainVulnerabilities #thirdPartyCompromise #threatHunting #threatLandscape #trustedVendorAttack #upstreamCompromise #upstreamMonitoring #vendorDependency #vendorRiskManagement #vendorSecurity #vendorTrust #zeroTrust
Wir gratulieren unserem #CISO Stefan Metzger ganz herzlich für den ersten Ernst-Bötsch-Preis der Bayerische Akademie der Wissenschaften. Stefan leitete Stefan die Implementierung eines Managementsystems für #Informationssicherheit, sorgt mit seinem Team für #Sicherheit und unterstützte die Entwicklung des hochschulübergreifenden #ITService Informationssicherheit (HITS IS), der bayernweit Hochschulen schützt: https://tiny.badw.de/2ygoCF
Zero Trust Security Model Explained: Is It Right for Your Organization?
1,135 words, 6 minutes read time.
When I first walked into a SOC that proudly claimed it had “implemented Zero Trust,” I expected to see a modern, frictionless security environment. What I found instead was a network still anchored to perimeter defenses, VPNs, and a false sense of invincibility. That’s the brutal truth about Zero Trust: it isn’t a single product or an off-the-shelf solution. It’s a philosophy, a mindset, a commitment to questioning every assumption about trust in your organization. For those of us in the trenches—SOC analysts, incident responders, and CISOs alike—the question isn’t whether Zero Trust is a buzzword. The real question is whether your organization has the discipline, visibility, and operational maturity to adopt it effectively.
Zero Trust starts with a principle that sounds simple but is often the hardest to implement: never trust, always verify. Every access request, every data transaction, and every network connection is treated as untrusted until explicitly validated. Identity is the new perimeter, and every user, device, and service must prove its legitimacy continuously. This approach is grounded in lessons learned from incidents like the SolarWinds supply chain compromise, where attackers leveraged trusted internal credentials to breach multiple organizations, or the Colonial Pipeline attack, which exploited a single VPN credential. In a Zero Trust environment, those scenarios would have been mitigated by enforcing strict access policies, continuous monitoring, and segmented network architecture. Zero Trust is less about walls and more about a web of checks and validations that constantly challenge assumptions about trust.
Identity and Access Management: The First Line of Defense
Identity and access management (IAM) is where Zero Trust begins its work, and it’s arguably the most important pillar for any organization. Multi-factor authentication, adaptive access controls, and strict adherence to least-privilege principles aren’t optional—they’re foundational. I’ve spent countless nights in incident response chasing lateral movement across networks where MFA was inconsistently applied, watching attackers move as if the organization had handed them the keys. Beyond authentication, modern IAM frameworks incorporate behavioral analytics to detect anomalies in real time, flagging suspicious logins, unusual access patterns, or attempts to elevate privileges. In practice, this means treating every login attempt as a potential threat, continuously evaluating risk, and denying implicit trust even to high-ranking executives. Identity management in Zero Trust isn’t just about logging in securely; it’s about embedding vigilance into the culture of your organization.
Implementing IAM effectively goes beyond deploying technology—it requires integrating identity controls with real operational processes. Automated workflows, incident triggers, and granular policy enforcement are all part of the ecosystem. I’ve advised organizations that initially underestimated the complexity of this pillar, only to discover months later that a single misconfigured policy left sensitive systems exposed. Zero Trust forces organizations to reimagine how users and machines interact with critical assets. It’s not convenient, and it’s certainly not fast, but it’s the difference between containing a breach at the door or chasing it across the network like a shadowy game of cat and mouse.
Device Security: Closing the Endpoint Gap
The next pillar, device security, is where Zero Trust really earns its reputation as a relentless defender. In a world where employees connect from laptops, mobile devices, and IoT sensors, every endpoint is a potential vector for compromise. I’ve seen attackers exploit a single unmanaged device to pivot through an entire network, bypassing perimeter defenses entirely. Zero Trust counters this by continuously evaluating device posture, enforcing compliance checks, and integrating endpoint detection and response (EDR) solutions into the access chain. A device that fails a health check is denied access, and its behavior is logged for forensic analysis.
