Quote for the day:
“A great person attracts great people and knows how to hold them together. “ -- Johann Wolfgang von Goethe
What happens when penetration testing goes virtual and gets an AI coach
 Researchers from the University of Bari Aldo Moro propose using Cyber Digital
Twins (CDTs) and generative AI to create realistic, interactive environments for
cybersecurity education. Their framework simulates IT, OT, and IoT systems in a
controlled virtual space and layers AI-driven feedback on top. The goal is to
improve penetration testing skills and strengthen understanding of the full
cyberattack lifecycle. At the center of the framework is the Red Team Knife
(RTK), a toolkit that integrates common penetration testing tools like Nmap,
theHarvester, sqlmap, and others. What makes RTK different is how it walks
learners through the stages of the Cyber Kill Chain model. It prompts users to
reflect on next steps, reevaluate earlier findings, and build a deeper
understanding of how different phases connect. ... This setup reflects the
non-linear nature of real-world penetration testing. Learners might start with a
network scan, move on to exploitation, then loop back to refine reconnaissance
based on new insights. RTK helps users navigate this process with suggestions
that adapt to each situation. The research also connects this training approach
to a broader concept called Cyber Social Security, which focuses on the
intersection of human behavior, social factors, and cybersecurity.
Researchers from the University of Bari Aldo Moro propose using Cyber Digital
Twins (CDTs) and generative AI to create realistic, interactive environments for
cybersecurity education. Their framework simulates IT, OT, and IoT systems in a
controlled virtual space and layers AI-driven feedback on top. The goal is to
improve penetration testing skills and strengthen understanding of the full
cyberattack lifecycle. At the center of the framework is the Red Team Knife
(RTK), a toolkit that integrates common penetration testing tools like Nmap,
theHarvester, sqlmap, and others. What makes RTK different is how it walks
learners through the stages of the Cyber Kill Chain model. It prompts users to
reflect on next steps, reevaluate earlier findings, and build a deeper
understanding of how different phases connect. ... This setup reflects the
non-linear nature of real-world penetration testing. Learners might start with a
network scan, move on to exploitation, then loop back to refine reconnaissance
based on new insights. RTK helps users navigate this process with suggestions
that adapt to each situation. The research also connects this training approach
to a broader concept called Cyber Social Security, which focuses on the
intersection of human behavior, social factors, and cybersecurity. 7 signs it’s time for a managed security service provider
 When your SOC team is ignoring 300 daily alerts and manually triaging what
should be automated, that’s your cue to consider an MSSP, says Toby Basalla,
founder and principal data consultant at data consulting firm Synthelize. When
confusion reigns, who in the SOC team knows which red flag actually means
something? Plus, if you’re depending on one person to monitor traffic during
off-hours, and that individual is out sick, what happens then? ... Organizations
typically realize they need an MSSP when their internal team struggles to keep
pace with alerts, incident response, or compliance requirements, says Ensar
Seker, CISO at SOCRadar, where he specializes in threat intelligence, ransomware
mitigation, and supply chain security. This vulnerability becomes particularly
evident after a close call or audit finding, when gaps in visibility, threat
detection, or 24/7 coverage become undeniable. ... Many smaller enterprises
simply can’t afford the cost of a full-time cybersecurity staff, or even a
single dedicated expert. This leaves such organizations particularly vulnerable
to all types of attacks. An MSSP can significantly help such organizations by
providing a full array of services, including 24/7 monitoring, threat detection,
incident response, and access to a broad range of specialized security tools and
expertise. “They bring economies of scale, proactive threat intelligence, and a
deep understanding of best practices,” Young says.
