Cybersecurity Executive, Speaker & Strategist
CrowdStrike 2026 Global Threat Report finds that the average attacker breakout time has dropped to just 29 minutes for financially motivated attackers in 2025. That’s a whopping 65% acceleration year-over-year with the fastest observed breakout time clocking in at 27 seconds. Breakout time is the elapsed time between an attacker gaining initial foothold and moving laterally to another system inside…
Anthropic shipped Remote Control for Claude Code today — and developers are losing their minds over it. You can now kick off a complex coding session at your desk, walk away, and keep full control from your phone. It’s genuinely impressive engineering. But before you forward this to your dev team as a cool new tool, your security organization needs…
On Friday, Investing.com reported that shares of cybersecurity software companies tumbled after Anthropic introduced Claude Code Security. CrowdStrike was among the biggest decliners, falling 8%, while Cloudflare slumped 8.1%. Zscaler dropped 5.5%, SailPoint shed 9.4%, and Okta declined 9.2%. The Global X Cybersecurity ETF fell 4.9% and closed at its lowest since November 2023. What Is Claude Code Security? Claude…
I started seeking the next step in my career a few weeks ago. I first updated my resume and set my LinkedIn profile to “Open to Work” for recruiters and hiring teams to see my status. I also put a post indicating that I was “Open to Work” outlining what I am seeking. Within minutes, I was contacted by two…
People by nature don’t like to be told what to do. Most people would rather be told what needs to be done and left to their own devices to produce the end result. That approach works fine if you are an organization of one. Bring in another person and suddenly things start to get done differently by each person. Those…
A company can have the best security controls in place, have a staff that is highly security-aware and have what they consider outstanding security practices in place and yet bad things can and do happen. Many times, security breaches are caused by malicious actors exploiting some unnoticed vulnerability in a running service or other infrastructure. These breaches happen without involving…
A recent post by Kendra Cooley led to a lively discussion around the value of SOC2 attestations. She followed this up with an article that goes into a bit more depth. Discussion around these sorts of issues is always educational. The devil is in the details. When one discusses SOC without clarifying the details, the waters get muddy very fast.…
Happy New Year! As I began 2024, I spent a little time last weekend evaluating my online presence and personal security practices. I thought it would be worth sharing my perspective on how I manage my personal online accounts and access to those accounts. In doing this, maybe I can motivate you to make it a point to evaluate and…
Cybersecurity seems to dominate our lives. So much of our lives are dependent upon the Internet as we use connected devices to manage our shopping, finances and communications. The amount of data consumed and copied worldwide in 2010 was about 2 zettabytes. The amount predicted for 2024 is 147 zettabytes – almost 7500% growth in 14 years! Data is an…
In 2013, malicious actors stole 40 million credit card numbers and the personal details from 70 million customers in what has become known as the Target data breach. For those of you that don’t know, Target is a very large retail chain with locations around the world. In addition to credit card numbers, the cybercriminals also got away with PINs,…
In the advertising world, there is an acronym called TOMA. TOMA stands for Top-of-Mind Advertising or Top-of-Mind Awareness. This is defined by Marketing Metrics as “the first brand that comes to when a customer is asked an unprompted question about a product or service category.” This can be thought of as the most remembered or most recalled brand names. A…
Organizations must take risks in order to operate. Each organization determines what level of risk is acceptable to that organization. This concept is known as risk appetite. Security is the process of examining risk across an organization and taking defined steps to reduce those risks to a level that is acceptable to the organization. Security is NOT the act of…