I've been working on a talk tentatively titled "Myths and Lies in InfoSec" Some of the research I'll be referencing in the talk was inspired by one particular stat: "60% of small businesses go out of business within 6 months of a data breach" How do we know a stat is fake? 🧵⏲️

Cyber 'Home Alone' Part 1: Fight Back with Digital Traps! Canary Tokens are a simple yet powerful tool for cybersecurity, providing alerts when an attacker interacts with a bait file, URL, or service. Perfect for improving your detection capabilities. Watch Adrian Sanabria @sawaba demo a web bug Canary Token in his Free Upskill Challenge (UC), Detection via Deception. buff.ly/NgR873G All 50 UCs are FREE! Try one, try them all. 😉 #Cybersecurity #HackingTips #InfoSec #DigitalForensics #EthicalHacking

ConversingLabs: Adrian Sanabria (@sawaba) on why cyber needs to start learning from its failures. x.com/i/broadcasts/1nxnRRqWv…

Breaches Don’t Kill Companies. Being Unprepared Does (wisdom from @sawaba and @adamshostack). cybrsecmedia.com/breaches-do…

Please check support inbox at terminal dot shop pls @thdxr @adamdotdev @ThePrimeagen @teej_dv @iamdavidhill i need help with my subscription pleeeeeease ordering coffee over SSH was hilarious, did it live on a podcast, but it won't let me manage my subscription

🛡️ Securing access to data alone is no longer enough in an AI-driven world. On this @SecWeekly episode learn what is driving renewed interest in hybrid architectures and how a #SASE platform is adjacent to #DSPM and vice-versa. bit.ly/49WS9wi #SkyhighSecurity #AI

ICYMI: Mandiant’s Principal Security Consultant Ryan Fried and @Google’s Principal Strategic Security Consultant José Toledo joined @SecWeekly podcast to explore how cyberattacks can derail organizational spending—and (cont) bit.ly/4pYHZRH

Why does security keep failing despite massive investments in tools and compliance? Adrian Sanabria (@sawaba), Principal Researcher at The Defenders Initiative and Main Host of Enterprise Security Weekly (@secweekly), explores this uncomfortable truth in our latest episode of the Be Fearless Podcast. Adrian discusses with @JohnCarse why checklist-focused security keeps defenders behind, how cyber insurance might force real change, and why AI has become the attacker's number one accomplice in 2025. Hear the conversation: open.spotify.com/episode/5FS… #cybersecurity #browsersecurity #enterprisesecurity

Exposure is everywhere now — cloud, SaaS, IoT, shadow IT, vendors you don’t control. Replay the @SCMagazine webcast with @sawaba, @hdmoore & @todb to learn why continuous discovery matters and how attackers exploit what you can’t see. 👉 runzero.com/resources/asm-co…

Another Controversial Point Of View That I agree with

📺 Live webcast Dec 3 with @SCMagazine! Your attack surface doesn’t end at the firewall. Join @hdmoore, @todb, and @sawaba to learn how continuous discovery attack path mapping keeps you ahead. 👉 scworld.com/cybercast/attack…

Your attack surface is sprawling & full of blind spots. 🎥 On Dec 3 at 2 PM ET, @SCMagazine brings together @hdmoore, @todb, & @sawaba to reveal how to operationalize attack surface management without losing your mind. 👉 Register here: scworld.com/cybercast/attack…

Why does security keep failing despite massive investments in tools and compliance frameworks? Adrian Sanabria (@sawaba), Principal Researcher at The Defenders Initiative and Main Host of Enterprise Security Weekly (@SecWeekly), explores this uncomfortable truth in our latest episode of the Be Fearless Podcast. Adrian discusses with @JohnCarse why focusing on checklists keeps defenders perpetually behind, how cyber insurance might force real change in security practices, and why AI has become the attacker's number one accomplice in 2025. He also covers prompt injection attacks as the next big problem, using frameworks correctly to guide decisions, and why CISOs must avoid the "hoarding" mindset. Watch now: youtu.be/n79YY-pqwBA #cybersecurity #browsersecurity #enterprisesecurity

Wait..there’s more. If you liked @sawaba piece ‘ A Market for Lemonade’, this insightful piece expands on it. The very astute Adrian writes that much of the funding in #cybersecurity industry is going to the lemonade makers. And that is not a good thing. defendersinitiative.substack…

When evaluating, buying & using #infosec products, it can be difficult to determine how well they work. You can discover #cybersecurity products that weren’t even functional after deployment. Cybersecurity - A Market for Lemonade, by the brilliant @sawaba. defendersinitiative.substack…

🎙️ Join @hdmoore, @todb & @sawaba for a live @SCMagazine webcast: “Fixing a Broken System: Why Legacy Vulnerability Management Tools Can’t Keep Up” Learn what’s next for exposure & attack surface management. 📅 Oct 29 ⏰ 2 PM ET 🔗 scworld.com/cybercast/fixing…

🆓New Upskill Challenge🆓 Deception is an overlooked opportunity in SecOps! @sawaba intros how honeypots & honeytokens can be used as cheat codes for detection engineering. justhacking.com/uc/uc-detect… There’s a common phrase Adrian finds annoying: "Attackers only have to get it right once; defenders have to get it right every time." Not only is this sentiment untrue, it’s also demotivating and defeatist. This phrase is only correct for the first step of the attack. Following that, the power balance flips, as the attacker is in the defender’s house. Much like Kevin in Home Alone, there’s no reason the attacker should have an easy time. Once in the defender’s environment, it is the attacker that has to evade detection 100% of the time, and the defender only needs to detect the attacker once. What’s an Upskill Challenge (UC)? A UC is a free, bite-sized lesson from the JHT Team, our courseware developers as well as “friends” of JHT. They are meant to be short and to the point. UCs focus on a single tool or concept and are helpful in quickly providing useful skills that might be prerequisites for other types of educational content on the platform. Did we mention that they're FREE!? 🤯 Just Hacking Training is a platform providing "Focused Technical Training for All Levels" in 70 affordable, hands-on options in 4 categories: Courses, Free Upskill Challenges, Hack-Alongs and CTFs. Wherever possible, JHT includes cloud-based, cyber ranges to safely practice what is taught. With new content released twice a month throughout 2025, bi-monthly livestreams with John Hammond and our All-Star contributors and even some “Name Your Price” options, JHT will advance your career regardless of experience level or budget.

This Cybersecurity Company is Moving Like a Startup Rocket 🚀 #shorts Watch the full episode here: securityweekly.com/esw401 @sawaba @coffeewithayman @PyroTek3 @cyberriskall @SCMagazine

📺 Live Webcast: Fixing a Broken System 📅 Oct 29 • 2PM ET Legacy vuln mgmt leaves 25–40% of assets invisible. Join @hdmoore, @todb & @sawaba as they unpack blind spots, failed scans, & what’s next. 👉 scworld.com/cybercast/fixing…