James R. McQuiggan, CISSP, SACP

Another breach, another reminder:
✅ Was I expecting this?
✅ Is the request unusual?
✅ Can I verify it another way?
If not—don’t click. Don’t reply. Report it.
Stay skeptical. Stay secure. #Cybersecurity #Phishing #AIThreats
www.msn.com/en-us/money/...

Checkups and Checklists: Cyber Risk Isn’t Just a Technical Problem There are many things in our lives we must prepare for to be ready. For other things, we wing it, or we're not prepared to deal with it at the moment.

🔒 What does a colonoscopy teach us about cybersecurity? Spoiler: Both require uncomfortable preparation and catching invisible risks before they become disasters. Why cyber risk is really about human behavior ⬇️
blog.knowbe4.com/checkups-and...

Would you open the front door to a stranger? Then why trust a random caller? If you weren’t expecting the call, hang up and verify. It’s not rude—it’s smart. #CyberSecurity #Vishing #ThinkBeforeYouPickUp #HumanRisk #SocialEngineering
www.cpomagazine.com/cyber-securi...

AI coding tools enhance productivity, but "vibe coding" risks unleashing insecure code into the wild. Organizations need to prioritize security education for devs! 🌟 Read more: www.darkreading.com/application-...

Shadow AI is Shadow IT's dangerous cousin 👑 Your team uses ChatGPT to boost productivity, but feeds sensitive data to systems you don't control. Bans don't work - governance does. Read more: technewsworld.com/story/it-pro...

White House Health Report Included Fake Citations

Hmmm, I wonder if an LLM hallucinated the citations for their report?!

www.nytimes.com/2025/05/29/w...

What a Cruise Show Revealed About Cybersecurity Challenges Discover how a cruise juggler's performance mirrors the daily balancing act of cybersecurity professionals. Learn key takeaways for success!

Saw a juggler on a cruise balancing bottles and juggling pins while chatting with the crowd.
Felt like watching a CISO. Cybersecurity is a balancing act and here’s what we can learn from the stage. 🎪🔐
👉 jamesmcquiggan.com/2025/05/30/m...
#Cybersecurity #CISO #SecurityCulture

User Awareness Training Must Be Cybersecurity Investment No. 1 For small and rural towns and counties, cybersecurity awareness training is the lowest of the low-hanging fruit when it comes to achieving cyber resilience.

User Awareness Training Must Be Cybersecurity Investment No. 1

The FBI alerts us to malware targeting outdated routers, emphasizing the need for proactive hardware upgrades. Don't wait for a breach! Invest in your devices' lifecycle.
🔒🌐 Read more: www.ic3.gov/CSA/2025/250...

OT Systems Exposed to Basic Hacks, CISA Warns The Cybersecurity and Infrastructure Security Agency is warning that critical infrastructure operators remain vulnerable to low-skill cyberattacks targeting OT

8 years after NotPetya, basic attack methods are still used.CISA warns that OT systems are still wide open to stolen creds, unpatched flaws, and sloppy remote access. This isn’t advanced tradecraft. It’s failure to cover the basics.
👉 buff.ly/AtqTMbS
#OTSecurity

The LockBit ransomware gang has been hacked, exposing negotiations with victims, revealing that even criminals can overlook security vulnerabilities. Always patch!
www.bleepingcomputer.com/news/securit...
#CrimeIsBad #YouGotToPatchIt

Is Security Awareness dead? Not if I can help it!
Catch me at #NJSECON as I unpack how AI is changing the game & why we must evolve into Human Risk Management. Fewer slides, more laughs, stronger firewalls.
www.njsecon.org

Agentic AI doesn’t need intent to cause damage. When systems act on flawed data or conflicting goals, the outcome can be chaos. CISOs must align innovation with oversight—because misalignment, not malice, is the real risk. #AI #Cybersecurity #CISO
www.darkreading.com/vulnerabilit...

10 passkey survival tips: Prepare for your passwordless future now Although passkeys remain an evolving ecosystem, we'd be wise to embrace tomorrow's authentication standard today. Here are ZDNET's 10 recommendations for reaching passkey paradise.

Still holding onto passwords like it’s 1999? 🕹️ Time to ditch the sticky notes—passkeys are here to level up your digital security. 🔐 Read on for smart tips that prep you for the passwordless future. #Cybersecurity #Passkeys
www.zdnet.com/article/10-p...

Cybersecurity Lessons from Star Wars: May the 4th Be With You Explore the parallels between Star Wars and cybersecurity, uncovering vital lessons on security, insider threats, and endpoint controls.

