Stela Fink

Have you registered for this weekend's Wicked6 Cyber Games? There is still time to register (see promo cod below) and catch all the excitement, an amazing group of speakers, and, of course, all the players. Join cyber enthusiasts and professionals from around the world as they participate in cyber games and learn about careers in #AI, #Infotech, and #InfoSec. Check out Wicked6: wicked6.com I am also excited to be a featured speaker at the event. Use promo code: W6Partner15 for $15 off registration. #cybergames #CTF

I couldn't agree more with the recent fireside chat from LMG Security regarding the React2Shell vulnerability and the confirmed incident involving LexisNexis. In recent months, I have faced challenges with clients who have overlooked my recommendations due to a false sense of security. It has been difficult to stress the urgency of essential actions such as: - Patching vulnerabilities - Engaging with their supply chain - Conducting third-party vulnerability assessments Finding the right balance in communication without instilling unnecessary fear has proven to be a significant hurdle. Mass Exploitation 2.0: Web Platforms Under Attack youtu.be/usPpWA6x0Fc?si… via @YouTube

I got asked on the news today is Cybersecurity a field that is being impacted by AI or is it a safe field? I explained how I struggle with this personally as well - there's a lot of fear, uncertainty and doubt in every technology market right now, but I'm extremely optimistic. Security will always be needed, there is no question there - nothing will ever be perfect. Bad actors are creative and will use AI as a force multiplier as will defense. Over the past several years, organizations have gotten substantially better from a breach perspective (not everyone, but much of the industry) and it's been harder for us as red teamers to breach systems. That's our mission and goal, and it should always be. If AI can play a role in making organizations much more secure, this is a good thing and I think it will. However, the sheer velocity of code being written, complex systems created, interconnectivity of other systems - complexity has always created risk for organizations. This complexity will continue to propel cybersecurity forward as an industry however, it will require everyone to utilize AI as part of their everyday job. My biggest advice to everyone concerned with this is learn AI, incorporate it into everything you do (don't burn out), and you are safe. AI is an incredible technology that is only going to get better. I'm using it everyday, and honestly, I haven't felt this excited since the early 2000 hacker days where I was fuzzing applications and writing zero days. It's a whole new era to an industry that didn't have much innovation over a 15-year span. We were told every RSA that next generation was going to solve it, DLP was going to solve it, whatever the next buzz word is for that year - was a major technological advancement that would change the industry for the better. It didn't. The same issues plagued us - basic security practices not followed, phishing attacks compromising an entire organization, long multi-year cybersecurity programs moving at a snails pace. I think we're finally at a spot where we can make rapid advancement, but it still doesn't solve the basics that we know work. Governance structures, zero trust, vulnerability/patch management, application security (whole new era here), perimeter hardening, and much more that AI will not solve and cannot solve. At the end of the day, cybersecurity is largely not a technology problem, its a business/organization/people problem. AI doesn't solve that, but it does help us amplify what we can do with limited budgets, not enough staffing, large attack surfaces, and more. I'm excited on where we are heading as an industry, and AI is something I can't get enough of. Now if Claude could reset my tokens so I can get back to work, that would be great. I also recommend watching @NetworkChuck video here, explains the roller coaster ride that is AI emotionally: youtube.com/watch?v=dbMXi9…

If you order by Dec 21, you'll get it for Christmas! I recommend the Elk Frenched Rack! #JacksonHoleBuffaloMeat #ElkFrenchedRack I love Jackson Hole Buffalo Meat! Use this link to get a discount! oken.do/6qjn3e7a?utm_s…

May the light shine on the darkness and remind of the resilience and miracle that one day's worth of oil in the Menorah kept shining for eight days. Happy Hanukkah 🕎✡️

Happy Holidays !

I can't believe this was 15 yrs ago!!! My how time has flown by! It was a fun challenging weekend in Fort Lauderdale and all well worth it! The foundations of #combatfitness I earned have stayed with me. I am thankful and grateful for the folks I met and those that are no longer with us, y'all were my inspiration! #hagana

View my verified achievement from @proofpoint. credly.com/badges/baef7c6… via @credly

I've known this for as long as I've been running. I'm glad the science finally caught u. 🥵😎🤓 But I think my husband @InfoSecFink, will always worry when I'm out running or walking in 110+degrees in humid or dry weather, hopefully this article will help him relax a little 😉 Heat Training Acts As 'Poor Man's Altitude Training' To Boost Athletic Performance, Study Shows weather.com/news/weather/n…

🚀 A life-changing cybersecurity scholarship opportunity is almost here. If you've been waiting for the right moment to break into the field, this is it. 🎯 Get Ready, applications open July 25 at 10 AM ET. 🔗 sans.org/u/1C7q #SANSCyberAcademy #CyberJobs #GIAC

Do you conduct security awareness training for end users only annually? As humans are often the weakest link in security, more frequent training may be beneficial. How comprehensive is your organization infrastructure monitoring? Ensure it covers the entire infrastructure not just endpoints. Focusing only on endpoints may miss many attackers tactics and techniques that they could employ to breach your infrastructure. Do you align with industry best practices and compliance standards only for audits, or are you actively mitigating real security risks? This article explores these and other questions. #infosec #cybersecurity csoonline.com/article/402284…

☄️ Reflecting on recent events involving major incidents in both Information Security and natural disasters, such as the Ingram Micro Ransomware attack and the historic floods in Texas and New Mexico, it raises crucial questions about individual and organizational preparedness during times of crisis. These recent events underscore the imperative for proactive measures in ensuring robust security protocols and disaster response strategies within organizations. 👾 How does this relate to the July 2025 Patch Tuesday? The connection lies in the essence of readiness and planning. Numerous conversations with colleagues and Infosec OGs, have highlighted the importance of adequate planning, preparation, and rigorous testing before implementing patches in a production environment. Often, the realization of such necessities only dawns upon organizations after facing an unforeseen incident. 💥 A critical consideration regarding the capacity of organizations to conduct patch testing. Are patches evaluated in a development setting or directly in the production environment? The scope of testing extends beyond applications and operating systems to encompass the entire infrastructure, including switches, firewalls, etc. #infosec #patchtuesday #incidentresponse #cybersecurity Microsoft Patches 130 Vulnerabilities for July 2025 Patch Tuesday - securityweek.com/microsoft-patc…

Cisco has released updates for two serious security issues in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC). Unpatched, these flaws could have allowed hackers to take full control of your system. Read more about it here: zurl.co/Hw8kf

Founder and CEO David Kennedy spoke with Fox Business about the recent FBI warning that the hacking group Scattered Spider is targeting the airline industry ahead of the Fourth of July holiday weekend. Watch now! @HackingDave

In today's AI-focused world, #privacy is no longer just a legal issue—it’s a key part of business strategy. 💡 This blog highlights why companies that embed privacy into their #AI strategies stand out, earn loyalty and #innovate with confidence. brnw.ch/21wTOJP

Just attended a thought-provoking webinar discussing various AI security concerns and the impact of granting AI access to your calendar for managing meeting conflicts. The concept of "Shadow AI" is already unsettling, and now the emergence of the "First-ever zero-click" attack adds a new layer of concern. How prepared is your organization to safeguard AI? #infosec #AI csoonline.com/article/400596…

Happy 250th Birthday US Army! 🇺🇲🪖🎖️#usarmy