Resilient Cyber

Resilient Cyber explores cybersecurity, emphasizing the integration of security into business environments. It addresses challenges like vulnerability management, secure software supply chains, Zero Trust models, and government compliance. The newsletter highlights the importance of built-in security practices, accountability, and collaboration between security and development teams across industries.

Cybersecurity Software Development DevSecOps Software Supply Chain Security Cloud Security Government Compliance AI Security Vulnerability Management Open Source Security

The hottest Substack posts of Resilient Cyber

And their main takeaways

Resilient Cyber Newsletter #15

119 implied HN points 24 Sep 24
🕹 Technology Cybersecurity AI Security Software Development Cloud Computing Digital Transformation
  1. Some software vendors are creating security problems by delivering buggy products. Customers should demand better security from their suppliers during purchase.
  2. As companies rush to adopt AI, many are overlooking crucial security measures, which poses a big risk for future incidents.
  3. Supporting open source software maintainers is vital because many of them are unpaid. Companies should invest in the projects they rely on to ensure their continued health and security.

Cybersecurity's Delusion Problem

419 implied HN points 29 Aug 24
🕹 Technology Cybersecurity Market Dynamics Data Privacy Risk management
  1. Cybersecurity isn't the only focus in business. Companies care about many things, like revenue and customer satisfaction, not just security.
  2. There's often not enough pressure on businesses to take security seriously. Sometimes it's cheaper for them to deal with breaches than to invest in security.
  3. Many cybersecurity talks happen in their own bubble, not considering the larger business world. For real progress, they need to speak the language that businesses understand.

Resilient Cyber Newsletter #14

59 implied HN points 17 Sep 24
🕹 Technology Cybersecurity Cloud Security AI Security DevOps Compliance
  1. Cyber attacks on U.S. infrastructure have surged by 70%, affecting critical sectors like healthcare and energy. This is causing bigger risks because these sectors are tied to essential services.
  2. Wiz has introduced 'Wiz Code' to improve application security by connecting cloud environments to source code and offering proactive ways to fix security issues in real-time.
  3. There's a growing crisis in the cybersecurity workforce, with many claiming there are numerous jobs available while many professionals feel unprepared for the roles. This highlights the disconnect between job openings and real-world experience.

The State of Non-Human Identity (NHI) Security

59 implied HN points 12 Sep 24
🕹 Technology Cybersecurity Cloud Security Data Protection Identity Management
  1. Organizations feel anxious and lack confidence in securing Non-Human Identities, mainly because they know about the risks but don't have good strategies to manage them.
  2. Many companies struggle with basic security practices like managing service accounts and API keys, which puts them at risk since they often don't review permissions regularly.
  3. There is a strong interest in investing in better tools and solutions for NHI security, as businesses recognize their current weaknesses and want to improve their defenses.

Resilient Cyber Newsletter #12

79 implied HN points 03 Sep 24
🕹 Technology Cybersecurity AI Security Venture Capital Software Development Data Privacy
  1. Many companies believe they are prepared for cyber threats, but actually, most lack strong leadership involvement in their cybersecurity efforts. That's making them more vulnerable.
  2. Despite spending a lot on security solutions, many enterprises still face breaches, showing that having many tools doesn't always mean better protection.
  3. There's a debate about how founders should manage their startups. Some say founding leaders need to be hands-on rather than relying on traditional management styles that don’t always work for fast-growing companies.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

How ADR Addresses Gaps in the Detection & Response Landscape

99 implied HN points 20 Aug 24
🕹 Technology Cybersecurity Software Application Security Data Protection Cloud Computing
  1. Application Detection & Response (ADR) is becoming important because attackers are increasingly targeting application vulnerabilities. This shift means we need better tools that focus specifically on applications.
  2. Modern software systems are complex, making it hard for traditional security tools to catch real threats. That's why understanding how these systems interact can help identify harmful behavior more effectively.
  3. There’s a big push to find and fix security issues early in the development process. However, this focus on early detection often misses what's actually happening in real-life applications, making runtime security like ADR crucial.

