vCISO | Published Author | CCP, CISSP, CISM, CRISC, CISA, CCSP. Expertly building resilient security cultures & managing risk. #CISO #InfoSec #Cybersecurity
Joined September 2023
- Tweets 291
- Following 82
- Followers 12
- Likes 7
234 Photos and videos
One encouraging trend in the DBIR: more ransomware victims are refusing to pay. Stronger IR planning, backups, segmentation, and operational resilience investments appear to be making a difference. #CyberSecurity #Ransomware #DBIRđź”—zurl.co/y3qgM
5
The DBIR highlights a sharp rise in “Shadow AI” usage inside organizations. This is becoming less of an AI problem and more of a data governance and DLP challenge. Safe enablement will matter more than outright restriction. #CyberSecurity #AI #DBIR🔗zurl.co/DG9N2
7
The DBIR shows mobile-centric social engineering attacks are outperforming many traditional phishing campaigns. Security awareness training can’t be email-only anymore. Voice, SMS, and helpdesk impersonation are growing risks. #CyberSecurity #DBIR🔗zurl.co/oiNTr
10
Modern ransomware attacks are now communication crises too. Customers & CTI platforms may learn about your breach from the attackers before your company responds. My latest article explores ransomware leak sites, trust, & incident response. đź”— zurl.co/1Yvp7 #Ransomware
19
Modern ransomware attacks are now communication crises too. Customers & CTI platforms may learn about your breach from the attackers before your company responds. My latest article explores ransomware leak sites, trust, & incident response. đź”—zurl.co/6jOgm #Ransomware
12
The DBIR highlights a major shift: third-party breaches are increasingly tied to identity weaknesses like missing MFA, excessive permissions, and credential exposure. Vendor risk is rapidly becoming identity risk. #CyberSecurity #DBIR #ZeroTrustđź”—zurl.co/WZQ0G
1
4
The 2026 DBIR shows vulnerability exploitation is now the top initial access vector. The challenge for many orgs isn’t awareness anymore — it’s scale, prioritization, and operational constraints. Risk-based remediation is critical. #CyberSecurity #DBIR🔗zurl.co/CdP20
3
The Canvas breach has me thinking: prevention‑only security is over. ShinyHunters hit Canvas twice, stealing 3.65 TB of data on ~275M users via weak accounts & loose SaaS access. 🔗 More: zurl.co/6uo7N
#cybersecurity #SaaSsecurity #ZeroTrust #dataprotection #infosec
34
FBI warning: “Kali365,” a Phishing-as-a-Service kit that hijacks MS 365 OAuth tokens, bypasses MFA, & gives persistent access without stealing passwords. Time to tighten app consent, conditional access, & user training. 🔗 zurl.co/c2eza #CyberSecurity #Microsoft365
32
CISA left plain-text passwords, SSH keys, & AWS GovCloud creds in a public GitHub repo for ~6 months (with secret scanning reportedly disabled). If it can happen to the US cyber agency, it can happen to anyone.
#cybersecurity #DevSecOps #GitHubSecurity zurl.co/Em3WP
28
AI voice cloning scams are becoming alarmingly convincing. Criminals can now impersonate loved ones (very easily) during fake emergencies to steal money & sensitive information. Learn the warning signs protection measures. zurl.co/hpOEa #CyberSecurity #AIScams
6
New research shows top AI assistants (Perplexity, Claude, Grok, ChatGPT) send chat URLs, titles & IDs to ad trackers, sometimes exposing full “private” conversations. Time to rethink how we use and govern LLMs? #AIsecurity #privacy #cybersecurity 🔗zurl.co/QLlVN
45
Gartner’s new Hype Cycle for Agentic AI shows how quickly agents are maturing & where expectations are outpacing proven value. Clear takeaways on real capabilities, “agent‑washing,” & the need for governance & skills. #AgenticAI #AIAgents #Gartner🔗zurl.co/6srOq
1
14
Cool stuff - MITRE’s new Fight Fraud Framework (F3) gives fraud cyber teams a shared, behavior-based model of how fraud actors work so you can align investigations and stop fraud before cash-out. 🔗zurl.co/OPOfj #FraudPrevention #CyberSecurity #F3Framework
8
The 2026 AI Index shows how AI is maturing: more incidents, more risk awareness, more regulation, & more $ for responsible AI. The winners will be the ones who bake governance, security, & human impact into the stack now.
#AI #AIGovernance #AISafety đź”—zurl.co/XBry3
6
New data shows just 3 ransomware gangs (Qilin, Akira, Dragonforce) drove 40% of 672 incidents in March, with >50% of victims in the US. Fewer groups, bigger impact. Rethink IR playbooks, social engineering defenses & visibility. đź”—zurl.co/6lp8f #ransomware #RaaS
26
Vibe coding makes anyone a “developer” by chatting with AI—but it also ships injection flaws, broken auth, exposed data, and hallucinated deps into prod at scale. Treat AI as a power tool, not an engineer.
đź”—zurl.co/poC10 #VibeCoding #AppSec #AISecurity #CyberSecurity
20
BlueHammer is a reminder: when researchers report a vuln, silence & dismissal are a choice. Be transparent, responsive, & clear on timelines or risk seeing exploit code dropped on their schedule, not yours. đź”—zurl.co/25sG8 #AppSec #BugBounty #BlueHammer #CyberSecurity
1
54
Claude Mythos Preview: Anthropic says it can find and exploit zero-days, chain bugs, and accelerate both offense and defense. Big takeaway: security teams need to move faster, harden smarter, and prepare now. zurl.co/qc6ok #Cybersecurity #AIsecurity
20
Helpful whitepaper comparing AI discovery methods in the SOC; rules & ML for GenAI-assisted investigation, real-world pros & cons. Clear takeaways on reducing noise, boosting analyst effectiveness, & choosing what actually works. #cybersecurity #AI đź”—zurl.co/RaRVz
1
10