In this enlightening conversation with Brad LaPorte, a seasoned cybersecurity analyst, we explore the ever-evolving landscape of cyber threats. LaPorte draws from his extensive experience working with both SMBs and large enterprises to provide invaluable insights into the mindset shifts necessary to combat modern cyber adversaries effectively.



Here is the verbatim discussion:

Days was not so much there outside and then try to compromise systems so interestingly what has happened is the same thing today is being done by the nation state actors they're just looking for that window of small opportunity and whenever that opportunity is there they would like to grab it right the same is true for ransomware guys so the adversary is doing this continuously in terms of looking for that one single opportunity for a few minutes or few hours as well as the number of changes that's happening is also at that same frequency right the release frequency people do release every day what I call the human element so they'll get in through fishing or social engineering you know they'll convince you knock on the door and and you know try to figure out a way to get into your your organization and it's really just a it's typically an outside in view you know it's like if I was an attacker how would I break into this house how would they how would I break into your infrastructure it helps identify those weak points so you can address it and sometimes it ends up being um areas where you know it might be on email security because of fishing or social engineering it might be just uh security awareness training and leveling up your people in terms of being aware of these types of scenarios and then it might be um actionable advice as I go along and um the number one piece of advice that I have to organization s is uh to uh fully Embrace horizontally and vertically throughout your organization and and it goes above and beyond just your own four walls to have the right mindset that you will eventually be breached so do you see that mindset I mean do you see and you have worked with both the smbs and the large Enterprises do you see that mindset today and that's a very important mindset like accepting that there will those breaches huh I see it more now than I have I ever have in the past two decades but it's not anywhere near where uh it needs to be and unfortunately um the root cause of a lot of what exists today is um it's nimi it's not in my backyard so it's not going to happen to me it's going to happen to somebody else and it's not until it's someone that's close to them so if they're in the industry let say they're in retail and um they're the biggest competitor.



Evolving Cyber Threats: LaPorte highlights the persistent tactics employed by both nation-state actors and ransomware groups, who continuously seek small windows of opportunity to compromise systems. He emphasizes the rapid pace of technological change, mirroring the release frequency of security updates, and the necessity for organizations to remain vigilant against emerging threats.

Tactics Employed by Attackers: Discussing the human element of cyber attacks, LaPorte delves into the various methods utilized by attackers, including phishing, social engineering, and exploiting infrastructure weaknesses. He underscores the importance of adopting an "outside-in" perspective to identify and address vulnerabilities proactively, ranging from email security measures to comprehensive security awareness training.

Embracing a Cybersecurity Mindset: LaPorte advocates for organizations to fully embrace the mindset that breaches are inevitable, extending security measures beyond their own perimeters. While acknowledging a growing acceptance of this mindset, he highlights the prevalent "not in my backyard" mentality that persists within many organizations, emphasizing the need for a cultural shift towards proactive cybersecurity practices.


As the cyber threat landscape continues to evolve, organizations must remain adaptive and proactive in their approach to cybersecurity. LaPorte's insights underscore the critical importance of vigilance, comprehensive security measures, and a shift towards a mindset that acknowledges the inevitability of breaches. By embracing these principles, organizations can better prepare themselves to mitigate risks and safeguard their digital assets effectively in an increasingly complex threat environment.



Brad LaPorte a former army officer with extensive experience in cybersecurity, provides invaluable insights into the evolving landscape of digital threats. With a background in military operations, LaPorte witnessed firsthand the early stages of nation-state cyber attacks, laying the groundwork for his deep understanding of cybersecurity challenges. Through his journey, he has observed the transformation of defense tactics from traditional, labor-intensive methods to modern, cloud-based solutions. LaPorte's expertise offers a unique perspective on the intersection of technology, security, and the underground economy of cybercrime. In this discussion, he shares his experiences and analysis, shedding light on the complexities of cybersecurity in the digital age.


Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud. 

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

RSAC Meetup Banner

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)