Something’s Missing I’ve been at RSAC 2026 this week [edit: well, last week but work and travel got in the way of posting], and in the numerous sessions, talks, and … Continue reading “The Unmonitored Layer”
Tagged As:
security
The Call Came…
Cybernews published an example of agentic AI acting like an insider threat with Replit’s AI tooling wiping a production database, ignoring a code-freeze, inventing user data, then lying about it … Continue reading “The Call Came…”
The Call Is Coming From Inside the Model
A breakdown of Anthropic’s agentic misalignment research and what it means for agentic AI in critical systems TL;DRAnthropic, one of the leading AI labs, just published a paper showing that … Continue reading “The Call Is Coming From Inside the Model”
So What?
Have you ever sat through a security briefing, heard the words, “This CVE has a critical CVSS score of 9.8!” and thought to yourself, “Okay, great… but what does that … Continue reading “So What?”
The Cyber Ecosystem Shift
As federal cyber leadership pulls back, the balance is shifting across states, agencies, and industries. Here’s what that means—and why timing matters. Ecosystems are interconnected, interdependent systems. Think of a … Continue reading “The Cyber Ecosystem Shift”
FFFFFFFound in the archive
I was cleaning up my hard drive when I found an unpublished blog post I had written in 2008 during my stint at American Airlines as an information security architect. … Continue reading “FFFFFFFound in the archive”
Secure the Vibe
Vibe coding is a rising trend in software development where programmers rely on intuition over established practices, documentation, and security checks. This approach, likened to improvisational jazz, has become popular in the era of generative AI tools that suggest code without thorough understanding, leading to insecure applications. Although it may appear efficient, vibe coding often results in bugs, security breaches, and technical debt, as foundational practices like testing and threat modeling are overlooked. Both development and security teams have fallen into similar traps, prioritizing speed over safeguard measures, necessitating a collaborative shift towards disciplined coding practices for better security outcomes.
North Korean Hackers Targeting Job Seekers
There’s something about kicking people when they’re down that really rubs me the wrong way. North Korean hackers are targeting freelance developers with fake job interviews, tricking them into installing … Continue reading “North Korean Hackers Targeting Job Seekers”
Categories: Security
Author Dan GPosted on 3 Comments on tl;dr – A Wonk’s Guide to Effective Vulnerability Management
Author Dan GPosted on 3 Comments on tl;dr – A Wonk’s Guide to Effective Vulnerability Management tl;dr – A Wonk’s Guide to Effective Vulnerability Management
I published a rather lengthy blog post about the importance of patch management to the success of a security program. Due to the length of the post I thought I’d … Continue reading “tl;dr – A Wonk’s Guide to Effective Vulnerability Management”
Categories: SecurityAuthor Dan GPosted on 3 Comments on A Wonk’s Guide to Effective Vulnerability Management
Author Dan GPosted on 3 Comments on A Wonk’s Guide to Effective Vulnerability Management A Wonk’s Guide to Effective Vulnerability Management
I’m going to cover something that arguably has the greatest impact on the security posture of an organization and is not something that information security is typically responsible for. It’s … Continue reading “A Wonk’s Guide to Effective Vulnerability Management”