Resilient Cyber Newsletter #11

39 implied HN points 27 Aug 24
🕹 Technology Cybersecurity AI Security Application Security Software Development
  1. CISOs and security leaders need to understand Directors & Officers insurance due to increasing legal troubles. Knowing how to protect themselves from litigation is becoming essential.
  2. AI is making big changes in development, as shown by Amazon's claim of saving thousands of developer years. This shows a trend towards AI taking over more coding tasks.
  3. The application security market is very complicated. It's important to grasp what tools and strategies work best to secure software without getting lost in all the technical jargon.

Resilient Cyber Newsletter #13

19 implied HN points 10 Sep 24
🕹 Technology Cybersecurity AI Software Development Data Privacy Government Policy
  1. The cybersecurity workforce is struggling with a high number of unfilled jobs, as organizations report a lack of qualified candidates. Many are misled by claims of high salaries with little experience needed.
  2. In 2024, security budgets increased modestly, but hiring for security staff has declined significantly. This stagnation in hiring indicates a complicated employment landscape in cybersecurity.
  3. The White House has released a roadmap to improve internet routing security, focusing on enhancing the Border Gateway Protocol. This aims to boost the overall safety of internet infrastructure.

Vulnerability Exploitation in the Wild

79 implied HN points 01 Aug 24
🕹 Technology Cybersecurity Data Analysis Software Development Vulnerability Management Risk Assessment
  1. The Exploit Prediction Scoring System (EPSS) helps predict how likely a software vulnerability is to be exploited. It provides a score, so organizations can focus on the vulnerabilities that really matter.
  2. Most vulnerabilities that are reported, about 94%, aren’t even exploited in real life. This means organizations waste a lot of resources on vulnerabilities that pose no threat, highlighting the importance of focusing on the ones that are actually exploited.
  3. The EPSS tool works better than older systems like the Common Vulnerability Scoring System (CVSS). It helps organizations prioritize their efforts because it brings more efficiency in vulnerability management.

Systemic Concentrated Cyber Risks

79 implied HN points 28 Jul 24
🕹 Technology Cybersecurity Market Dynamics
  1. Concentrated cyber risks can cause major problems when a few companies dominate the market. If something goes wrong with a major vendor, it affects many organizations relying on them.
  2. Having a diverse range of vendors can help reduce risks. This diversity encourages innovation and prevents over-dependence on one company's tools.
  3. Finding the right mix between using dominant vendors and maintaining vendor diversity is crucial. Organizations must look for a balance that meets their unique needs while minimizing risks.

Resilient Cyber Newsletter #10

39 implied HN points 20 Aug 24
🕹 Technology Cybersecurity AI Software Development Vulnerability Management Cloud Computing
  1. Security tool sprawl is increasing in organizations, with many now using 70 to 90 different tools, making it harder to manage effectively.
  2. AI can speed up fixing coding vulnerabilities, but many AI-generated codes can be insecure, requiring careful checking by developers.
  3. Understanding systems and processes is key to tackling the complexities of cybersecurity, rather than blaming external forces for challenges in job applications.

Resilient Cyber Newsletter #6

79 implied HN points 23 Jul 24
🕹 Technology Cybersecurity Software Development AI Security Market Trends Workforce Issues
  1. Crowdstrike faced a huge IT outage because of a faulty update, affecting many industries. This shows how important having strong disaster recovery processes is for businesses.
  2. There's a growing debate about who the Chief Information Security Officer (CISO) should report to—whether the CEO or CIO. What really matters is how much influence and impact they have in their role.
  3. Wiz opted out of a big sale to Google and plans to pursue its IPO instead. Their focus on building a solid security platform may help them succeed despite the tough market.

Navigating AI Risks with ATLAS

19 implied HN points 04 Sep 24
🕹 Technology AI safety Cybersecurity Risk management Data Protection Machine Learning
  1. MITRE's ATLAS helps organizations understand the risks associated with AI and machine learning systems. It provides a detailed look at what attackers might do and how to counteract those strategies.
  2. The ATLAS framework includes various tactics and techniques that cover the entire lifecycle of an attack, from reconnaissance to execution and beyond. This helps businesses prepare better defenses against potential threats.
  3. Using tools like ATLAS and its companion resources can help secure AI adoption and development by highlighting vulnerabilities and suggesting mitigations to reduce risks.

