CISOSteve

📣 New SecurityScorecard research powered by our recent acquisition of Driftnet uncovered widespread exposure across a U.S. municipal utility network serving tens of thousands of residents. 🔍 Researchers identified: 🔹 Exposed ICS and OT systems directly reachable from the internet 🔹 30 instances of vulnerable surveillance equipment 🔹 Weak encryption and known exploited vulnerabilities across hundreds of IPs 🔹 More than 140 exposed SMB and NetBIOS services 🔹 Consumer-grade devices operating alongside critical infrastructure systems 🛜 These findings highlight a broader issue: many municipal utility providers operate internet and critical infrastructure systems within the same environment, often with limited segmentation and visibility. 🌐 Driftnet’s internet intelligence capabilities expand SecurityScorecard’s ability to identify hidden exposure across externally facing systems, giving Security Operations, threat hunting, and Third-Party Risk Management teams deeper visibility into infrastructure risk before attackers exploit it. 👉 📖 Read the report and explore the power of Driftnet here: securityscorecard.com/resources/repo… #CISO #cybersecurity #vendorriskmanagement #supplychain #TPRM #driftnet #municipalutilitynetwork #cyberresearch #threatresearch #criticalinfrastructure

📣 Announcement: SecurityScorecard Acquires Driftnet to Power Real-Time, Threat-Informed Third-Party Risk Management 🌐 SecurityScorecard today announced the acquisition of Driftnet, which will bring Driftnet’s high-fidelity internet discovery engine into SecurityScorecard's TITAN AI platform. ⚠️ This will give TPRM, Security Operations, and threat hunting teams the real-time intelligence they need to find and fix third-party risks before attackers exploit them. 💬 “The threat landscape has fundamentally changed. AI agentic automation and connected supply chain tools have exploded across enterprise environments — and most TPRM programs have no visibility into the risk AI poses for their vendors,” said Dr. Aleksandr Yampolskiy, CEO and Co-Founder of SecurityScorecard. ✅ SecurityScorecard announced its new TITAN AI platform earlier this year. SecurityScorecard’s acquisition of Driftnet continues the company’s momentum of transforming TPRM through continuous, threat-informed visibility and global internet intelligence. 👉📘 Read the full press release here: securityscorecard.com/company/press/… #CISO #cybersecurity #vendorriskmanagement #supplychain #TPRM #driftnet #acquisition #pressrelease #MergersAndAcquisitions

In the wake of last week’s Canvas breach, @security_score CISO Steve Cobb (@Prot3ctD3f3nd) spoke with @CBS, sharing insights on why proactive #cybersecurity is more important than ever before. Watch the full interview below.

@HackingDave Congratulations bud! Well deserved and looking forward to watching you crush it!

I'm happy to announce that I have officially been promoted to Founder and Chief Executive Officer (CEO) of Binary Defense. With the changes in the industry happening and the shift to artificial intelligence, I have been immersing myself relentlessly on how we innovate and move fast - a complete shift of our entire company. Over the past 12 months we have completely transformed our company to be the most advanced artificial intelligence cyber security company in the world. We have taken MTTD and MTTR to times never thought possible before. Reduced false positives, increased true positives, and completely changed how we operationalize our MDR and product services as a company, and most importantly protect our customers. This journey was one of the fondest memories of my life, doing this with my team and one that is just getting started. With these changes in mind, our board approved me as CEO of the company to drive this company even further during this transformational and historic time in cybersecurity. I want to thank the folks over at Invictus Growth Partners for the trust in me, my partner Mike Valentine, and to all of the amazing folks we have @Binary_Defense . We truly are ahead in this field, innovating everyday, and protecting our customers 24 hours a day, 7 days a week, and 365 days a year. #BinaryDefense

🚢 Cyber-enabled cargo theft is up, and it’s raising concerns as it relates to third-party risk and vendor security. 🕵️‍♂️ The FBI Internet Crime Complaint Center (IC3) alert has reported a 60% increase in cyber-enabled cargo theft since 2024, with losses estimated to be nearly $725 million in 2025 alone. ⛓️‍💥 While the capital loss is substantial, the pivot in criminal groups toward cyber tactics to steal shipments with high resale value and limited traceability reveals a widening security gap in modern supply chains. 💬 Steve Cobb, Chief Information Security Officer at SecurityScorecard is quoted in the story from #Cybernews saying, “the deeper issue is not only stolen cargo, but how easily trust can be manipulated across interconnected third-party relationships.” And scammers aren’t using incredibly sophisticated tactics or schemes unfamiliar to those in the cyber industry. The tactics used are some of the most common, including: ✔️ Criminals posing as trusted carriers ✔️ Social engineering ✔️ Weaknesses in verification practices to steal login credentials ✔️ Phishing emails and malware installation 🗞️ Read the full story here: cybernews.com/cybercrime/fbi… #cybersecurity #cybercrime #supplychains #vendorriskmanagement #thirdpartyrisk #cargotheft #cyberattack

Honored to participate in this effort!

The adversary already treats your supply chain as one continuous attack surface. Defenders need to do the same. If your TPRM program stops at the data layer, you are already behind. #TPRM #SupplyChainSecurity #CargoTheft #ThreatIntel

What that looks like operationally: 🛰 Outside-In monitoring of physical supply chain vendors 🤖 AI detection of typosquatted domains and compromised vendor infra 🚨 Multi-channel verification at the point of execution, not just at onboarding Vendor trust has to function as an active security control.

Honored to be quoted in @CyberNews by @StefSchappert on the FBI's warning about cyber-enabled cargo theft. The numbers: 60% surge since 2024. $725M in losses in 2025 alone. But the real story is not the cargo. It is the trust. 🧵 @security_score 🔗 cybernews.com/cybercrime/fbi…

Three vendors. All medium impact. All running on the same fourth-party provider. That's concentration risk, and it's the part of TPRM most programs never see. Full conversation on the @SecurityScorecard Weekly Brief: CISO Edition 👇 youtube.com/watch?v=PuLZYd…

Heading to Denver for the @TPRAssociation conference this week. Peaks & Pitfalls: Charting the TPRM Terrain. April 20-23. I'm speaking. Topics I care deeply about: outside-in visibility, AI-assisted TPRM, and building programs that reflect actual risk, not just audit checklists. If you're there, come say hello. DM me and let's find time to connect.

Stop chasing perfect defense. Start building an org that can take a hit and keep moving. #CyberResilience #IncidentResponse #CyberSecurity

Breaches will happen. The organizations that win aren't the ones that stopped every attack. They're the ones that detected fast, contained quickly, recovered, and were straight with stakeholders throughout.

The Mythos hype is the security issue. Not the engine itself.