Réflexions et Articles

Mission: Impossible made us believe breaking into secure facilities requires: Real attackers in 2024? They just check CVE databases for vulnerabilities you haven’t patched yet and walk through the front door you forgot to lock. The Reality: The average time to exploit a known vulnerability after patch release? 7 days. The average time organizations take […]

Remember the briefing scene in every heist movie? Blueprints covering the walls. Red string connecting photos. Months of surveillance. Danny Ocean studying vault schematics like it’s the Da Vinci Code. Real attackers in 2024? They compromised SolarWinds once, and 18,000 organizations voluntarily installed the malware for them. The Reality: Supply chain attacks are the ultimate […]

In Ocean’s 11, Danny Ocean needed Linus Caldwell to infiltrate the casino. Months of preparation. Deep cover. The perfect inside man. In 2024? Attackers just need Karen from Accounting to think the CEO really did email her about that urgent wire transfer at 4:47 PM on a Friday. The Reality: Social engineering attacks increased 135% […]

For years, the narrative has been “users are the weakest link” – and honestly, I think this framing has done more harm than good. When we position people as liabilities rather than assets, we create a culture of fear and blame. Employees start hiding mistakes instead of reporting incidents. They see security as an obstacle […]

For years, security leaders have championed “best practices” and “industry frameworks.” We’ve had to translate technical risk into business terms, often fighting for a seat at the table. With the SEC’s 4-day disclosure rule, the EU’s DORA, and a wave of new state-level privacy laws, the game has fundamentally changed. What was once “IT risk” […]

It’s easy to get focused on the complex, high-tech threats—AI-driven attacks, zero-days, and quantum-resistant crypto. But a recent warning from the head of GCHQ (one of the United Kingdom’s intelligence and security agencies) brought things back to a critical, analog reality. The advice? Keep paper copies of your crisis plans. It sounds almost archaic, but […]

If you happen to live near Draper, UT, A company named Redo is hiring for a security architect, its AWS based and seems like a good bunch of people. https://lnkd.in/g558_mPw #job #Cyber #redo #racter

Another cloud outage, another flurry of posts about how cloud was the wrong choice and this is what happens when you put your eggs in one basket. It was not cloud that brought these sites down, failure is to be expected in any complex system, it was a lack of adherence to best practices. It […]

I’ve been digging into this ‘DPRK IT Worker’ threat, and we’re not just fighting fake resumes anymore; we’re fighting an adversary who has a U.S.-based accomplice making their overseas activity look like it’s coming from the USA rather than North Korea/China/Russia. So, how do we catch them? For me, it starts at the endpoint. I’m […]

We face with grim inevitability the specter of artificial intelligence descending upon global labor markets—a revolution wielding algorithmic precision like some merciless digital scythe. The professional classes of the West—those comfortably ensconced in climate-controlled offices, diligently parsing spreadsheets and drafting memos—are awakening to their own obsolescence. Machines require no benefits, demand no raises, and outperform […]