Register

Transforming Community Engagement through Insights

SOC Market Trends: Skills Shortages, Growing Complexity, and the Need for Greater Analyst Efficiency.

I’m excited to share a newly released white paper from ESG, commissioned by Splunk.

This paper explores the current state of security operations centers (SOCs) and highlights why unifying and modernizing security operations is becoming critical. A few key takeaways:

·       93% of organizations struggle with managing too many security tools.

·       89% are impacted by cybersecurity skills shortages, leading to burnout and open roles.

·       Organizations see significant potential in a unified work surface to accelerate detection, reduce manual tasks, and enhance analyst productivity.

If you’re looking to improve SecOps efficiency, reduce complexity, or better align your security strategy with business priorities, this is worth a read.

I’d be happy to discuss how these insights align with your security priorities or explore opportunities to evolve your SOC capabilities.

By Splunk

Read More

Security leaders’ guide to exposure management strategy

 

Exposure management isn’t a difficult concept to appreciate—its value in strengthening security posture and reducing risk is clear. The real challenge lies in knowing where to begin. Security and vulnerability leaders often find themselves asking the same critical questions: How do we initiate and mobilize an exposure management program? What outcomes should we aim for? Who needs to be involved? How do we secure organizational buy-in? What must change—and what existing people, processes, and technologies can we leverage?

Since pioneering exposure management in 2017, Tenable has guided organizations in building mature, effective programs through a structured and practical approach. This method removes complexity, offering a clear path from uncertainty to execution. Organizations that adopt this framework don’t just improve security—they transform it, driving measurable impact. In fact, one global food company reduced its cyber exposure by $45 million in 2024 alone.

In the following sections, we outline seven foundational steps to help you launch your exposure management program. You’ll find practical problem-and-solution narratives to support stakeholder alignment, tools to assess your current capabilities, and guidance for conducting a meaningful gap analysis. We also provide recommendations for defining scope and setting priorities.

While these steps are presented in sequence, flexibility is key. Every organization operates differently—you may need to run initiatives in parallel or assemble a focused “tiger team” before fully assessing your maturity. Use this guidance as a starting point, and adapt it to fit the way your organization gets things done.

Tenable

Read More

Don’t Trust the Code: Securing AI-Generated Software at Machine Speed

AI is rapidly transforming the way modern software is built, shifting development from manual coding to AI-assisted and often AI-generated workflows. This evolution has unlocked unprecedented speed, scalability, and innovation—but it has also introduced a new class of security challenges that traditional approaches were never designed to handle. Legacy application security models rely heavily on post-development scanning and delayed feedback loops, assuming that code is written incrementally and can be reviewed at a human pace. In today’s reality, where code is continuously generated and integrated at machine speed, those assumptions no longer hold true.

As development accelerates, security risks are introduced earlier and propagate faster across systems, often before they can be properly identified or mitigated. Developers are increasingly working with code they didn’t fully author, making it harder to understand intent, dependencies, and potential vulnerabilities. This creates a growing gap between development velocity and security effectiveness—one that cannot be closed by simply adding more scans or manual reviews.

To address this shift, organizations must rethink how security is applied across the software development lifecycle. Instead of reacting to vulnerabilities after code is written, security must be embedded directly into the development process—operating in real time, at the moment code is created. This whitepaper explores the need for this transition, outlining how proactive, developer-centric security models can keep pace with AI-driven development while reducing risk, improving code quality, and enabling teams to innovate with confidence.

By Checkmarx

Read More

DevSecOps Evolution: from DevEx to DevSecOps

The journey to DevSecOps is in progress, but distance and tough terrain lie ahead. The travellers—DevOps and Security teams—are sharing the road, but they aren’t yet in step. They sometimes meet en route, only to diverge again as differing outlooks and priorities prompt a check or swerve.
Yet align they must if they are to achieve the core objective of delivering high-performing code—which we believe must, by definition, be secure code. The situation is growing more pressing because, as our research reveals, modern enterprises have a huge number of development teams and DevOps pipelines.

 

 

 

By Checkmarx

Read More

Cymulate Exposure Management Platform

Prove the Threat. Improve Resilience.
Traditional vulnerability management falls short without validation. Cymulate’s Exposure Management Platform goes beyond by integrating discovery, validation, and continuous testing against real-world advanced threats.

With automation and AI, Cymulate empowers security teams to:

  • Continuously validate and optimize defenses against the full attack kill chain

  • Accelerate detection engineering and exposure management

  • Benchmark security posture with clear metrics and dashboards

By combining Breach and Attack Simulation (BAS), Continuous Automated Red Teaming (CART), and AI-driven workflows, Cymulate delivers scalable offensive testing and actionable insights tailored to your organization.

