Reach Security

At UC Irvine’s Digital Leadership Agenda 2026, moderated by Nicole Perlroth, Garrett Hamilton illustrates what those blind spots can look like: “We believed it was deployed.” “It was turned on.” “It should have stopped this.” Except one exception, one policy gap, one control not applied at scale — and assumptions replace reality. The real problem isn’t visibility. It’s continuously validating intent against execution. Learn more about Reach → reach.security Shift thinking left of boom → reach.security/blog/security-… #Cybersecurity #ExposureManagement #SecurityLeadership

Modern cybersecurity has reached a breaking point. Human-driven processes can no longer keep pace with the scale, complexity, and speed of change across tools, threats, and environments. Thousands of configurations, hundreds of new features each year, and constant change quickly overwhelm even well-staffed teams. This allows misconfigurations and configuration drift to quietly weaken defenses over time. This is where domain-specific language models (DSLMs) matter. DSLMs are trained exclusively on validated security data, patterns, and control logic. They ensure deterministic reasoning and accurate interpretation of security controls, resulting in reliable remediation actions and guidance. Unlike general-purpose AI, these models understand security tool configurations, control behavior, and attacker techniques. This deep specialization enables precise identification of misconfigurations and underutilized defenses that manual reviews routinely miss. Reach uses purpose-built cybersecurity AI to understand configurations and control deployments across the security stack, then intelligently modify those configurations to harden defenses and supercharge security posture—at machine speed. If you’re heading to RSAC, let's chat: bit.ly/3NwKX2I Learn more about how Reach is transforming security with DSLMs: bit.ly/4dyX0XK #RSAC #Cybersecurity #AI #SecurityControls

Great evening at the Tevora PXG Custom Putter Fitting Experience in Scottsdale! Thank you, Tevora, for putting on a great event. You never fail to provide top notch entertainment and great opportunities to connect with other folks in the industry. Shout out to Cain Nocera for holding it down for Reach! On to the next one. #reachsecurity

Cybersecurity Domain-Specific Language Models (DSLMs) mark a turning point for cybersecurity strategy, shifting the balance from reactive to proactive. By ensuring precise, deterministic reasoning and eliminating the risk of hallucinations, DSLMs empower Security Architects to maintain robust configurations, identify drift as soon as it occurs, and proactively close exposure gaps. The latest research by Gartner® explains how domain-specific language models (DSLMs) enable security platforms to understand configurations, threat intelligence, and control coverage with the depth and precision required to automate real security outcomes. Read the blog: bit.ly/4rHvcUH Get the report: bit.ly/3PHklfT

Security control rot is real. Risk doesn’t just come from new vulnerabilities. It builds quietly as security controls drift, misconfigurations accumulate, and defensive capabilities go unused. That’s why Reach is built as an AI-Native Security Controls Operating System. We help teams identify blind spots, prioritize fixes, automatically remediate misconfigurations and drift, and continuously validate that security posture remains strong as environments evolve. We’re discussing this in Dallas this week at Elevate Xchange. #reachsecurity

Welcome to Reach Jon Jensen! We're excited to have you on the team. Can't wait to build great things together. 🚀 #reachsecurity

Are you going to RSAC? We are. If you're going, we’d love to connect: bit.ly/4sJdZLg RSAC is one of the few times each year the security community gets to step out of alerts and into real conversations. Who is Reach Security? Reach helps customers: Identify Blind Spots Most breaches succeed because they exploit blind spots across your defense ecosystem. Reach connects with your existing security infrastructure to automatically reveal hidden misconfigurations, underused security tool capabilities, and high risk users. Prioritize Action Reach prioritizes action based on the severity of exposure, attack behaviors, and configuration context - aligning control recommendations to your organization’s priorities. This lets you focus on fixes that reduce the most risk in the shortest amount of time. Guide Remediation Reach generates detailed step-by-step fixes, then executes tailored remediation workflows across your security ecosystem via integrations with your ticketing systems, aligned to MITRE, ZTNA, or your chosen framework. Reach doesn’t just surface issues – it fixes them for you automatically, at scale. Continuously Validate Security posture isn’t static. Configurations change constantly. Reach continuously monitors your configurations over time to detect configuration drift the moment it happens, stop it, and validate that controls are working as intended. Achieve continuous visibility and control to stay ahead of change and ensure posture isn’t just assessed – it’s maintained. #RSAC #cybersecurity #exposuremanagement

