In this deeper dive into cybersecurity, Brad LaPorte explores the current state of industries in terms of their maturity and the available testing capabilities. He acknowledges the escalating sophistication of hackers and attackers, prompting a closer examination of where organizations stand today and the arsenal of tools at their disposal for defense.




Here is the verbatim discussion:

And what you mentioned um is something really really pertinent so so let's dive deeper uh into the topic of like where do you see the industries today so we know the hackers and attackers has become very sophisticated so where where is the industry today that's say part one and uh part two let's also look into what's the state of industry in terms of the types of testing available Etc so both the maturity and also what's in the kit of the Defenders cor yeah and basically um I'll kind of weave in where organizations are today with your Bas and red timming can give you the um depth but a narrow one narrow Focus depth but that's more point in time but cart is making it more automated right so um so that's how if we kind of create a 2 by two metrics I mean then you can place all these various things uh into that so that's very interesting uh Brad so so let's uh get into the next part which is um around like if an organization has to or wants to build a capability around continuous security validation uh uh what what how should they build a program what should be the kind of high level program structure what are the critical capabilities what I call the human element so they'll get in through fishing or social engineering you know they'll convince you knock on the door and and you know try to figure out a way to get into your your organization and it's really just a it's typically an outside in view you know it's like if I was an attacker how would I break into this house how would they break how would I break into your infrastructure it helps identify those weak points so you can address it and sometimes it ends up being um areas where you know it might be on uh email security because of fishing or social engineering it might be just uh security awareness training and leveling up your people in terms of being aware of these types of scenarios and then it might be.
Highlights :

Industry Maturity: LaPorte assesses the maturity levels of industries in combating cyber threats, highlighting the increasing sophistication of attackers. He identifies a need for organizations to align their defenses with emerging threats, emphasizing the importance of proactive measures in the face of evolving attack vectors.

Available Testing Capabilities: Delving into the toolkit of defenders, LaPorte discusses the types of testing available to organizations, ranging from traditional red teaming to the more automated approach of continuous attack response testing (CART). He emphasizes the importance of addressing vulnerabilities through comprehensive testing methodologies and proactive security measures.

High-Level Program Structure: Brad LaPorte outlines the high-level program structure for building a continuous security validation program, stressing the need for a structured approach and critical capabilities. He highlights the human element in security testing, emphasizing the importance of addressing vulnerabilities from an outside-in perspective and investing in security awareness training.


In conclusion, LaPorte's insights underscore the need for organizations to adapt and strengthen their cybersecurity defenses in response to the evolving threat landscape. By embracing proactive measures, leveraging available testing capabilities, and implementing structured security validation programs, organizations can enhance their resilience against sophisticated cyber threats and safeguard their digital assets effectively.



Brad LaPorte a former army officer with extensive experience in cybersecurity, provides invaluable insights into the evolving landscape of digital threats. With a background in military operations, LaPorte witnessed firsthand the early stages of nation-state cyber attacks, laying the groundwork for his deep understanding of cybersecurity challenges. Through his journey, he has observed the transformation of defense tactics from traditional, labor-intensive methods to modern, cloud-based solutions. LaPorte's expertise offers a unique perspective on the intersection of technology, security, and the underground economy of cybercrime. In this discussion, he shares his experiences and analysis, shedding light on the complexities of cybersecurity in the digital age.


Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud. 

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

RSAC Meetup Banner

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)