When your SOC team is ignoring 300 daily alerts and manually triaging what
should be automated, that’s your cue to consider an MSSP, says Toby Basalla,
founder and principal data consultant at data consulting firm Synthelize. When
confusion reigns, who in the SOC team knows which red flag actually means
something? Plus, if you’re depending on one person to monitor traffic during
off-hours, and that individual is out sick, what happens then? ... Organizations
typically realize they need an MSSP when their internal team struggles to keep
pace with alerts, incident response, or compliance requirements, says Ensar
Seker, CISO at SOCRadar, where he specializes in threat intelligence, ransomware
mitigation, and supply chain security. This vulnerability becomes particularly
evident after a close call or audit finding, when gaps in visibility, threat
detection, or 24/7 coverage become undeniable. ... Many smaller enterprises
simply can’t afford the cost of a full-time cybersecurity staff, or even a
single dedicated expert. This leaves such organizations particularly vulnerable
to all types of attacks. An MSSP can significantly help such organizations by
providing a full array of services, including 24/7 monitoring, threat detection,
incident response, and access to a broad range of specialized security tools and
expertise. “They bring economies of scale, proactive threat intelligence, and a
deep understanding of best practices,” Young says.
Cyber Security Responsibilities of Roles Involved in Software Development
 Building secure software is crucial as a vulnerable software would be an easy
target for the cyber criminals to exploit. There are people, process and
technology forming part of the software supply chain and it is very important
that all of these plays a role in securing the supply chain. While process and
technology play the role of enablers, it is people who should buy-in and adapt
to the mindset of ensuring security in every aspect of their routine work. ...
This includes developers implementing secure coding techniques, security teams
identifying vulnerabilities, and everyone involved staying updated on the latest
threats and best practices to prevent potential security breaches. Whatever said
and done, the root cause of a vulnerability in a software ultimately boils down
to people, because someone somewhere had missed something and thus a security
defect creeps in to the supply chain and shows up as a vulnerability. It could
be a missed requirement by the Business Analyst or a simple coding mistake by a
developer. So, everyone involved in the software development right from
gathering requirements to deployment of the software in production environment
need to have the sense of cyber security in what they do. Even those involved in
support and maintenance of software systems also has a role in keeping the
software secure.
Building secure software is crucial as a vulnerable software would be an easy
target for the cyber criminals to exploit. There are people, process and
technology forming part of the software supply chain and it is very important
that all of these plays a role in securing the supply chain. While process and
technology play the role of enablers, it is people who should buy-in and adapt
to the mindset of ensuring security in every aspect of their routine work. ...
This includes developers implementing secure coding techniques, security teams
identifying vulnerabilities, and everyone involved staying updated on the latest
threats and best practices to prevent potential security breaches. Whatever said
and done, the root cause of a vulnerability in a software ultimately boils down
to people, because someone somewhere had missed something and thus a security
defect creeps in to the supply chain and shows up as a vulnerability. It could
be a missed requirement by the Business Analyst or a simple coding mistake by a
developer. So, everyone involved in the software development right from
gathering requirements to deployment of the software in production environment
need to have the sense of cyber security in what they do. Even those involved in
support and maintenance of software systems also has a role in keeping the
software secure.
Build Boringly Reliable ai Into Your DevOps
 Observability for ai is different because “correctness” isn’t binary and inputs
are messy. We focus on three pillars: live service metrics, evaluation metrics
(task success, hallucination rate), and lineage. The first pillar looks like any
microservice: we scrape metrics and trace request/response cycles. We prefer
OpenTelemetry for traces because we can tag spans with prompt IDs, model routes,
and experiment flags. The benefit is obvious when a perf spike happens and you
can isolate it to “experiment=prompt_v17.” ... Costs don’t explode; they
creep—one verbose chain-of-thought at a time. We price every inference the same
way we price a SQL query: tokens in, tokens out, latency, and downstream work.
For a customer-support deflection bot, we discovered that truncating history to
the last 6 messages cut average tokens by 41% with no measurable drop in
solved-rate over 30 days. That was an easy win. Harder wins come from selective
routing: ship easy tasks to a small, fast model; escalate only when confidence
is low. ... Data quality makes or breaks ai results. Before we debate model
choices, we sanitize inputs, enforce schemas, and redact PII. You don’t want a
customer’s credit card to become part of your “context.” We’ve had great results
with a lightweight validation layer in the request path and daily batch checks
on the source corpora.