Dallas next week. We’re excited to be part of Elevate Xchange on March 18 at Stonebriar Country Club. Always valuable to step out of the inbox and into real conversations with security practitioners. A big theme we’re seeing: risk doesn’t just come from vulnerabilities. It often comes from misconfigured security tools and drift. That’s why we’ve built domain-specific AI models that help teams identify blind spots, prioritize action, guide remediation, and continuously validate that security controls are working as environments change. In practice, Reach becomes an operating system across the controls organizations already rely on. Don't miss it. If you’re attending, come say hello to the Reach team.

@SpillTheMemes i have email?

A pass is a PASS! 😎😎😎

@twtayaan love operates in releases

When you are the only Kubernetes expert in the company and you are summoned

Last week in Atlanta was a good one. We spent time with security leaders from across financial services, healthcare, and insurance at the CISO Fast Lane event at the Porsche Driving Experience Center. Equal parts thoughtful conversation, great food, and fast cars. Big thanks to Yonti Bar-Or and the CISO Experiences team for putting together a genuinely valuable evening on the Kimpton rooftop. Exactly the kind of discussion most of us are looking for right now. The next day moved from conversation to experience, with folks getting behind the wheel on the Porsche track, putting some real wear on the tires. Not a bad setting to keep the dialogue going. Appreciate our fellow sponsors JetStream Security Inc., ArmorCode Inc., Upwind Security, and Bedrock Data for helping make it happen. And thanks to everyone who joined us across the dinner, the track sessions, and the many side conversations in between. These are the moments where real perspectives get shared and real relationships get built. Proud to have Michael Baker, Jon Jensen, Yonti Bar-Or, Haley Platt, Garrett Hamilton, and Laurie Moreland there representing Reach Security.  Zoom zoom. #cybersecurity #ciso

We’re at FutureCon Tampa today. If you’re here too, come say hi to Ben and Tyler. We’re demoing how security teams can actually find hidden risk across the tools they already own and continuously fix what matters most. Less noise. More configurations working the way they’re supposed to. Think of it as an operating system for security controls. Stop by 👋 #reachsecurity #futurecon

What if your security technology thought like the security architect who built your defenses? It deeply understands your security and IT tools, configurations, and exposure like a seasoned security architect. Domain-specific language models (DSLMs) make that possible.The latest research by Gartner® explains how DSLMs enable security platforms to understand configurations, threat intelligence, and control coverage with the depth and precision required to automate real security outcomes — not just generate analysis. By applying DSLMs trained on cybersecurity data, platforms can continuously identify misconfigurations, prioritize risk, automate remediation, and ensure security controls stay aligned to policy and evolving threats. Reach is recognized in the report as a tech innovator using DSLMs to operationalize preemptive cybersecurity capabilities. Read the Gartner report to learn how DSLMs are shaping the future of security operations. f.mtr.cool/ziytksdpxb

Great night in Orlando. Huge thanks to everyone who helped make the Signature Dinner at Universal CityWalk such a fun and memorable event during the summit. From the red carpet arrival to great conversations over dinner, it was a great opportunity to connect with customers, partners, and friends across the security community. A special thank you to the teams who helped bring the evening together and to our fellow sponsors who co hosted the night across the different venues including Apiiro, CardinalOps, and Google. It was great seeing the community spread across CityWalk and enjoying the evening together. And of course, a big thank you to everyone who stopped by Bob Marley – A Tribute to Freedom, where Reach was proud to sponsor and welcome guests throughout the night. Shoutout to our very own Anjali Hegde and Al Puccerella for representing Reach Security and connecting with the community throughout the evening. Looking forward to the next one!

