Azure Has A Kerberos Problem, But It’s Not The One You Think
Blaming Azure for Kerberos exploits isn't a hot take—it's nonsense. Focus on the real root causes instead (which are different than you might think).
risk
16 posts
Integrating Threat Modeling with DevOps
Because DevOps has effectively joined the Operational and Dev domains, it introduces security dependencies which neither domain had to consider before.
Who’s Threat Modeling the Threat Modelers?
When an org's security personnel carry out threat modeling exercises, they tend to make unconscious assumptions about the efficacy of their own security controls. This is dangerous.
The Objective of Securing Privileged Access? To Protect the Business from the Admins
The most common privileged security gaps that attackers exploit come from sacrificing effective privileged admin security on the altar of operational convenience.
How (not) to Waste Your Time Chasing Vulnerabilities
There is a very good chance that your vulnerability management efforts are not actually reducing your risk. The data tells us why.
Your Expensive PIM/PAM Solution Won’t Save You—But This Might
If <that one PAM tool everyone uses> was good enough on its own, then no one in banking would get hacked, because they all use it. Clearly there's more to the story.