Information security: Smarter Security Designed With You In Mind. AppSec, Risk Management, HoneyPoint, PCI DSS.
Joined February 2010
- Tweets 6,661
- Following 543
- Followers 513
- Likes 28
2,063 Photos and videos
“If you cannot name who controls email, payments, and recovery, you do not have control.”
#smallbusiness #cybersecurity #startup
7
"This e-book extends that work into AI-agent governance, with a focus on practical controls for identity, access, oversight, auditing, and enterprise operating model design." lttr.ai/AsDAI
#Security #Infosec #Ai
12
"Uncensored and Criminal LLMs: While tools like WormGPT and FraudGPT exist to bypass ethical guardrails, actors are increasingly moving toward locally hosted, open-source unaligned models to avoid API kill switches and monitoring." lttr.ai/AsBu9
#Security #Infosec
27
I get this question a lot from people in my neighborhood, at parties, and from my clients: "What the heck is a passkey, and should I use it?" - Here is the short, user-friendly answer, and if you keep reading, the long technical answer. lttr.ai/AsCMX
#password
14
The rapid escalation of AI-driven zero-day phishing attacks means that defenders have a narrower window to react, necessitating robust response systems to address cybersecurity challenges effectively.
Read more 👉 lttr.ai/AsCFs
#Security #Infosec #Ai
9
We help organizations assess their current evidence supply chain, identify the gaps that would matter most during a cyber incident, and build practical, defensible processes for escalation, board reporting, and materiality support.
Read more 👉 lttr.ai/AsApU
5
Attackers abuse MCP to connect AI agents to traditional penetration testing tools, creating highly adaptive attack orchestration.
Read the full article: Rational Security in the AI Era: How Attackers Are Evolving and How We Must Respond
▸ lttr.ai/Ar8bZ
#Security
10
If your organization is integrating LLMs with internet content, APIs, or automated workflows, prompt injection risk needs to be part of your threat model.
Read more 👉 lttr.ai/Ar8Jk
#Security #Infosec #Ai
11
Blind to session risk — session tokens are often unmonitored, allowing token theft and session hijacking to go unnoticed.
Read more 👉 lttr.ai/Ar7Fw
#Infosec #Security #EmergingThreats
13
The application of least privilege access is a cornerstone of zero trust architecture, aimed at minimizing security breaches through precise permission management.
Read more 👉 lttr.ai/Ar22K
#Security #Infosec #Architecture
9
That is not surprising, because some of my agents monitor discussions around LLM threats and AI security
Read the full article: Why My AI Agents Needed CaneCorso as a Security Control Plane
▸ lttr.ai/AryUl
#Security #Infosec #Ai
18
"Jailbroken Commercial LLMs: The dominant attacker tooling is not purpose-built criminal AI, but jailbroken access to legitimate commercial models via prompt injection and API abuse." lttr.ai/AryNI
#Security #Infosec #AIAndMachineLearning
30
Map owners, systems, vendors, data types, telemetry, financial dependencies, legal triggers, and evidence gaps.
Read more 👉 lttr.ai/Arvpx
#incidentresponse #Security #Infosec
6
"That may not yet support a final materiality conclusion, but it may absolutely support executive escalation, legal review, and board risk chair notification." lttr.ai/ArvEj
#Security #Infosec #Howto
8
SYR = Confirmed Incidents / Total Alerts (per detection family)
Read more 👉 lttr.ai/Artrf
#Security #Infosec #Alerts
14
What makes me most proud after all these years in the space isn’t the audits passed or tools deployed — it’s the teams we’ve helped become great.
Read more 👉 lttr.ai/Artlq
#Security #Infosec #Mentoring
9
Agentic AI is not a fad — it’s a structural shift in how automation works.Enterprises that prepare now will weather the change.
Read more 👉 lttr.ai/Arsr6
#Security #Infosec #Ai
12
MSI works with leadership teams, security teams, legal stakeholders, and risk committees to turn cyber risk from a collection of disconnected technical signals into decision-ready business evidence.
Read more 👉 lttr.ai/AroeH
#incidentresponse #Security #Infosec
17
MSI can help VC & PE firms assess the cybersecurity of target firms even before they are approached for investment. lttr.ai/ArjmS
#M&A #VentureCapital #PrivateEquity
30
“Small-business security fails in boring ways first.”
Read the full article: The Small Business Security Exposure Audit: Find Your Biggest Risks Before Attackers Do
▸ lttr.ai/ArjDj
#smallbusiness #cybersecurity #startup
5