Security Boulevard

via the cosmic humor & dry-as-the-desert wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Alert Sound’ appeared first on Security Boulevard.

Authors/Presenters: José Ibañez (CEO at Blind Penguin), Raissa Ibañez (Manager At Blind Penguin)

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: Beyond ARIA Labels What A Blind Film Enthusiast Can Teach Us About Open Source appeared first on Security Boulevard.

90% of B2B SaaS companies fail because they scale with the wrong tactics. This data-driven guide reveals exact strategies for growing from 1-10, 10-100, and 100-500 customers, plus the psychological shifts needed at each stage.

The post The founder’s survival guide to B2B SaaS growth appeared first on Security Boulevard.

Vibe coding might sound like a trendy term, but it's really just developing software without automated checks and quality gates. Traditional engineering disciplines have always relied on safety measures and quality controls, so vibe coding should be no different in my honest opinion.

The post Automated Guard Rails for Vibe Coding appeared first on Security Boulevard.

In 2025, app store security threats have reached unprecedented levels, driven by increasingly sophisticated cybercriminal tactics and expanding attack surfaces.

The post App Store Security Threats in 2025: Why Hackers Target Mobile Ecosystems  appeared first on Security Boulevard.

The Microsoft email accounts of several Washington Post journalists whose coverage includes national security and economic policy, including China, where hacked and could give the bad actors access to the messages that were sent and received.

The post Washington Post Journalists’ Microsoft Email Accounts Hacked appeared first on Security Boulevard.

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Jorge Orchilles, Senior Director of Readiness and Proactive Security at Verizon, offers an up-close glimpse at the thinking that drove his move to exposure management. You can read the entire Exposure Management Academy series here.

As we shift our security focus at Verizon to proactive exposure management, we’re consolidating tools and teams to focus on real-world, exploitable risks. By aligning offensive security functions under a unified strategy, prioritizing exploitable threats and fostering collaboration, we're moving our focus beyond compliance-based remediation to risk-based remediation.

You know the story: Those of us in cybersecurity play a high-stakes game of Whac-a-mole® just about every day. We spend our lives chasing down vulnerabilities and issuing (or responding to) mandates like, "Patch within 30 days” or “Code red, patch now!”

But as attack surfaces grow and threat actors become more sophisticated, this reactive approach has become inadequate. 

At Verizon, we recognized that, with such a heterogeneous landscape that has to serve the diverse needs of corporate, retail, mobile field techs and more, the best solution was not another collection of disparate tech. We needed a single, consolidated exposure management platform that could cover every corner of our enterprise. The journey to get there broke down silos and shifted our mindset from being compliance-driven to a risk-based focus. 

Importantly, before we even considered new technology, we needed to align multiple teams, each with their own tools and priorities, behind a shared strategy.

Bringing separate tools together as one

Security teams have always juggled a patchwork of tools: Separate tools for attack surface management, asset visibility, vulnerability scanning, identity exposure and cloud security. In most companies, different teams operate the solutions and each one requires its own set of expertise. The intent of the fragmentation is to ensure you have people with the right skills remediating the right problems. 

The siloed approach slows response times and creates blind spots that can leave critical vulnerabilities unaddressed simply because they fall outside a team’s area of expertise. You cannot do attack path analysis in silos!

I don’t want to be in the business of just checking boxes. 

We needed to build a security program that prioritizes real-world risks, rather than every vulnerability. And, in that effort, it’s clear that the value of an integrated approach outweighs the benefits of niche features.

So, to handle these challenges, we opted to consolidate under a single platform: Tenable One.

The key to managing change: A little bit of Dale Carnegie 

While the right platform makes all the difference, implementing exposure management isn't purely technical. It’s organizational. Launching an exposure management program means shifting ownership of key, siloed security functions, which can require teams to work together in ways they haven’t before.

For example, at Verizon, attack surface management was previously handled by a separate team. Now, those individuals are part of my group. The Active Directory team, which runs identity exposure tools like Bloodhound, remains independent, but we collaborate closely so they see the security insights as valuable rather than punitive. 

The internet of things (IoT) and operational technology (OT) security specialists who previously used a different set of tools now all work within the same framework.