Result: Security leaders gain measurable resilience, teams reduce exposures, and organizations stay ahead of evolving threats.

cymulate

Read More

Security conscious companies trust Astra for AI driven continuous pentests

Powered by our proprietary ‘Attack AI’ engine capable of
discovering and correlating vulnerabilities at scale, Astra’s engine creates detections from vulnerabilities discovered in real-world pentests, ensuring offensive AI-powered continuous vulnerability scans across web apps, APIs, cloud & mobile apps.


Most tools flood you with findings; Astra is built to deliver answers. Astra combines automated continuous scanning, pentesting by experts, and deep developer-friendly integrations in a single, all-purpose vulnerability management platform.

Astra

Read More

State of continuous pentesting report 2025

It may be 2025, but cybersecurity is still stuck in a state of ‘survival.’ Over 62% 1 of professionals reported burnout last year—an unsurprising consequence of chasing zero-tolerance security in an environment that refuses to cooperate.

The sheer velocity of emerging vulnerabilities, magnified by automation, resource constraints, and the unpredictability of AI-riven threats, has stretched security teams to their limits. Yet, the fundamental question remains: Are we making meaningful progress, or are we just patching faster than we break?

Reflecting on the past year, the nature of cyber threats hasn’t necessarily evolved—it has compounded. Attackers aren’t reinventing the wheel; they’re optimizing & automating it
with persistent legacy vulnerabilities and/or escalating supply chain attacks while organizations remain locked in an exhausting cycle of reactive security.

Worse, security investments often follow the latest breach headline rather than grounded vulnerability intelligence with proper business-contextualized prioritization. This results in an ROI model that looks effective on paper but falls apart in practice.

Critical performance areas are either overlooked or misaligned, widening the gap between security efforts and actual risk reduction. Meanwhile, the financial impact of breaches continues to climb to several billion, challenging CTOs to justify security investments as
tangible ROI rather than compliance checkboxes.

Thus, this report goes beyond summarizing breach statistics and vulnerability trends to examine the state of cybersecurity and pentesting as an industry—where it excels, where it falls short, and how security teams must recalibrate for the coming year.

Astra

Read More

Learn the Essentials and Benefits of Data Classification Levels

Data classification is the process of organizing and categorizing data. Think of how a drug store displays its health products: Everyday vitamins are kept on open shelves, prescription medications are stored in a closed
compartment, while controlled substances are locked away and only accessible to authorised individuals. Similarly, every business has data that is publicly shared (such as an “About Us” webpage), internal data that is
shared only within the organization (such as organizational charts and employee policies), and confidential or restricted data that can be accessed only by particular groups (such as financial data and intellectual property). Like the products in a drug store, each type of data must receive the appropriate level of protection and be han-dled according to its risk profile.

Netwrix

Read More

Overlooked misconfigurations, risky defaults in managed services and insights for secure AI adoption.

Artificial intelligence (AI) is here, helping organizations improve their efficiency, decision-making and competitive advantage. The gain comes with new security challenges. AI tools can propagate security flaws; sensitive AI assets, deeply integrated within business operations, can contain vulnerabilities or misconfigurations that pose risks. As part of a mature exposure management strategy, security stakeholders must understand these AI risks and take proactive steps to not only secure their AI tools and resources but also prevent them from creating risky exposures in their cloud environment.

This report draws on Tenable Cloud Research’s analysis of workloads and assets across diverse cloud and enterprise environments to highlight the current state of security risks in cloud AI development tools and frameworks, and in AI services offered by the three major cloud providers

— Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. We provide guidance for raising risk awareness among security and developer teams, identifying blindspots and otherwise protecting your cloud environment as you adopt AI technologies. 

By Tenable

Read More

A CISO’s Guide to Steering AppSec in the Era of DevSecOps

2025 marks a pivotal moment for CISOs as the landscape of Application Security undergoes a fundamental transformation. Rather than maintaining direct control over the Software Development Lifecycle (SDLC), many CISOs are evolving into a more dynamic policy/ compliance role and must learn to operate in distributed security ecosystems, orchestrating security through development teams, AppSec managers, product security practitioners, and DevSec architects.
 
As organizations face tighter budgets, faster development cycles, and heightened security risks, CISOs must adapt their approach from direct control to a modular and flexible model. Depending on the organization, their role now mixes strategic oversight with hands-on actions, making security a shared priority between development, security, and product teams.

By Checkmarx

Read More

Registration will be subject to validation & confirmed via email