The Empire didn’t fall because of the Force. It fell from bad security. I break down Star Wars and cybersecurity in my latest blog—Rogue One, R2-D2, stormtroopers, and real-world breaches. No fluff. Just facts.
🔗 jamesmcquiggan.com/2025/05/04/c...
#CyberSecurity #StarWars

Secrets leaks increase — and expand beyond the codebase Organizations that assume secrets protection is solely about scanning public repositories and codebases for API keys, passwords, and tokens may be overlooking a major blind spot.

Secrets in Slack & Jira can be riskier than code leaks. No scans. No reviews. Just fast creds shared to “get it done.” Treat these tools like code: scan them, train users, and build safer habits. Convenience shouldn’t cost you security. #infosec

🛡️ Stay informed and share this insight with your networks to promote greater awareness about phishing tactics!

How do you ensure that you stay vigilant against such opportunistic threats? 🤔
#CyberSecurity #Phishing #Awareness #StayVigilant #DataProtection #CyberAwareness #DarkReading

It is critical for individuals & organizations to maintain a healthy skepticism, even in times of crisis. Always verify the sender's authenticity before responding to any communications, especially those involving financial transactions or personal information.
🤔 Remember, if it feels off, it is.

🚀 This incident acknowledges the ongoing trend where cybercriminals take advantage of natural disasters or national events to prey on affected individuals. As people are dealing with the emotional & difficult fallout from such events, they may be less cautious, creating a perfect storm for attacks.

🚨Phishers are capitalizing on the Iberian blackout, targeting Portuguese and Spanish speakers by masquerading as Portugal's national airline offering compensation for disrupted flights.

Testimony Before the U.S.-China Economic and Security Review Commission: Protecting U.S. Energy Infrastructure from Strategic Risks — AMPYX CYBER On April 24, 2025, Patrick Miller testified before the U.S.-China Economic and Security Review Commission on the growing cybersecurity and supply chain risks facing U.S. energy infrastructure.

Critical infrastructure security is no longer optional. It’s strategic. 🔒
✅ Design for resilience, not just prevention.
✅ Plan for disruption and recovery.
Energy resilience = National resilience
👉 Patrick's Testimony:

In this episode of the Cyber Executive Podcast, host Marc Ashworth speaks with James McQuiggan, a security awareness advocate at KnowBe4, about the growing t... Ep 12: Deep Fakes and Security Awareness with James McQuiggan of KnowBe4

How ready are you for the rise of deep fakes in cybersecurity? 🎭 I had a great talk with Marc Ashworth on the Cyber Executive Podcast about the deepfake threats and what we can do about them. #Cybersecurity #AI #DeepFakes

Seeing deepfakes rise fast, what’s one way your team is getting ready?
404 Article: buff.ly/J4Z5Bqi
Dark Reading Article: buff.ly/3YGEuQV

If you had a deepfake incident tomorrow, would your security team:
✔️ Detect it?
✔️ Know how to respond?
✔️ Limit the damage?
Or would they scramble, unsure if it was real?
What's ONE change you’re making this year to prepare for deepfake threats?

Would your staff question a call or video from the CEO asking for urgent action?
Would they know how to verify it without slowing down business? Think gift-card scams
Attackers are banking on the answer being no.
How are you teaching your teams to verify, not just trust?

Can your team spot a deepfake in real time?
If not, you’re not alone. Real-time deepfake scams are already targeting businesses today. (404 Media)
And with AI automation and dark web marketplaces, it's only getting easier for attackers. (Dark Reading)
Let's break it down 🧵

JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference The doors to the RSA Conference 2025 swing open here this week with two competing narratives as AI evangelism sets an unmistakable tone for the conference.

JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference - SecurityWeek

FBI Asks for Help Tracking Chinese Salt Typhoon Actors The US authorities have asked the public to help them unmask China’s Salt Typhoon threat actors

It’s concerning that the FBI’s workforce may be impacted by layoffs, possibly limiting their capacity to respond effectively to these threats.
www.infosecurity-magazine.com/news/fbi-hel...

🛳️ I'm Speaking at CruiseCon West 2025 on DEEP FAKE DETECTION! Can your team spot AI that mimics your C-suite? Join me & cybersecurity leaders like Robert Bigman on this floating conference. Prices go up May 1! #CyberCruise Use IRA10 to register here: buff.ly/GA1Z4Ce

Network Security: Lessons from Gardening for Better Protection Discover how managing network security is like gardening. Learn to prune vulnerabilities and cultivate a resilient cybersecurity environment.

🌱 Growing strong network security is like gardening — it takes patience, resilience, and pulling a few weeds.
New blog post: [https://jamesmcquiggan.com/2025/04/26/growing-network-security-lessons-from-gardening/]
What's your best "security gardening" tip? 🌻