Security teams accustomed to working in silos must now share data and decision-making, which can be a tough adjustment. I found that the key to overcoming this is transparency and partnership. 

In fact, reading a bit of Dale Carnegie regularly can be just as important as a daily dose of Brian Krebs. 

So, to ease the transition, rather than imposing top-down mandates, we’ve focused on aligning teams through shared objectives, clear communication and demonstrating value early in the process. By involving stakeholders from the start, in areas like identity security, IT operations and cloud security, we’re ensuring that change isn’t something done to them, but something they actively shape and support.

I want to emphasize that none of this happened overnight. 

It required high-level buy-in and careful planning. These teams weren’t just being asked to use a new tool, they were being asked to change the way they work. The only way to make that transition successful is by showing team members how this approach makes their jobs easier, not harder.

Stop trying to fix everything

One of the biggest mindset shifts in exposure management is recognizing that not every vulnerability needs to be patched immediately. Sure, it can be a hard thing to wrap your head around. But when everything is critical, nothing is critical. And that approach just leads to burnout, inefficiency and more exposures. 

Instead, at Verizon, we focus on vulnerabilities that are actually exploitable and part of a realistic attack path.

So, if there’s a critical vulnerability in an application but no feasible way for an attacker to reach it, should it really be the top priority? On the other hand, if a vulnerability provides a direct path to a crown jewel asset, we need to address it immediately. 

The key is prioritization based on real-world attack scenarios, not arbitrary severity scores.

Working with the C-suite

Another critical advantage of exposure management is how it changes security conversations at the executive level. Instead of delivering long lists of vulnerabilities that mean little to non-technical leaders, we can present a clear picture in a few key points:

• What’s at risk?
• How could an attacker get in?
• What are the most urgent priorities to fix?

And when a major vulnerability hits, we don’t have to scramble to figure out if we are affected. We have the data at our fingertips. That’s the real value of exposure management: Speed, clarity and the ability to act before attackers do.

The future of cybersecurity is proactive exposure management

At its core, exposure management is about shifting from reactive security to proactive security. It’s not just about fixing vulnerabilities anymore. It’s about understanding risk in the context of the business. 

As more organizations move in this direction, exposure management will continue to evolve. 

Vendor consolidation is ongoing, teams are being restructured and security leaders are realizing that patching everything everywhere all at once is an impossible task. 

So, like Verizon, the industry must focus on what really matters: Preventing the attacks that could actually lead to a compromise.

And for those of us at the tip of the spear in this shift, it’s time to stop being reactive and start managing exposure like the strategic risk it is.

Jorge shares what you should focus on next 

 

Learn more

• Read the Security leaders’ guide to exposure management strategy, a proven, pragmatic approach to standing up an exposure management program — plus advice for scoping it, engaging stakeholders and obtaining buy-in.

Whac-a-Mole is a registered trademark of Mattel Inc.

The post Exposure Management Is the Future of Proactive Security appeared first on Security Boulevard.

Introduction Modern applications are increasingly powered by large language models (LLMs) that don’t just generate text—they can call live APIs, query databases, and even trigger automated workflows. The Model Context Protocol (MCP) makes this possible by standardizing how LLMs interface with external tools, turning your AI assistant into a fully programmable agent. With great power,...

The post What are the best practices for MCP security? appeared first on Security Boulevard.

Artificial intelligence is changing everything – from how we search for answers to how we decide who gets hired, flagged, diagnosed, or denied.

Related: Does AI take your data?

It offers speed and precision at unprecedented scale. But without intention, … (more…)

The post GUEST ESSAY: The AI illusion: Don’t be fooled, innovation without guardrails is just risk–at scale first appeared on The Last Watchdog.

The post GUEST ESSAY: The AI illusion: Don’t be fooled, innovation without guardrails is just risk–at scale appeared first on Security Boulevard.

In an era of growing cyber threats, enterprises must move beyond basic cybersecurity to prevent data breaches. This article explores the importance of a layered security approach, with a focus on automated certificate lifecycle management (CLM), zero trust frameworks, and real-time monitoring. These strategies enhance visibility, enforce identity-based access, ensure compliance, and reduce human error, ultimately helping enterprises secure sensitive data across expanding digital environments.