Software's Iron Triangle: Cheap, Fast and Good - Pick Two

39 implied HN points 14 Aug 24
🕹 Technology Cybersecurity Software Quality Market Dynamics Regulation Risk management
  1. Balancing quality in software is tough. You can have it cheap, fast, or good, but you can only pick two options.
  2. There's a big gap in information between software makers and users. Many users don’t really know what's in the software they use or how secure it is.
  3. The security of software often takes a back seat to speed and cost. This leads to issues where security measures are seen as extra costs, not necessities.

Resilient Cyber Newsletter #7

59 implied HN points 30 Jul 24
🕹 Technology Cybersecurity AI Software Cloud Leadership
  1. The U.S. has released its first comprehensive report on cybersecurity, highlighting key risks like ransomware and the need for better incident preparedness.
  2. Many American companies are lacking strong cybersecurity leadership, which leads to vulnerabilities and incidents. Board members often need more expertise in digital systems.
  3. To secure cloud services and open source software, it's important to learn from past mistakes and implement better governance and security measures.

Resilient Cyber Newsletter #5

79 implied HN points 16 Jul 24
🕹 Technology Cybersecurity AI Security Cloud Security Vulnerability Management Federal Policy
  1. CISA's Red Team was able to infiltrate a federal agency and remain undetected for five months, highlighting vulnerabilities in government cybersecurity practices.
  2. The U.S. Office of Management and Budget has published new cybersecurity priorities for FY26, focusing on modernizing defenses and improving open-source software security.
  3. Google is close to acquiring the cloud security company Wiz for $23 billion, a move that could strengthen its position against competitors like Microsoft and AWS.

Resilient Cyber Newsletter #1

119 implied HN points 18 Jun 24
🕹 Technology Cybersecurity Artificial Intelligence Software Development Data Privacy Cloud Computing
  1. The SEC's case against SolarWinds could change how Chief Information Security Officers are viewed in the industry, potentially discouraging talented people from taking on these roles.
  2. Organizations need to actively prepare for cyberattacks through tabletop exercises, which can help teams respond better during real security incidents.
  3. Microsoft's cybersecurity issues have raised concerns regarding national security, highlighting the need for stronger security practices and accountability in tech companies.

What Are Non-Human Identities and Why Do They Matter?

159 implied HN points 28 May 24
🕹 Technology Cybersecurity Identity Management Cloud Computing Data Breaches Software Development
  1. Non-Human Identities (NHIs) are the machine-based accounts used in businesses, often outnumbering human accounts significantly. They include things like service accounts and API keys, which are essential for modern tech operations.
  2. NHIs are a major security risk since they can have lots of permissions and are often left unmonitored. This makes them a target for hackers looking to exploit weak points in security systems.
  3. It’s important for companies to have strong governance around NHIs. Without proper controls, these machine identities can lead to security gaps and make it easier for attackers to gain access to systems.

Resilient Cyber Newsletter #4

79 implied HN points 09 Jul 24
🕹 Technology Cybersecurity AI Vulnerability Management Regulation Workforce
  1. Cybersecurity roles are becoming more competitive, and many people want to join the field. It's important to have standards, but we also need to make sure newcomers have a chance to enter the profession.
  2. There's a huge increase in cybersecurity vulnerabilities, making it harder for companies to keep up. Organizations need better ways to manage these vulnerabilities to protect against attacks.
  3. The conversation around AI in cybersecurity is rising, with discussions on how to use it securely and the risks involved. Transparency is key to building trust, especially after high-profile breaches.

Bringing Security Out of the Shadows

99 implied HN points 06 Jun 24
🕹 Technology Cybersecurity AI Software Compliance Risk management
  1. Shadow usage happens when employees use technology without telling the IT or security teams. This is easy to do, especially with things like personal devices and remote work.
  2. Cybersecurity teams often react to problems instead of staying ahead of technology trends. Instead of waiting for issues to arise, they should explore and adapt new technologies early.
  3. Long-lasting issues between security teams and other departments lead to frustration. If security teams work better with others, they can create a smoother, more productive environment.

