https://t.co/uVdrMUQoUn #CyberSecurity

The post describes the purpose of the core types of security teams (IT, Security Operations, GRC, and Product Security) and provides a comprehensive 24-month hiring plan broken down by quarters and teams, with specific job titles and levels for each role. Great resource love it!

Tad recommends adjusting the ratio based on how critical your company is as a vendor within your customer’s supply chain attack thread model: - Critical: 1:29 - High: 1:40 - Medium: 1:75 - Low: 1:100

Living with blindness or vision loss shouldn’t limit mobility. These riders say Waymo can help improve their independence.

TL;DR: Tad Whitaker recommends: - 1:40 security:Full Time Employee (FTE) ratio - 1:100 IT:FTE. GitHub had a 1:40 ratio. GitLab 1:24.

𝐒𝐭𝐚𝐫𝐭𝐮𝐩 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲: 𝐑𝐚𝐭𝐢𝐨𝐬 𝐚𝐧𝐝 𝐚 24-𝐌𝐨𝐧𝐭𝐡 𝐇𝐢𝐫𝐢𝐧𝐠 𝐏𝐥𝐚𝐧 How companies like Datadog, HashiCorp, GitHub, GitLab, Segment, Optimizely staff security teams, based on CISO interviews.

Keep up with security research in 7min/week: 📺 Talks 🛠️ Tools and Blog posts 🧪 Research Projects Join 90,000+ security professionals: https://t.co/bniXZXohib Follow me @clintgibler for more!

📢 Sponsor: Harmonic Security (@harmonicsec) Agentic AI is here. Visibility isn’t. We’re building Harmonic MCP Gateway: lightweight controls and visibility for AI-driven workflows. Launching soon →

📚 tl;dr sec 300 🧑🏻‍💻 Security Headcount Ratios + Hiring Plan, 🤖 MCP Security, 📑 Compliance https://t.co/af24im8xHf

Also: Exact Fix Commands - Cloud-specific CLI commands for remediation. Evidence Collection Guides - Step-by-step screenshots auditors accept. Priority-Based Fixes - Critical issues that will fail your audit vs. nice-to-haves. 🔗

✅ 𝐀𝐮𝐝𝐢𝐭𝐊𝐢𝐭: Multi-cloud compliance scanner & evidence collection. “Alternative to $20k/year compliance tools.” 😂 64 SOC2 controls, 30 PCI-DSS controls, 17 CMMC Level 1 controls.

🔗 https://t.co/o3cBwuhu4U

The post recommends: 👍Treat scanner and automation credentials as sensitive assets. 👍 Prefer key-based authentication over passwords. 👍 Disable legacy protocols like NTLMv1. 👍 Validate that Linux EDR solutions provide meaningful security coverage. #cybersecurity

Hey, New York — Brian thinks he's our new CFO. We gave him a stage to prove it.

Techniques to steal credentials: ✅ SSH service environment variable modification ✅ Process tracing (strace sshd) ✅ Malicious PAM modules ✅ Honeypot redirection None of which triggered alerts in their testing of major Linux EDR products 😅 OK so what can we do about it?

Adam gives an example of capturing vulnerability scanner credentials by instrumenting SSH on a compromised server, without triggering Linux EDR alerts.

This risk also applies to: asset inventory platforms, IT automation frameworks, and management tools. Any of these can become security risks when using password-based authentication or insecure protocols.

𝐆𝐞𝐭𝐭𝐢𝐧𝐠 𝐡𝐚𝐜𝐤𝐞𝐝 𝐛𝐞𝐜𝐚𝐮𝐬𝐞 𝐨𝐟... 𝐲𝐨𝐮𝐫 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 𝐬𝐜𝐚𝐧𝐧𝐞𝐫? 😱 Praetorian's Adam Crosser on how stealing credentials from a scanner helped them pivot/escalate on a Fortune 500 company. Here's how:

Keep up with security research in 7min/week: 📺 Talks 🛠️Tools and Blog posts 🧪 Research Projects Join 90,000+ security professionals: https://t.co/bniXZXohib Follow me @clintgibler for more!

📢 Sponsor: @tamnoon_io's AI agent for CloudSecOps automates investigation and delivers production-safe fixes, turning endless alerts into easy-to-implement solutions validated by expert CloudPros. https://t.co/hxQ9sjwNj2

📚 tl;dr sec 299 🤖 The Security Engineer's Guide to MCP, ☁️ IAM Hound Dog, 🧑🏻‍💻 IMDS Anomaly Detection Plus discussing AI in Cybersecurity with my friends, Mitchell Stuart and Conor Sherman on their new podcast, Zero Signal. 🎙️ https://t.co/HJ1EpsUFxy

And a great, concise cheatsheet of what you should look for as a security engineer for both MCP clients and servers. https://t.co/iDbFKf7qfh