We're honored to hear Reach Security has been named an SC Awards Finalist in the Best Continuous Threat Exposure Management Solution category. Reach provides a single interface to understand and operate security controls at scale. By tapping into the security tools teams already use, Reach helps ensure defenses stay aligned, security posture remains strong, and threat exposure is continuously reduced. Grateful to the SC Awards judges and the broader security community for the recognition. Read the article here: f.mtr.cool/ppvcwfqrrq f.mtr.cool/pymsomihae #cybersecurity #ctem #exposuremanagement

Transform Cybersecurity with AI Modern cybersecurity has reached a breaking point. Human-driven processes can no longer keep pace with the scale, complexity, and speed of change across security tools, threats, and environments. Security teams are managing thousands of configurations across identity, endpoint, network, and cloud systems. As environments evolve, misconfigurations, underused controls, and configuration drift quietly weaken defenses over time. AI can help, but only when it understands cybersecurity. Domain-specific language models are trained on the language of security tools, threats, and defensive controls. That context allows AI to analyze complex environments, identify defensive weaknesses, and help security teams eliminate exposures before attackers exploit them. Learn more about how cybersecurity domain-specific AI works: reach.security/blog/proactive… #cybersecurity #ai #exposuremanagement

Say yes to 𝚕̶𝚒̶𝚏̶𝚎̶ driving experiences Thinking back on all the time we’ve spent together shaping a company we’re proud of. Team bonding. Skill building. Hyper-focused sessions on how we can continue to solve the biggest problems for our customers. Driving experiences. Excited for the year ahead. If you ain't first, you're last. #reachsecurity

Garrett Hamilton, CEO & Co-Founder of Reach, joined Bryce Carter, CISO for the City of Arlington, at the NTX ISSA Lunch & Learn in Plano, TX — a practical, operator-focused discussion with the local security community. Here’s what we covered: ☑︎ Why finding vulnerabilities matters less if your controls aren’t validated and working as intended ☑︎ How configuration drift weakens EDR, IAM, email, firewall, and SASE over time  ☑︎ The gap between buying security tools and operationalizing their full capability ☑︎ Why “set and forget” architecture fails in dynamic SaaS and cloud environments ☑︎ How to apply AI with intent: validating controls, reducing noise, and proving efficacy instead of adding another dashboard Ultimately, this is about treating security like a system. Reach acts like an operating system for security controls: continuously validating configurations, identifying gaps, guiding fixes, and helping teams ensure the tools they already own are actually reducing risk. Appreciate the thoughtful discussion and the NTX ISSA community. Learn more: reach.security #cybersecurity #exposuremanagement #securityleaders

Proofpoint’s latest research highlights a growing shift in identity-based attacks. Rather than stealing passwords or exploiting software flaws, threat actors are abusing legitimate Microsoft authentication workflows to gain access to Microsoft 365 accounts at scale. This technique, device code phishing, is not new. What is new is how widely it is being used across both state-aligned and financially motivated actors. The pattern is consistent. A user is lured into entering a device code on Microsoft’s official login page. The authentication is legitimate. MFA succeeds. Microsoft issues an access token tied to an attacker-controlled application. No credential theft. No exploit chain. The attack succeeds not because a control failed, but because the behavior being exploited was enabled and left unrestricted. As organizations strengthen MFA and move away from passwords, attackers are shifting toward abusing authentication flows, OAuth grants, and trust relationships designed for convenience. Device code phishing is a reminder of a broader reality. Security posture is not just about enabling controls. It is about ensuring those controls are configured intentionally, constrained appropriately, and continuously validated as environments evolve. Read up: reach.security/blog/what-devi… #identitysecurity #cybersecurity #oauth #m365 #exposuremanagement

Security tools don’t usually break. They just slowly stop doing what you think they’re doing. Or perhaps were never set up to do what you needed in the first place.  Something got deployed. It worked. Then it drifted. No one noticed. And three years later, you’re questioning the renewal because you’re not even sure what it’s protecting anymore. That’s configuration rot. Thanks to Julian Lee at eChannelNews for the fun, thoughtful and much needed conversation on this topic and more. Watch the full interview here: e-channelnews.com/operationalizi… #cybersecurity #exposuremanagement #securityleaders

We really enjoyed our conversation with Ed Amoroso from TAG Infosphere. We didn’t start Reach to chase headlines. We started it because the hard security problems weren’t getting solved. The important ones rarely are. Security only works when incentives are aligned to the customer’s actual outcome. Not noise. Not theater. Not (exclusively) shiny tools. That alignment is what makes the work worth doing. Appreciate the thoughtful dialogue, Ed. #cybersecurity #founders #buildinpublic #reachsecurity