Observability for ai is different because “correctness” isn’t binary and inputs
are messy. We focus on three pillars: live service metrics, evaluation metrics
(task success, hallucination rate), and lineage. The first pillar looks like any
microservice: we scrape metrics and trace request/response cycles. We prefer
OpenTelemetry for traces because we can tag spans with prompt IDs, model routes,
and experiment flags. The benefit is obvious when a perf spike happens and you
can isolate it to “experiment=prompt_v17.” ... Costs don’t explode; they
creep—one verbose chain-of-thought at a time. We price every inference the same
way we price a SQL query: tokens in, tokens out, latency, and downstream work.
For a customer-support deflection bot, we discovered that truncating history to
the last 6 messages cut average tokens by 41% with no measurable drop in
solved-rate over 30 days. That was an easy win. Harder wins come from selective
routing: ship easy tasks to a small, fast model; escalate only when confidence
is low. ... Data quality makes or breaks ai results. Before we debate model
choices, we sanitize inputs, enforce schemas, and redact PII. You don’t want a
customer’s credit card to become part of your “context.” We’ve had great results
with a lightweight validation layer in the request path and daily batch checks
on the source corpora. 
Why Training Won’t Solve the Citizen Developer Security Problem
 In most organizations, security training is a core component of cybersecurity
frameworks and often a compliance requirement. Helping employees recognize and
respond to cyber threats significantly reduces human error, the leading cause of
security breaches. That said, traditional security training for technically
inclined IT staff and developer teams is already a formidable challenge. Rolling
out training for citizen developers—employees with little to no formal IT or
security background— is exponentially harder for several reasons ... It’s a
well-known fact: security training has always struggled to deliver lasting
behavioral change. For two decades, employees have been told, “Don’t click
suspicious links in emails.” Yet, click rates on phishing emails remain
stubbornly high. Why? Human error is persistent, so training alone is not
enough. In response, businesses are layering technology — advanced email
gateways, sandboxing, Endpoint Detection and Response (EDR), and real-time URL
scanning — around users to compensate for their inevitable lapses in judgment.
... Unfortunately, traditional AppSec tools fall short for no-code apps, which
aren’t built line by line and rely on proprietary logic inaccessible to standard
code scans. Even with access, interpreting their risks demands specialized
cybersecurity expertise, rendering traditional code-scanning tools ineffective.
In most organizations, security training is a core component of cybersecurity
frameworks and often a compliance requirement. Helping employees recognize and
respond to cyber threats significantly reduces human error, the leading cause of
security breaches. That said, traditional security training for technically
inclined IT staff and developer teams is already a formidable challenge. Rolling
out training for citizen developers—employees with little to no formal IT or
security background— is exponentially harder for several reasons ... It’s a
well-known fact: security training has always struggled to deliver lasting
behavioral change. For two decades, employees have been told, “Don’t click
suspicious links in emails.” Yet, click rates on phishing emails remain
stubbornly high. Why? Human error is persistent, so training alone is not
enough. In response, businesses are layering technology — advanced email
gateways, sandboxing, Endpoint Detection and Response (EDR), and real-time URL
scanning — around users to compensate for their inevitable lapses in judgment.
... Unfortunately, traditional AppSec tools fall short for no-code apps, which
aren’t built line by line and rely on proprietary logic inaccessible to standard
code scans. Even with access, interpreting their risks demands specialized
cybersecurity expertise, rendering traditional code-scanning tools ineffective.
6 signs of a dying digital transformation
 “It’s a fundamental disconnect where the technology being implemented simply
isn’t delivering the promised improvements to operations, customer experience,
or competitive advantage.” This indicator, he notes, often reveals itself as a
growing cynicism within the organization, with teams feeling like they’re simply
“doing digital” for its own sake without a clear understanding of the “why” or
seeing any real positive impact. ... When users aren’t interested or feel no
need to use the transformation’s new tools or applications, it indicates a
disconnect between the users, their goals, and actual business outcomes, says
Aparna Achanta, IBM Consulting’s cybersecurity strategist and AI governance and
transformation leader. To successfully address this issue, Achanta recommends
aligning digital transformation with the overall business vision, making sure
that the voices of end-users and customers are being heard. ... Strong business
leadership, and a willingness to admit mistakes, are essential to digital
transformation success, Hochman says. “Too often, enterprises run away from
failure.” He notes that such moments are actually golden opportunities to break
paradigms and try new approaches. “The more failures a company speaks openly
about, the more innovation occurs.” ... “Adoption is the oxygen of
transformation,” he says.