Device security in a Zero Trust model isn’t just reactive—it’s proactive. Threat intelligence feeds, real-time monitoring, and automated responses allow organizations to identify compromised endpoints before they become a gateway for further exploitation. In my experience, organizations that ignore endpoint rigor often suffer from lateral movement and data exfiltration that could have been prevented. Zero Trust doesn’t assume that being inside the network makes a device safe; it enforces continuous verification and ensures that trust is earned and maintained at every stage. This approach dramatically reduces the likelihood of stealthy intrusions and gives security teams actionable intelligence to respond quickly.
Micro-Segmentation and Continuous Monitoring: Containing Threats Before They Spread
Finally, Zero Trust relies on micro-segmentation and continuous monitoring to limit the blast radius of any potential compromise. Networks can no longer be treated as monolithic entities where attackers move laterally with ease. By segmenting traffic into isolated zones and applying strict access policies between them, organizations create friction that slows or stops attackers in their tracks. I’ve seen environments where a single compromised credential could have spread malware across the network, but segmentation contained the incident to a single zone, giving the SOC time to respond without a full-scale outage.
Continuous monitoring complements segmentation by providing visibility into every action and transaction. Behavioral analytics, SIEM integration, and proactive threat hunting are essential for detecting anomalies that might indicate a breach. In practice, this means SOC teams aren’t just reacting to alerts—they’re anticipating threats, understanding patterns, and applying context-driven controls. Micro-segmentation and monitoring together transform Zero Trust from a static set of rules into a living, adaptive security posture. Organizations that master this pillar not only protect themselves from known threats but gain resilience against unknown attacks, effectively turning uncertainty into an operational advantage.
Conclusion: Zero Trust as a Philosophy, Not a Product
Zero Trust is not a checkbox, a software package, or a single deployment. It is a security philosophy that forces organizations to challenge assumptions, scrutinize trust, and adopt a mindset of continuous verification. Identity, devices, and network behavior form the pillars of this approach, each demanding diligence, integration, and cultural buy-in. For organizations willing to embrace these principles, the rewards are tangible: reduced attack surface, limited lateral movement, and a proactive, anticipatory security posture. For those unwilling or unprepared to change, claiming “Zero Trust” is little more than window dressing, a label that offers the illusion of safety while leaving vulnerabilities unchecked. The choice is stark: treat trust as a vulnerability and defend accordingly, or risk becoming the next cautionary tale in an increasingly hostile digital landscape.
Call to Action
If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.
D. Bryan King
Sources
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
#accessManagement #adaptiveSecurity #attackSurfaceReduction #behavioralAnalytics #breachPrevention #byodSecurity #ciso #cloudSecurity #cloudFirstSecurity #colonialPipeline #complianceEnforcement #continuousMonitoring #cyberResilience #cybersecurityAwareness #cybersecurityCulture #cybersecurityReadiness #cybersecurityStrategy #deviceSecurity #digitalDefense #edr #endpointSecurity #enterpriseSecurity #iam #identityVerification #incidentResponse #internalThreats #iotSecurity #lateralMovement #leastPrivilege #mfa #microSegmentation #mitreAttck #multiFactorAuthentication #networkSecurity #networkSegmentation #networkVisibility #nistSp800207 #perimeterSecurity #privilegedAccessManagement #proactiveMonitoring #proactiveSecurity #ransomwarePrevention #riskManagement #secureAccess #securityAutomation #securityBestPractices2 #securityFramework #securityMindset #securityOperations #securityPhilosophy #siem #socAnalyst #solarwindsBreach #threatDetection #threatHunting #threatIntelligence #zeroTrust #zeroTrustArchitecture #zeroTrustImplementation #zeroTrustModel #zeroTrustSecurity
Headhunter für InfoSec
Frage an die Deutsche InfoSec-Bubble: Wer kann gute Headhunter für InfoSec-Profile (CISA, CISSP, CISM, bis hin zu CISO) empfehlen?
Gerne als Kommentare oder per Direktnachricht.
#InfoSec #InformationSecurity
#Headhunter #CISA #CISSP #CISM #CISO
Pls #reboost
Präventive Sicherheit: Warum Unternehmen jetzt vom Reagieren zum Vorbeugen wechseln müssen
Präventive Sicherheitskonzepte rücken daher verstärkt in den Fokus von CISOs und IT-Verantwortlichen. Doch was verbirgt sich hinter diesem Paradigmenwechsel und wie können Organisationen den Übergang erfolgreich gestalten?
#ciso #CIO #Cyberangriffe #cybersecurity #DNS #ThreatIntelligence
