I'm retiring as of tomorrow, so this work account will be going dark. (It seems likely I'll do some freelance work in 2026, so I'm not shutting down the acct. But I'm taking it easy a few months.)
I do have a personal account here, but it seems weird to post the link. Feel free to DM me, though.
27.08.2025 14:41 β π 0 π 0 π¬ 0 π 0
10 Major GitHub Risk Vectors Hidden in Plain Sight
By addressing these overlooked risk vectors, organizations can continue leveraging GitHub's innovation while protecting against sophisticated supply chain attacks targeting interconnected software.
New on @darkreading.bsky.social, commentary by Liad Cohen and Eyal Paz, OX Security: "By addressing these risk vectors, organizations can continue leveraging GitHub's innovation while protecting against the sophisticated supply chain attacks targeting our interconnected software ecosystem."
19.08.2025 14:23 β π 0 π 0 π¬ 0 π 0
How Evolving RATs Are Redefining Enterprise Security Threats
A more unified and behavior-aware approach to detection can significantly improve security outcomes.
New on @darkreading.bsky.social, commentary by Aditya K. Sood, VP of Security Engineering & AI Strategy, Aryaka: "Today's RATs don't just exploit technical vulnerabilities. They also take advantage of the blind spots created by how enterprise architects establish their security environments."
18.08.2025 14:38 β π 0 π 0 π¬ 0 π 0
Using Security Expertise to Bridge the Communication Gap
Cybersecurity-focused leadership delivers better products and business outcomes.
New on @darkreading.bsky.social, commentary by Ivanti's Field CISO Mike Riemer: "When security becomes part of the development culture rather than an external constraint, teams start thinking about security implications naturally as they build features."
15.08.2025 14:47 β π 0 π 0 π¬ 0 π 0
The Critical Flaw in CVE Scoring
With informed decision-making, organizations can strengthen their overall resilience and maintain the agility needed to adapt to emerging threats, without sacrificing innovation or productivity.
New on @darkreading.bsky.social, commentary by Ofri Ouzan, Security Researcher & Advocate, JFrog: CVE scoring systems "often fail to account for the unique context of each organization's environment. As a result, teams risk focusing on theoretical risks while genuine threats may be overlooked."
11.08.2025 15:24 β π 0 π 0 π¬ 0 π 0
Redefining the Role: What Makes a CISO Great
Security is everyone's responsibility, but as a CISO, it starts with you.
New on @darkreading.bsky.social, commentary by Lane Sullivan, Chief Information Security & Strategy Officer, Concentric AI: "Being a CISO today is a balancing act of strategic leadership, financial literacy, technical expertise, and human connection, regardless of [company size]."
11.08.2025 15:21 β π 0 π 0 π¬ 0 π 0
Will Secure AI Be the Hottest Career Path in Cybersecurity?
Securing AI systems represents cybersecurity's next frontier, creating specialized career paths as organizations grapple with novel vulnerabilities, regulatory requirements, and cross-functional deman...
New on @darkreading.bsky.social, commentary by Melina Scotto, Founder, Mastin & Associates: "Consider securing AI as your next career opportunity to transform challenges into a strategic advantage and build cyber resilience in a rapidly changing, AI-enabled, digital world."
11.08.2025 15:19 β π 0 π 0 π¬ 0 π 0
Building the Perfect Post-Security Incident Review Playbook
By creating a safe environment for open discussion, prioritizing human context alongside technical data, and involving diverse stakeholders, organizations can turn security incidents into accelerators...
New on @darkreading.bsky.social, commentary by Pritesh Parekh, CISO, PagerDuty: "In an era where cyber threats are increasingly sophisticated and pervasive, the importance of post-incident security reviews cannot be overstated." Get tips on organizing your own reviews.
05.08.2025 15:53 β π 0 π 0 π¬ 0 π 0
Why the Old Ways Are Still the Best for Most Cybercriminals
While the cybercrime underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020.
New on @darkreading.bsky.social, commentary by Trend Micro's Jon Clay: "While the cybercriminal underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020."
05.08.2025 15:49 β π 0 π 0 π¬ 0 π 0
Black Hat News
Black Hat News
Get the latest news from Black Hat this week. www.darkreading.com/keyword/blac...
05.08.2025 15:27 β π 0 π 0 π¬ 0 π 0
Scoop: CISA's contract with ICF has expired, reducing the JCDC's contractor workforce from 100+ to just 10. CISA can use emergency money & 2-week extensions to keep those 10 around, but only through Sept. Other contracts also caught up in huge backlog. www.cybersecuritydive.com/news/cisa-jo...
30.07.2025 14:53 β π 19 π 13 π¬ 2 π 1
How to Spot Malicious AI Agents Before They Strike
The rise of agentic AI means the battle of the machines is just beginning. To win, we'll need our own agents β human and machine β working together.
New on @darkreading.bsky.social, commentary by Alisdair Faulkner, Darwinium: "We must accept that malicious agents will often appear legitimate β and gain access. Defending against them requires speed, but not at the expense of paralyzing online commerce."
