Reach Security

At UC Irvine’s Digital Leadership Agenda 2026, moderated by Nicole Perlroth, Garrett Hamilton illustrates what those blind spots can look like: “We believed it was deployed.” “It was turned on.” “It should have stopped this.” Except one exception, one policy gap, one control not applied at scale — and assumptions replace reality. The real problem isn’t visibility. It’s continuously validating intent against execution. Learn more about Reach → reach.security Shift thinking left of boom → reach.security/blog/security-… #Cybersecurity #ExposureManagement #SecurityLeadership

Healthcare CTOs are in a race they can't afford to lose. Tyler Theys, CTO at Ensemble Health Partners, put it plainly: AI innovation is moving fast, and keeping patient records secure while trying to keep up is a real challenge. Reach gives his team one less thing to worry about: managing the security controls protecting their perimeter. "Leveraging Reach has been a godsend for us. I don't have to focus on that stuff. I can go focus on what's really driving our business, which is the innovation and AI initiatives." That's the job. Free your team to go build. Learn more: reach.security/solutions/secu… #exposuremanagement #ai #ctem

At Black Hat last year, we sat down with Kevin Mandia to talk about what's coming. His take: offense is going to accelerate with AI. Not slow down. Not plateau. Accelerate. When you've run more red teams than practically anyone on the planet, the pattern is clear. Getting into a victim network is already a race. AI compresses those time frames further. The attack surface isn't changing. Misconfigurations, things that slipped, controls that were on and got turned off. The entry point stays the same. AI just makes the race to exploit it faster. If AI is accelerating offense, we believe it has to be central to defense.  Learn more: f.mtr.cool/piiyaxzzgd

CrowdTour made a stop in New York City last week and Reach was there to partake. Tim Schippmann and Al Puccerella spent the day at JW Marriott Essex House alongside security practitioners, engineers, and leaders from across the industry. Nine to five, booth to breakout to happy hour. Lots of ground covered.  Grateful for the time with the CrowdTour community. Back on the road! #crowdtour #cybersecurity #nyc

World Series Champions vs. NorCal rivals.  Reach joined Tevora and Swimlane last night for an evening at Dodger Stadium with our security friends. You really can't beat events like this. Thanks to Tevora for the hospitality as always. See you at the next one! #cybersecurity #reachsecurity

Reach Security was in San Diego last night at Kodi Connect. Pat Brogan and Cain Nocera spent the evening in roundtable conversations with senior cybersecurity leaders at the Fairmont Grand Del Mar. Heck of a room to have some productive conversations in! Thank you to everyone who joined us and Kodi Connect #cybersecurity #aiincybersecurity

Reach Security is on the ground at the 7th Annual Nashville Official Cybersecurity Summit today. Come find Ben Dean, Ryen Wilkens, and Nelson Lawson. Misconfigured controls and configuration drift are the weak points AI-powered attacks hit first. Reach hardens them faster than attacks can exploit them. AI attackers move fast. Reach moves first. 📍 Renaissance Nashville Hotel | May 13

This morning at Innotech in Austin, Garrett Hamilton is joining Evan from Run Reveal and Dave Endler from Runtime VC for a panel moderated by Dan Holden. The topic: what founders see that CISOs often don't. Founders are pattern-matching across hundreds of security teams every day. CISOs are deep inside one program, making hard calls with limited time and resources. Different vantage points, and sometimes a real disconnect. A room full of cyber practitioners and leaders in Austin this morning to have that conversation openly. #Innotech2026 #CyberSecurity #CTEM

Last week, Garrett Hamilton joined Phil Venables, Dave Gold, and Amit Megiddo for a panel on where security is heading and what it's going to take to get there, part of a CISO MasterClass hosted by David Hahn and Ballistic Ventures in Chicago. The conversation didn't pull punches. Topics ranged from the evolving role of the CISO to what relentless 100% control deployment actually looks like in a world where every organization is a target of opportunity. Grateful to David Hahn and the Ballistic Ventures team for the invite and the room. #cybersecurity #ciso #configurationdrift #reachsecurity

World Password Day was yesterday. But every day is World Password Day when you work in security. Garrett Hamilton shared his perspective in VMBlog's roundup alongside practitioners who live and breathe this stuff. The headline: the problem isn't missing controls. It's the ones you have that aren't consistently enforced. Read here: f.mtr.cool/nxefnbtixu #worldpasswordday #ctem

One of the best events we've been a part of. Tyler White and Bryce Carter, you built something genuinely special here, and it keeps getting better. Thank you Joe Fang for capturing it so well. The Rockies delivered. Three days, unforgettable views, and sore legs for the ride home. Jon Jensen and Scott White, thank you for braving the trails and the altitude on behalf of Reach. #cisoascent #ciso

