“Flickering screens, a sickly, yellow glow. Humming servers, a constant, low thrum of digital malaise. Alerts screamed into the void, a cacophony of meaningless noise, lost in the echoing expanse of our digital tomb. Playbooks, relics of a forgotten

Icarus, in Greek mythology, son of the inventor Daedalus who perished by flying too near the Sun with waxen wings. 

BALANCE

Throughout my career, I’ve had the opportunity to help many organizations out with operational, tactical, and strategic s

“COBIT is not about security!”

I have heard this statement being said a couple of times about COBIT and for a bunch of different certificates and certifications throughout my career. There is of course truth in this statement as COBIT is not explic

Threat hunting is more than a buzzword. It’s a discipline. A practice. A continuous pursuit of anomalies that might just be lurking beneath the surface. When we talk about Threat Hunting 360, we mean looking at threats from every possible angle. No a

The Basics Never Change

Cybersecurity trends come and go. New threats emerge. Fancy tools promise magic solutions. But ask any seasoned threat hunter, and they’ll tell you—the fundamentals are what keep organizations safe. The problem? Too many peopl

Exploring Cybersecurity's Stressful Side

Hey there, cyber defenders! Ever feel like you're in a never-ending game of whack-a-mole? You're not alone. Let's take a moment to talk about something super important: mental health in the world of informatio

Businesses of all sizes, whether in the financial, transportation, retail, communications, entertainment, healthcare, or energy sectors, are impacted by cybersecurity. Cyberthreats are commonplace. Cyberattacks have increased in frequency and malicio

PAYMENT PAGE SECURITY; Navigating PCI DSS v4.0: Insights on Requirements 6.4.3 and 11.6.1

Interview with Ed Leavens, Founder and CEO of DataStealth

As the March 31, 2025 deadline for PCI DSS (Payment Card Industry Data Security Standard) v4.0complian

Cybersecurity is on the brink of significant transformation as we approach 2025, grappling with escalating complexities driven by advancements in technology, increasing geopolitical tensions, and the rapid adoption of AI and IoT. In this blog, I’m ex

Welcome to the Challenge: Governance, Risk & Security

A CISO’s world is never just about technology. It’s about governance, risk, and control. Without governance, security becomes a guessing game. Without risk management, threats remain unseen. A 30-

After a long, long, long writing effort … eh … break, we are ready with our 5th Deloitte and Google Cloud Future of the SOC paper “Future of SOC: Transform the ‘How’.”

As a reminder (and I promise you do need it; it has been years…), the previous 4 p

My former “colleagues” have written several serious pieces of research about why a SOC without humans will never happen (“Predict 2025: There Will Never Be an Autonomous SOC”, “The “Autonomous SOC” Is A Pipe Dream”, “Stop Trying To Take Humans O

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs

Imagine walking into a crowded airport where security checks every bag. Some bags trigger an alert and are flagged. Security pauses and asks: “Is this dangerous or just an innocent traveler carrying metal in their pockets?” Now, picture this in the d

Imagine walking down a busy street where pickpockets are lurking. You wouldn't flash your wallet, right? Instead, you'd zip it away, staying one step ahead. That's exactly what the OWASP ModSecurity Core Rule Set (CRS) does for your web applications—

What is Mod Security?

Imagine an old mechanical watch. Tiny gears, springs, and screws work together. No fancy AI, no wireless updates—just pure engineering. Mod Security works the same way. It’s not flashy. It doesn’t rely on cloud intelligence or m

Imagine a busy highway. Cars zoom past, carrying everything from passengers to valuable goods. But not every vehicle should be allowed in. Some might carry dangerous cargo, while others are simply lost. Web Application Firewalls (WAFs) work the same

When you get into a car, the seatbelt is your first line of defense. It's automatic—click it, and you’re safer. But it doesn’t mean you stop watching the road or ignore traffic rules. A seatbelt reduces the impact, but it’s not a magic shield. The sa