30.07.2025 19:49 β π 0 π 0 π¬ 0 π 0
The CrowdStrike Outage Was Bad but Could Have Been Worse
A year after the largest outage in IT history, organizations need to make an active effort to diversify their technology and software vendors and create a more resilient cyber ecosystem moving forward...
New on @darkreading.bsky.social, commentary by Roger Cressey, Mountain Wave Ventures: "As we reflect on the anniversary of the largest outage in IT history, organizations everywhere need to make an active effort to ... create a more robust and resilient cyber ecosystem moving forward."
30.07.2025 19:44 β π 0 π 0 π¬ 0 π 0
Securing the Budget: Demonstrating Cybersecurity's Return
By tying security investments to measurable outcomes β like reduced breach likelihood and financial impact β CISOs can align internal stakeholders and justify spending based on real-world risk.
New on @darkreading.bsky.social : "By tying security investments to measurable outcomes β like reduced breach likelihood and financial impact β CISOs can align internal stakeholders and justify spending based on real-world risk." Commentary by Kara Sprague, CEO, HackerOne
24.07.2025 20:58 β π 0 π 0 π¬ 0 π 0
Translating Cyber-Risk for the Boardroom
When security leaders embrace this truth and learn to speak in the language of leadership, they don't just protect the enterprise, they help lead it forward.
New on @darkreading.bsky.social: "Many CISOs still find themselves speaking a technical language that fails to resonate with other leaders. Technical terms often fall flat in boardrooms more concerned with revenue growth and brand reputation." Commentary by Ashley Rose, Living Security
24.07.2025 20:55 β π 0 π 0 π¬ 0 π 0
How Criminal Networks Exploit Insider Vulnerabilities
Criminal networks are adapting quickly, and they're betting that companies won't keep pace. Let's prove them wrong.
New on @darkreading.bsky.social: "Today's insider threats aren't lone wolves acting out of spite β they're pawns in the hands of sophisticated, organized criminal networks." Commentary by Rob Juncker, Mimecast
24.07.2025 20:52 β π 0 π 0 π¬ 0 π 0
3 Ways Security Teams Can Minimize Agentic AI Chaos
Security often lags behind innovation. The path forward requires striking a balance.
New on @darkreading.bsky.social: "Agentic AI could be a disaster for authorization systems in software-as-a-service (SaaS) platforms as we know them today. But it doesn't have to be, if security and IT teams address the challenges proactively." Commentary by Josh Lemos, GitLab. chaos
24.07.2025 20:44 β π 0 π 0 π¬ 0 π 0
My new story about the U.S. governmentβs fraying partnerships with critical infrastructure operators is packed with new reporting, but thereβs a lot more that I couldnβt fit into the story.
Here are some more details from my interviews over the past few weeks about where things standβ¦
27.06.2025 16:03 β π 47 π 21 π¬ 3 π 5
Generative AI Exacerbates Software Supply Chain Risks
Malicious actors are exploiting AI-fabricated software components β presenting a major challenge for securing software supply chains.
New on @darkreading.bsky.social: "The software development ecosystem needs clear requirements for AI transparency and a dedicated risk-disclosure framework. This framework should document key attributes such as training data sources, model versions, known limitations, and security features."
25.06.2025 16:13 β π 0 π 0 π¬ 0 π 0
New: Trump's federal workforce chaos is upending govt partnerships with U.S. critical infrastructure operators, jeopardizing work to protect vital services like healthcare and water from hackers & natural disasters.
My @cybersecuritydive.bsky.social⬠story: www.cybersecuritydive.com/news/critica...
25.06.2025 15:56 β π 171 π 96 π¬ 6 π 16
A CISO's AI Playbook
In a market where security budgets flatten while threats accelerate, improving analyst throughput is fiscal stewardship.
New on @darkreading.bsky.social: "Taking senior analysts out of repetitive triage loops gives them space to apply judgment, creativity, and curiosity to the harder problems." Erick Wille, CISO, Cabinetworks www.darkreading.com/vulnerabilit...
23.06.2025 14:08 β π 0 π 0 π¬ 0 π 0
How CISOs Can Govern AI & Meet Evolving Regulations
Security teams are no longer just the last line of defense β they are the foundation for responsible AI adoption.
New on @darkreading.bsky.social: "As AI transforms how enterprises operate, a new mandate [for CISOs] has emerged: Govern its use responsibly, end to end." Commentary by Ben de Bont, CISO, ServiceNow www.darkreading.com/vulnerabilit...
18.06.2025 14:23 β π 0 π 1 π¬ 0 π 0
Foundations of Cybersecurity: Reassessing What Matters
To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands.
New on @darkreading.bsky.social: "To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands." Brent Stackhouse, Vice President of Security & GRC, WP Engine
17.06.2025 16:31 β π 0 π 1 π¬ 0 π 0
Operation Endgame: Do Takedowns & Arrests Matter?
Cybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals.
New on @darkreading.bsky.social: "Cybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals. What, then, should we pursue? Everything. Everywhere. All at once. And always." James Shank, Director, Threat Operations, Expel
17.06.2025 16:28 β π 0 π 0 π¬ 0 π 0
Generative AI is helping hackers write better malware, phish more convincingly,Β and seed open-source repositories with backdoors, a Gartner expert said at the company's security conference on Monday. www.cybersecuritydive.com/news/ai-cybe...