3 Key Areas for Mitigating Non-Human Identity (NHI) Risks

39 implied HN points 24 Jul 24
🕹 Technology Cybersecurity Identity Management Risk management Incident Response Automation
  1. Organizations need to keep track of all non-human identities, like service accounts and API keys. This helps in monitoring and managing security across different systems.
  2. When a third party experiences a security breach, it's crucial to quickly identify which non-human identities are affected. Rapid response can help limit potential damage and keep business running smoothly.
  3. Detecting unusual behavior in non-human identities is key to spotting security threats. Using automated tools can help security teams stay on top of potential risks efficiently.

Open Source Security Landscape 2024

139 implied HN points 21 Apr 24
🕹 Technology Cybersecurity Open Source Software Development Risk management
  1. Most codebases now use a lot of open source software, which can come with serious security risks. This means many systems are more vulnerable because they contain known vulnerabilities that might not be addressed.
  2. The number of components in applications is increasing, leading to software bloat. This makes it tough for teams to manage security and keep everything up to date, which can create more risks for users.
  3. Licensing issues are common in open source software, with many projects having conflicts or unclear licenses. This can lead to legal problems for businesses that use these components in their software.

Death Knell of the NVD?

199 implied HN points 11 Mar 24
🕹 Technology Cybersecurity Software Data Management Vulnerability Management Open Source
  1. The NIST National Vulnerability Database (NVD) is an important source for understanding software vulnerabilities, but it is facing significant issues. Many vulnerabilities lack timely analysis and critical information.
  2. There is a need for better tagging and categorization of vulnerabilities, such as associating Common Vulnerability Enumeration (CVE) identifiers with specific products. Without this, organizations struggle to know what vulnerabilities affect their systems.
  3. Alternatives to the NVD like the Sonatype OSS Index and the Open-Source Vulnerabilities (OSV) Database are emerging, but they focus primarily on open-source software. The effectiveness and reliability of the NVD remain crucial for broader security practices.

Resilient Cyber Newsletter #9

19 implied HN points 13 Aug 24
🕹 Technology Cybersecurity AI Automation Compliance Vulnerability Management
  1. Microsoft is tying employee bonuses to security performance, highlighting the importance of prioritizing security in their culture. This means employees are encouraged to choose security over other goals like speed or profit.
  2. There's growing interest in using AI for cybersecurity tasks, including identifying vulnerabilities and automating processes. This technology could help improve security practices but also presents challenges.
  3. The market for security automation is expected to grow significantly. This means companies are looking for ways to streamline their security processes and keep up with new threats efficiently.

The D.I.E. Triad - Applied to your Career (and Life)

279 implied HN points 17 Jan 24
💼 Business Career development Professional networking Agile Methodology Digital Transformation
  1. Building a strong network is important for career resilience. It's not just about who you know, but who knows you and what you bring to the table.
  2. Some core values and work ethics should remain unchanged throughout your career. These qualities, like determination and discipline, help you stay successful as roles and technologies change.
  3. You should treat your personal and professional growth like a product that needs constant improvement. Embrace change and ask for feedback to keep evolving.

The Rise Of Application Security Posture Management (ASPM) Platforms

119 implied HN points 25 Apr 24
🕹 Technology Vulnerability Management Software Development
  1. Application security is becoming more complicated as software development grows, making it hard for teams to keep track of security issues. It's important for teams to have a clear view of application security to effectively manage vulnerabilities.
  2. ASPM platforms are designed to help organizations manage application security more efficiently by combining tools and workflows. They enable teams to see security risks clearly and respond quickly to issues without overwhelming them with alerts.
  3. The integration of security into the development process, known as DevSecOps, aims to reduce vulnerabilities and improve collaboration among teams. With ASPM, businesses can connect security efforts across different stages of software development for better protection.

You can't teach someone to swim when they're drowning

119 implied HN points 16 Apr 24
🕹 Technology Cybersecurity Software Engineering Data Protection Software Development
  1. It's important to build software with security in mind from the start, rather than trying to add it in later. This 'Secure-by-Design' approach can prevent many issues down the line.
  2. Software suppliers should take responsibility for the security of their products, as their decisions affect a lot of users. Customers shouldn't always have to 'patch and fix' flawed products themselves.
  3. The rapid growth of known software vulnerabilities is overwhelming for organizations. Instead of just telling them to fix everything quickly, we should push for better, more secure products from the beginning.