The Rockies have hosted world records before. Now it's cybersecurity's turn. The largest known gathering of CISOs on hikes.  Thank you CISO Ascent for hosting an epic event to bring us all together. May the trail gods shine down on us today! #reachsecurity #ctem #ciso

Microsoft Defender for Office 365 is powerful out of the box. The problem? Configurations drift. IT teams make changes the security team doesn't know about. Anti-phishing policies weaken. Safe Links gaps open up. And AI-powered attackers are finding those openings faster than any team can manually catch them. Reach analyzes your Microsoft Defender for Office 365 controls, activates underutilized capabilities, remediates misconfigurations, and keeps your deployment aligned to your security baseline continuously. Learn more: f.mtr.cool/nfvlqfecxk #microsoftdefender #configurationdrift #ctem

Garrett Hamilton recently presented at the North Texas ISSA Lunch & Learn in Plano, TX to talk about what risk reduction actually looks like in practice. Reach shows customers exactly which controls they've deployed, the user impact of those changes, and how much risk has been reduced across IAM, EDR, email, firewall, and SASE. Not feature checklists. Targeted, measurable outcomes tied to the business. Learn more: f.mtr.cool/utqnxynibt #exposuremanagement #continuousthreatexposuremanagement

Your security stack isn't standing still. Products ship updates, teams make changes, break-glass exceptions get made and forgotten. Configurations quietly drift from where they're supposed to be. The problem isn't effort. It's that the environment moves faster than any manual process can keep up with. And the tools most likely to drift? Firewalls, EDR, and identity controls. The ones you're counting on most. We surveyed 250 security professionals to understand how configuration drift is creating risk at scale. What's the biggest driver of configuration drift in your environment? Get the full report: f.mtr.cool/nwryhxfkpl  #configurationdrift #cybersecurity #continuousthreatexposuremanagement

Do you have networking trench foot? Come grab a fresh pair of a socks and say hi to the team! We're at the CyberRisk Alliance Cybersecurity Summit in Salt Lake City this week! Come find Cain Nocera and Haley Pratt. #reachsecurity

97% of security executives say misconfigurations and control issues have led to an incident, breach, or near-miss at their organization. If you've been following us recently, you've heard that before. Full disclosure: you'll probably hear it again. It's significant because it doesn't come from us. It comes from a research poll of 250 security executives. Their words, their experiences, their organizations. We just asked the questions. It's also why we built Reach the way we did. Most security tools track vulnerabilities. We started at the control level, the atomic unit of how your security stack is actually configured. Because if you get that foundation right, everything else layers on top: drift detection, posture management, continuous remediation. Configuration drift isn't a new problem. There was an entire market built around it for networking alone two decades ago. It's just never been fully solved. We're honored SC Media recognized us as Best Continuous Threat Exposure Management Solution this year. And we think the research explains why the problem still matters. Read the full report:  f.mtr.cool/luiczzlunx  #ctem

Configuration drift is not a new problem. It's one that demands a better answer. In a conversation with Todd Graham, he made the case plainly: the industry spent years confusing compliance with security. A SOC2 is a point in time. The moment the audit closes, drift begins. Our Drift Research Report quantifies what that looks like operationally. Organizations review configurations an average of 6.5 times per month, yet remediation takes an average of 8.3 days once an issue is found. Only 2% can resolve misconfigurations in under a day. That gap is where exposure lives. Read the full findings: reach.pulse.ly/spnlhwhihc

Welcome to the team! Slavi Marinov Principal Software Engineer Ivan Bondarev Staff Software Engineer Jackson Kohl Sales Development Representative Noah Kraemer Senior Staff Software Engineer Jake Fernung Senior Sales Executive Josh Toone Devops Engineer Nicola Martinez Field & Partner Marketing Manager Dennis Faire Senior Product Manager Sarang Ardhapurkar Developer Experience Engineer Nelson Lawson Senior Account Executive

How do you secure a network where the risk doesn't stop at your own perimeter? Nancy Phillips, CISO at Ensemble Health Partners, works with nearly 40 hospital clients, each with millions of patients. When you add those numbers up, the data footprint rivals some of the largest healthcare organizations in the country. And it's not just Ensemble's security that matters. With hundreds of vendors across the hospital ecosystem, every partner connection is part of the equation too. That's the environment Nancy and her team are responsible for protecting, and why getting security coverage right isn't optional. How do you manage third-party risk at scale? — See how Reach gives you visibility and control across your security environment: reach.pulse.ly/lwoskekmrq #CISO #cybersecurity #securityposture