Former NSA analyst. 2x CISO. Now I deepfake people on stage and teach business leaders to stop getting hacked. Founder, Vaughn Cyber Group
Joined July 2009
- Tweets 5,942
- Following 216
- Followers 211
- Likes 1,983
278 Photos and videos
Jun 10
OpenAI just admitted prompt injection isn't getting fixed. Companies are wiring AI agents into production anyway. "We have an AI policy" is the new "we passed the audit." A document nobody tested is not a control.
loravaughn.com/blog/we-have-…
18
Jun 8
No-code platforms won't sign a BAA. That's not a bug you can patch. The second real patient data lands there, the product is outside the law. The only vendor question that matters: who will sign next to your liability?
loravaughn.com/blog/your-no-…
3
May 26
CISA's contractor just published the agency's AWS GovCloud keys to a public GitHub repo. Your vendor program probably has the same exposure. You're just not famous enough for Congress to notice.
24
May 12
275M students. 8,809 schools. One platform.
ShinyHunters didn't get smarter. They keep hitting the aggregators because that is where the leverage lives.
Look at your own stack.
29
May 8
Two AI models just cleared a 32-step attack chain end to end. Your tabletop still assumes a human attacker. That's the gap.
1
4
May 7
One employee. One OAuth click. One breach.
Vercel got hit because someone clicked Allow All on an AI tool. That token sat dormant, then got used.
Pull your OAuth app list. Today.
12
May 6
Your vendor questionnaire probably doesn't ask which apps have OAuth access into your customer data.
That's where 4th party risk actually executes.
loravaughn.com/blog/your-ven…
1
14
Mar 17
I am a cybersecurity professional. My home network was a disaster.
30 unlabeled cables. 2 keystone jacks that connect to nothing. 2 floors of cable going nowhere. This is exactly what I walk into after an incident. loravaughn.com/blog/i-spent-…
7
Mar 10
Tomorrow I’m deepfaking myself live at Birmingham AI Security Breakout.
I’ll show you the prompts, the tool, and the 30 minutes it took.
Then we’ll talk about what you can do about it starting tomorrow.
#BirminghamAI #Cybersecurity #Deepfakes #AI eventbrite.com/e/security-bi…
11
Mar 5
$25 million. That’s what one company lost to a deepfake video call.
The finance worker thought he was talking to the CFO. He wasn’t.
March 11, I’m doing a live deepfake demo at Birmingham AI Security Breakout
#BirminghamAI #Cybersecurity #Deepfakes #AI eventbrite.com/e/security-bi…
17
Mar 3
Your phone rings. Your kid is crying, screaming for help. A voice demands ransom.
Your child’s voice is real. The kidnapping is not.
These calls are happening now.
I’m covering what to do about it at the Birmingham AI Security Breakout on March 11.
eventbrite.com/e/security-bi…
27
18 Sep 2025
Security professionals are pessimists about everything... except our own programs.
New vulnerability? Assume breach. Phishing email? Domain takeover.
But when it comes to OUR IR plans? Suddenly we're optimists.
🧵 1/3
1
22
18 Sep 2025
OUR backups are segmented." "OUR team will be available." "OUR plan will work perfectly."
It's like we have a blind spot the size of our own infrastructure.
This psychological quirk has real consequences.
2/3
1
21
18 Sep 2025
That nagging "what if?" voice about your IR plan isn't paranoia.
It's your pessimist brain trying to break through optimism bias.
New blog breaks this down: loravaughn.com/blog/when-per…
Speaking @ISC2 Oct 28 - NETWORK25SC for 15% off
3/3 #IncidentResponse
18
Lora retweeted
18 Apr 2023
A big thank you to everyone who came to our panel today about certifications and cybersecurity careers #wicys #wicyscenal #wicyscentralal
1
3
417
17 Mar 2023
Are you looking for interesting work with great people?
Come check out Fastly
If you’re interested, please apply online. No agencies, please
I’m #hiring for two #cybersecurity #leadership positions in my org:
Senior Manager D…lnkd.in/gtkP4URM lnkd.in/g8ggawDF
61
24 Feb 2023
Lots of job opportunities at Fastly. And one on my team!
Senior Penetration Tester
lnkd.in/eCgdG2zM
Apply online, please, if you're interested. lnkd.in/e4d8BNcD
65
2 Dec 2022
2 Dec 2022
So here's the thing. You can only violate people's legal rights and your own word so far before they lawyer up and come after you.
I really do hope Musk changes his mind and does the right thing - the employees deserve that. But it'll be fun as hell if he doesn't.