Managing Open Source and SBOM's

299 implied HN points 13 Dec 23
🕹 Technology Cybersecurity Software Open Source Supply Chain Governance
  1. It's important for organizations using open source software (OSS) to know the responsibilities of developers and suppliers. They should track updates and manage licenses to avoid risks.
  2. Creating a secure internal repository for OSS can help organizations ensure that the components meet safety and compliance standards before using them in products.
  3. Using Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) documents helps improve transparency about the software components. This makes it easier to manage risks related to vulnerabilities.

Resilient Cyber Newsletter #8

19 implied HN points 06 Aug 24
🕹 Technology Cybersecurity AI Vulnerability Management Software Leadership
  1. CrowdStrike is facing lawsuits after a significant outage affected Delta Airlines and many flights. This situation raises concerns about the reliability of software and the idea of software liability.
  2. Cybersecurity has many common mistakes, or anti-patterns, that organizations fall into. These include chasing the latest trends instead of focusing on core security practices.
  3. The SEC's new rules may be harming the effectiveness of Chief Information Security Officers (CISOs) in the U.S., making it harder for them to focus on reducing risks for their organizations.

Digging into the OWASP AI Exchange

239 implied HN points 10 Jan 24
🕹 Technology AI Security Cybersecurity Open Source Software Development Risk management
  1. OWASP AI Exchange is a valuable resource for understanding AI security risks and sharing knowledge. It helps organizations learn how to protect themselves against threats in AI systems.
  2. The AI Exchange provides guidelines for managing AI security throughout its development and use. Companies can adopt controls to mitigate risks associated with data leaks, manipulation, and insecure outputs.
  3. Practitioners are advised to incorporate standard security practices from app security into AI systems. Regular monitoring and using tools like threat modeling are essential for maintaining safety in AI usage.

Resilient Cyber Newsletter #2

39 implied HN points 25 Jun 24
🕹 Technology Cybersecurity AI Cloud Security Risk management Vulnerability Management
  1. Companies need to be careful about how much they share regarding their cyber insurance. Revealing this information might make them targets for attackers.
  2. The role of a CISO is changing and becoming more business-focused. Many believe they should focus on leadership rather than just technical tasks.
  3. AI can help improve cybersecurity, but there are also concerns about its use by attackers. It's important to explore how AI can enhance our defenses.

The DBIR is entering its Vulnerability Era

79 implied HN points 03 May 24
🕹 Technology Cybersecurity Data Breaches Vulnerability Management Software Development Risk Assessment
  1. Vulnerability exploitation is growing rapidly, with a 180% increase reported. This means more cyber attackers are taking advantage of software weaknesses.
  2. Organizations are struggling to keep up with vulnerability management. Simply telling them to patch faster isn't enough; they need better strategies to reduce the number of vulnerabilities.
  3. The push for 'Secure-by-Design' software is getting stronger. This approach encourages companies to take responsibility for their products' security, making them safer for everyone.

NIST's "Strategies for Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines"

159 implied HN points 13 Feb 24
🕹 Technology Cybersecurity Software Development Cloud Computing DevOps Data security
  1. Software supply chain attacks are on the rise, so companies need to protect their processes from potential risks. Understanding these threats is key for organizations that rely on software.
  2. NIST provides guidelines to help organizations improve their software security in DevSecOps environments. By following their advice, companies can ensure that their software development processes are safe from compromise.
  3. Implementing zero-trust principles and automating security checks during software development can greatly reduce the risk of attacks. This means controlling access and regularly checking for vulnerabilities throughout the development cycle.

Software: Liability, Safe Harbor and National Security

139 implied HN points 08 Feb 24
🕹 Technology Cybersecurity Software National Security Innovation
  1. Software developers may need to be held responsible for security flaws that lead to cyber attacks. This could protect critical infrastructure from being misused.
  2. Creating clear standards for software safety is important. These rules could help developers understand what they're responsible for and how to improve their products.
  3. A safe harbor could protect developers who follow best practices. This means they won't face lawsuits if they do everything right and still have issues.

