Privacy PC

CISOs often confuse visibility with progress, leaving exposures unmanaged between scans. That being said, CTEM only becomes operational when it integrates into ticketing, CI/CD, and incident workflows. scworld.com/perspective/ho…

My new column on SC Media looks at how teams should respond to the Claude Mythos momentum so cybercriminals don't get the upper hand. scworld.com/perspective/6-…

With virtual desktop set-ups maintaining popularity among organizations, I compiled the ways to protect such ecosystems in 2026, and likely beyond: scworld.com/perspective/se…

SC Media just posted by new column about a promising approach to securing emissions telemetry data in manufacturing execution systems (MES). scworld.com/perspective/ho…

Prompt injection exploits scarce separation between instructions and data in LLMs, and input filtering can't fully solve it. To address this, regulated industries are increasingly applying defense‑in‑depth principles to AI pipelines. scworld.com/perspective/wh…

The rise of synthetic identity fraud, fueled by deepfake technology, is undermining traditional security checks. My latest article on SecureWorld highlights layered defenses and modern verification strategies to counter these evolving threats. secureworld.io/industry-news/…

The piece discusses how AI’s ability to surface vast amounts of potential cyber threats creates a paradox - greater visibility but less clarity of what are real dangers and false positives. Read more if this topic piques your interest. unite.ai/why-ai-is-maki…

It seems malicious actors are cashing in on hyper-volumetric DDoS attacks that have seen a significant growth since late 2025 and continuing in early 2026. My new column on SC Media explains how orgs can stay safe from this incursion vector. scworld.com/perspective/fi…

CSA just posted my new blog that shines a light on the role of micro-segmentation for achieving the efficiency and zero trust based security of physical hosts in large networks. Read this to learn more. cloudsecurityalliance.org/blog/2025/12/1…

When it comes to migrating an enterprise infrastructure to the cloud, the shared responsibility model is often the elephant in the room. My new column on SC Media explains why, and how to provide proper cloud security. scworld.com/perspective/wh…

Disaster recovery often implies a systems rollback to an earlier state, but doing so can open old security loopholes. My new column on SC Media explains what these pitfalls are, and how to steer clear of them. scworld.com/perspective/ro…

My latest article on CSA Blog looks at how three popular BYOD security deployments (VDI, DaaS, Local Secure Enclaves) perform in terms of the Cloud Controls Matrix (CCM) playbook to mitigate risks tied to data leakage, endpoint compromise, and compliance. cloudsecurityalliance.org/blog/2025/11/0…

AI can be a double-edged sword when it comes to IoT security, as it can help strenghthen the defenses, and on the other hand, become a tool in attackers' hands. Read my new article on the amazing SecureWorld News to learn more. secureworld.io/industry-news/…

My new column on SC Media focuses on what adversarial OSINT on C-suite executives looks like, the potential consequences for the organization, and guardrails against this style of attack. scworld.com/perspective/si…

Virtual Desktop Infrastructure (VDI) is the average org's go-to choice for managing BYOD workers and contractors. My new article on Tripwire explores this set-up's vulnerabilities and explains how to minimize associated risk. tripwire.com/state-of-secur…

At some point, every crypto investor faces a dilemma: whether to maintain complete control of their assets and private keys, or to use third-party storage for that. My new article goes over the pros and cons of both tactics. benzinga.com/Opinion/25/10/…

As AI becomes a core component of many SaaS platforms, including those relying on multi-tenant infrastructure, SaaS testing is increasingly complex. My new article explains how automation can be the answer to this complexity. unite.ai/testing-ai-saa…

While trying to facilitate compliance through AI, some organizations struggle to address the security pitfalls of the process. My new column on SC Media explains how to strike a balance between the two worlds. scworld.com/perspective/fi…

Low-code development is definitely fun - until a security incident occurs. Tripwire just published my new blog about the risks the prevail in such ecosystems, and actionable ways to mitigate them. tripwire.com/state-of-secur…

In case you're wondering how a harmless-looking QR code can become a cybersecuirty risk when handled without due cautions, find out by reading my latest article that went live on on the CSA Blog. cloudsecurityalliance.org/blog/2025/07/3…