The post How to prevent data breaches in enterprise organizations appeared first on Security Boulevard.

The cyber domain is a primary theater in the Israel-Iran conflict. Organizations across Israel must be aware and brace for a wave of sophisticated and ideologically driven cyberattacks.

The post Hacktivists Strike Within Minutes of Israel Missile Attacks on Iran Nuclear Sites  appeared first on Security Boulevard.

Why is Advanced NHI Management Crucial for Driving Innovation? Where data is the new gold, organizations must ensure the safety of this precious commodity. But how can this be achieved? Could enhancing Non-Human Identities (NHIs) management be a powerful tool to drive innovation and boost cybersecurity? One might argue that the answer lies in advanced […]

The post Drive Innovation Through Advanced NHI Management appeared first on Entro.

The post Drive Innovation Through Advanced NHI Management appeared first on Security Boulevard.

Why is NHI Management Crucial for Growing Businesses? Growing businesses face the continuous challenge of ensuring their cybersecurity measures scale with their expansion. With companies evolve, so do the number and complexity of Non-Human Identifiers (NHIs) used within their systems. What is the secret to managing this increasing complexity? It lies in the scalable implementation […]

The post Scalable Secrets Management for Growing Businesses appeared first on Entro.

The post Scalable Secrets Management for Growing Businesses appeared first on Security Boulevard.

Why does Digital Identity Control Matter in Cybersecurity? Do you fully control your digital identities? Managing Non-Human Identities (NHIs) and their secrets has become a fundamental pillar in cybersecurity. NHIs, often referred to as machine identities, play an increasingly critical role in securing a robust digital infrastructure. Understanding Non-Human Identities (NHIs) Might it be possible […]

The post Gain Full Control Over Your Digital Identities appeared first on Entro.

The post Gain Full Control Over Your Digital Identities appeared first on Security Boulevard.

In creating Guernsey Cyber Security Centre, JCSC are working with the
States of Guernsey to ensure all the Channel Islands have access to
specialist support for cyber security incidents, as well as advice and
guidance to built better and more effective defences.

The post Introducing Guernsey Cyber Security Centre appeared first on Security Boulevard.

Authors/Presenters: Steven Shiau (Clonezilla Project Leader); Yu-Chin Tsai (Clonezilla NCHC Partclone); Chen-Kai Sun (Clonezilla Project / Engineer In NCHC)

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: Clonezilla Live On RISC-V Crafting Open Source Live Systems For Open Hardware appeared first on Security Boulevard.

From vibe hacking to malware development to deepfakes, bad actors are discovering more vulnerabilities to attack generative AI tools while also using AI to launch cyber attacks.

The post Guardrails Breached: The New Reality of GenAI-Driven Attacks appeared first on Security Boulevard.

What is the EU AI Act? The EU AI Act (European Union Artificial Intelligence Act) is the world’s first comprehensive legal framework regulating artificial intelligence. Introduced by the European Commission in April 2021 and formally adopted in 2024, the Act is designed to ensure AI systems developed or used in the EU are safe, transparent, […]

The post EU AI ACT appeared first on Centraleyes.

The post EU AI ACT appeared first on Security Boulevard.

How Can NHIs Serve as the Crucial Backbone in Overall System Protection? What if there was a foolproof method for safeguarding your organization’s systems and data from potential threats? A diligent layer of security that offers complete visibility and control over system vulnerabilities? The answer lies in the competent management of Non-Human Identities (NHIs) and […]

The post How Can NHIs Enhance Overall System Security? appeared first on Entro.

The post How Can NHIs Enhance Overall System Security? appeared first on Security Boulevard.

Is Proactive NHI Management Our Best Bet Against Cyber Threats? The importance of non-human identities (NHIs) in cybersecurity cannot be overstated. These unique identifiers for automated systems and machine-to-machine communication form the bedrock of modern business infrastructure. But how can we contend with the risks they pose? Proactive NHI management might just be the solution. […]

The post Why Proactive NHI Management is a Must? appeared first on Entro.

The post Why Proactive NHI Management is a Must? appeared first on Security Boulevard.