A Look at the UK's National Cyber Security Centre's Vulnerability Management Guidance

119 implied HN points 25 Feb 24
🕹 Technology Cybersecurity Vulnerability Management Risk Assessment Software updates Compliance
  1. Organizations should have a clear policy to automatically apply software updates. This helps close the gap between when vulnerabilities are identified and when they are fixed, making it harder for bad actors to exploit them.
  2. Knowing what assets you own and who is responsible for them is crucial. Without this information, vulnerabilities could go unaddressed, leading to increased security risks.
  3. The business should take ownership of the risks related to vulnerabilities, not just the security team. It’s important for leadership to understand and document the decisions regarding risks associated with remediation.

Leveraging an AI Security Framework

79 implied HN points 11 Apr 24
🕹 Technology AI Security Data Management Risk Assessment Software Development Cybersecurity
  1. The Databricks AI Security Framework (DASF) helps identify and manage risks in AI systems. It's important for security experts and AI developers to know how to keep AI safe while still allowing innovation.
  2. Data operations have the highest number of security risks, like data poisoning and poor access controls. If the raw data is compromised, it can affect the entire AI system.
  3. Different stages of AI development, like model training and deployment, have unique risks to watch for, such as model theft and prompt injection attacks. Understanding these risks helps keep AI applications secure.

Sitting On a Haystack of Digital Needles

179 implied HN points 20 Dec 23
🕹 Technology Cybersecurity Software Development Vulnerability Management Digital Security Risk Assessment
  1. The number of software vulnerabilities is growing really fast, and it's hard for organizations to keep up. Right now, a lot of vulnerabilities get reported, but companies can only fix a small fraction of them each month.
  2. There's a big push for making software safer from the start, so users aren't stuck dealing with problems created by developers. This idea, called 'Secure-by-Design,' aims to shift the responsibility for security onto the companies making the software.
  3. Many organizations are feeling overwhelmed trying to patch vulnerabilities. If they stop, they risk being exploited by attackers, making it feel like a never-ending struggle to stay secure.

Software Supply Chain Security in DevSecOps & CI/CD

259 implied HN points 27 Sep 23
🕹 Technology Cybersecurity Software Development DevOps Cloud Computing Information Security
  1. Software supply chain attacks are increasing, making it essential for organizations to protect their software development processes. Companies are looking for ways to secure their software from these attacks.
  2. NIST has issued guidance to help organizations improve software supply chain security, especially in DevSecOps and CI/CD environments. Following NIST's recommendations can help mitigate risks and ensure safer software delivery.
  3. The complexity of modern software environments makes security challenging. It's important for organizations to implement strict security measures throughout the development lifecycle to prevent attacks and ensure the integrity of their software.

CISA and NCSC's Take on Secure AI Development

179 implied HN points 01 Dec 23
🕹 Technology AI Security Software Development Cybersecurity Data Protection Risk management
  1. CISA and NCSC released guidelines for secure AI development that focus on unique security risks and the responsibilities of both AI providers and users. It's important for organizations to understand who is responsible for protecting AI systems.
  2. The guidelines emphasize practices like threat modeling and raising awareness of AI risks during the design phase. This helps organizations build secure systems by understanding potential threats upfront.
  3. Security doesn't stop at deployment; ongoing monitoring and incident response are crucial for maintaining safe AI operations. Companies need to keep an eye on how their AI systems behave and be ready to respond to any security incidents.

SBOM Management

159 implied HN points 18 Dec 23
🕹 Technology Cybersecurity Software Risk management Vulnerability Management Incident Management
  1. SBOMs, or Software Bill of Materials, list components of software products. They help organizations know what parts make up their software, which is important for security.
  2. The NSA offers guidelines for managing SBOMs, emphasizing the need for both software suppliers and consumers to take security seriously. Suppliers should be transparent and accountable, while consumers should ensure their suppliers follow good security practices.
  3. Organizations need effective SBOM tools that can manage and analyze software components, detect vulnerabilities, and facilitate easy reporting. These tools should also be user-friendly to help teams work efficiently.