10.06.2025 15:00 β π 9 π 4 π¬ 0 π 0
SSH Keys: The Powerful Credential You Probably Ignore
SSH keys enable critical system access but often lack proper management. This security blind spot creates significant risk through untracked, unrotated credentials that persist across your infrastruct...
New commentary on @darkreading.bsky.social: "SSH keys aren't going anywhere. But unmanaged keys are a risk your organization doesn't need to take. Start by treating them like what they are: powerful credentials that deserve serious oversight."
10.06.2025 15:02 β π 0 π 0 π¬ 0 π 0
Next-Gen Developers Are a Cybersecurity Powder Keg
AI coding tools promise productivity but deliver security problems, too. As developers embrace "vibe coding," enterprises face mounting risks from insecure code generation that security team...
New on @darkreading.bsky.social: "Next-gen developers are crucial, and now is the time to ready the development cohort to leverage AI effectively and safely." Pieter Danhieux, CEO, Chairman & Co-Founder, Secure Code Warrior
09.06.2025 16:21 β π 0 π 0 π¬ 0 π 0
New: CISA has already lost ~1,000 employees to Trump's workforce purge, with the marquee Cybersecurity Division hit hard and many departures from the agency's field force of local cyber advisers. www.cybersecuritydive.com/news/cisa-de...
Confirming @samsabin.bsky.socialβ¬'s scoop.
04.06.2025 15:36 β π 20 π 16 π¬ 1 π 1
New: Broad coalitions of cyber firms, think tanks, former govt officials, and experts are backing Trump's nominees for CISA director and national cyber director, a sign of the perceived urgency of filling a leadership void. Confirmation hearing is Thursday. www.cybersecuritydive.com/news/trump-c...
03.06.2025 16:15 β π 6 π 2 π¬ 1 π 1
Cybersecurity reporter at Bloomberg News in DC. Signal: @howelloneill.01, email: patoneill1@bloomberg.net https://www.bloomberg.com/authors/AXb8dLPHBFc/patrick-howell-oneill
Bridgy Fed (https://fed.brid.gy/) bot user for the fediverse. To bridge your Bluesky account to the fediverse, follow this account.
To ask a fediverse user to bridge their account, send their address (eg @user@instance) to this account in a chat message.β¦
Co-leader OWASP Cornucopia. If you like what we do for open source, visit our code repository https://github.com/OWASP/cornucopia and give us a star β
π Β«Difference is of the essence of humanityΒ» π¦ β John Hume
#appsec #owasp #cornucopia #threatmodeling
Senior reporter at @CybersecurityDive.bsky.social covering all things digital security. I also co-host Hoth Takes. | Send me tips: bit.ly/contactejg
The unholy alliance between information security and cynicism wrapped up in storytelling and videos. www.JavvadMalik.com
Sole founder of Host Unknown
People, Software, Education, Business, Logistics, Music, Sports #ReggaeBoyz #AstonVilla #Knicks #Yankees #Giants
Mostly links, mostly technology, progressive politics, science fiction/fantasy and history. Also, jokes, memes, vintage photos and ads. I'm a San Diego resident and expatriate Long Islander.
PR: Emerging Tech Companies #cybersecurity #analytics #IoT #security #cyber #risk #ICS #insiderthreat #cyberattack #AI #BigData #Cloud #multicloud #hybridcloud #Data #fraud #Kubernetes #K8s #VC #startups #appsec #IAM #identity #management #infosec
20+ years in cybersecurity β’ currently @grayloginc β’ in Boulder, CO β’ Lets talk music, movies, Warriors, Raiders, CU Buffs
Security engineer by day, a sarcastic moron also by day. PNW. Dog owner. I can make a really good cookie. People think Iβm humorous.
VP of Engineering Nudge Security @nudgesecurity.bsky.social - Technologist, developer, husband and father. Geeky for #cybersecurity, #identity, #privacy, #ai, #ml. Startups! https://www.nudgesecurity.com
Field CISO & traveler. Cybersecurity nerd with a passport. Exploring AI, philosophy of tech, culture, and the messy human places in between.
cybersecurity weather man. scanning the horizons for cloudy cyber. Expert at nothing except computer rubbish. Anti-ransomware since 2015.
Aka @c_c_krebs over there
I cover digital threats for NBC News. Tip me! @kevincollier.01 on signal, kevin.collier@nbcuni.com. NYC, from West Virginia.
Journalist covering cybersecurity and enterprise information technology.
Contributing writer: Dark Reading
https://authory.com/JeffreySchwartz
www.linkedin.com/in/jeffaschwartz
Leadership, digital strategy, civics, writing, speaking. He/Him. βDonβt mistake kindness for weaknessβ and other rules for work and life.
Ramblings of a Mad Englishman: Hacker @ BBC's Real Hustle & Mr Robot. Head of Sec @ DEF CON. Founder @ CTI-League, Ransomware Taskforce, w00w00, CDC NSF, (He/Him).
Also
Twitter @marcwrogers
Mastodon cj@chaos.social
