My former “colleagues” have written several serious pieces of research about why a SOC without humans will never happen (“Predict 2025: There Will Never Be an Autonomous SOC”, “The “Autonomous SOC” Is A Pipe Dream”, “Stop Trying To Take Humans O
Blog (927)
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs
Imagine walking into a crowded airport where security checks every bag. Some bags trigger an alert and are flagged. Security pauses and asks: “Is this dangerous or just an innocent traveler carrying metal in their pockets?” Now, picture this in the d
Imagine walking down a busy street where pickpockets are lurking. You wouldn't flash your wallet, right? Instead, you'd zip it away, staying one step ahead. That's exactly what the OWASP ModSecurity Core Rule Set (CRS) does for your web applications—
What is Mod Security?
Imagine an old mechanical watch. Tiny gears, springs, and screws work together. No fancy AI, no wireless updates—just pure engineering. Mod Security works the same way. It’s not flashy. It doesn’t rely on cloud intelligence or m
Imagine a busy highway. Cars zoom past, carrying everything from passengers to valuable goods. But not every vehicle should be allowed in. Some might carry dangerous cargo, while others are simply lost. Web Application Firewalls (WAFs) work the same
When you get into a car, the seatbelt is your first line of defense. It's automatic—click it, and you’re safer. But it doesn’t mean you stop watching the road or ignore traffic rules. A seatbelt reduces the impact, but it’s not a magic shield. The sa
Introduction
Imagine your home guarded by a loyal family dog. It’s friendly, greets your guests, and barks only when a real threat emerges. But what happens when that same dog is suddenly tasked with guarding a high-security vault? It transforms into
Unmasking Threats with Rule Validation and Scoring
Think about securing your home. You’ve installed surveillance cameras, sensors, and even a guard dog. But what happens when someone manages to sneak in? Wouldn’t it be great to have a system that not
The Final Layer of Defense for Web Applications
Imagine having a guard dog that not only watches your house but knows who to bark at and who to ignore. ModSecurity does just that for web applications. But like a smart dog that gets better with traini
Protecting Your Applications with Confidence
Imagine running a high-speed train. Every minute, thousands of passengers board, and you need to ensure they get to their destination safely. But what if 1% of those passengers posed a potential risk? Woul
Our editorial team has curated the finest sessions from the CISO Platform Top 100 Awards & Annual Conference 2025—India’s first award ceremony that celebrates those making a meaningful impact in the world of security.
The 16th annual conference was
Imagine this. You’re standing in your kitchen, making toast. Suddenly, you hear a dripping sound. You glance at the sink and notice water pooling around the base. It’s not a flood—yet—but it could be. You investigate the source, tighten a loose pipe,
Every company wants to unlock the magic of cloud data, but it’s not a free ride. Especially with data privacy laws like the Digital Personal Data Protection Act (DPDPA) keeping you accountable. Getting data security right can feel like juggling water
More attacks targeting cryptocurrency users. Microsoft has identified a new Remote Access Trojan, named StilachiRAT, that has sophisticated capabilities to remain stealthy and persistent so it can harvest crypto wallet credentials via web browsers.
Th
ISO 27001 compliance is one of the most recognized international standards for information security management. Organizations worldwide seek certification to protect sensitive data, gain customer trust, and meet regulatory requirements. However, achi
Imagine seeing photos and videos of a massive political rally flooding your social media feed. It looks real—except it never happened. That’s the power of disinformation propaganda: creating false realities that influence thoughts, decisions, and eve
Unfortunately, I am old enough to remember how SIEM was done before the arrival of threat intelligence feeds. We had to write broad behavioral (well, “behavioral-ish”, if I am totally honest) rules without relying on any precise knowledge of attacker
A fair-weather SOC by Meta AI
Do you have a fair-weather friend? Or two?
Fair weather friend (via Google)
OK, do you also have a fair-weather SOC?
This train of thought was inspired by reading pilot forums about how some training approaches lea
Join The Community Discussion
CISO Platform
A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.
Join CISO Community Share Your Knowledge (Post A Blog)
Atlanta Chapter Meet: Build the Pen Test Maturity Model (Virtual Session)
- Description:
The Atlanta Pen Test Chapter has officially begun and is now actively underway.
Atlanta CISOs and security teams have kicked off Pen Test Chapter #1 (Virtual), an ongoing working series focused on drafting Pen Test Maturity Model v0.1, designed for an intel-led, exploit-validated, and AI-assisted security reality. The chapter was announced at …
- Created by: Biswajit Banerjee
- Tags: ciso, pen testing, red team, security leadership