“It’s a fundamental disconnect where the technology being implemented simply
isn’t delivering the promised improvements to operations, customer experience,
or competitive advantage.” This indicator, he notes, often reveals itself as a
growing cynicism within the organization, with teams feeling like they’re simply
“doing digital” for its own sake without a clear understanding of the “why” or
seeing any real positive impact. ... When users aren’t interested or feel no
need to use the transformation’s new tools or applications, it indicates a
disconnect between the users, their goals, and actual business outcomes, says
Aparna Achanta, IBM Consulting’s cybersecurity strategist and AI governance and
transformation leader. To successfully address this issue, Achanta recommends
aligning digital transformation with the overall business vision, making sure
that the voices of end-users and customers are being heard. ... Strong business
leadership, and a willingness to admit mistakes, are essential to digital
transformation success, Hochman says. “Too often, enterprises run away from
failure.” He notes that such moments are actually golden opportunities to break
paradigms and try new approaches. “The more failures a company speaks openly
about, the more innovation occurs.” ... “Adoption is the oxygen of
transformation,” he says. 
Why Master Data Management Is Even More Important Now
 There is a mindset shift that must happen to get people to buy into the cost and
the overhead of managing the data in a way that's going to be usable, Thompson
says. “It’s knowing how to match technology up with a set of business processes,
internal culture, commitment to do things properly and tie [that] to a business
outcome that makes sense,” he says. “[T]he level of maturity of some good
companies is bad. They’re just bad at managing their data assets.” ... “[MDM]
has very real business consequences, and I think that's the part that we can all
do better is to start talking about the business outcome, because these business
outcomes are so serious and so easy to understand that it shouldn't be hard to
get business leaders behind it,” says Thompson. “But if you try to get business
leaders behind MDM, it sounds like you want to undertake a science project with
their help. It’s not about the MDM, it’s about the business outcome that you can
get if you do a great job at MDM.” ... In older organizations, MDM maturity
tends to be unevenly distributed. The core data tends to be fairly well
organized and managed, but the rest isn’t. The age-old problem of data ownership
and a reticence to share data doesn’t help. “The notion of data mesh [is] I’ll
manage this piece, and you manage that piece. We’ll be disconnected but we can
connect, and you can use it, but don’t mess with it. It’s mine,” says Landry.
There is a mindset shift that must happen to get people to buy into the cost and
the overhead of managing the data in a way that's going to be usable, Thompson
says. “It’s knowing how to match technology up with a set of business processes,
internal culture, commitment to do things properly and tie [that] to a business
outcome that makes sense,” he says. “[T]he level of maturity of some good
companies is bad. They’re just bad at managing their data assets.” ... “[MDM]
has very real business consequences, and I think that's the part that we can all
do better is to start talking about the business outcome, because these business
outcomes are so serious and so easy to understand that it shouldn't be hard to
get business leaders behind it,” says Thompson. “But if you try to get business
leaders behind MDM, it sounds like you want to undertake a science project with
their help. It’s not about the MDM, it’s about the business outcome that you can
get if you do a great job at MDM.” ... In older organizations, MDM maturity
tends to be unevenly distributed. The core data tends to be fairly well
organized and managed, but the rest isn’t. The age-old problem of data ownership
and a reticence to share data doesn’t help. “The notion of data mesh [is] I’ll
manage this piece, and you manage that piece. We’ll be disconnected but we can
connect, and you can use it, but don’t mess with it. It’s mine,” says Landry.
How to Future-Proof Your Data and AI Strategy
The earlier you find a software bug, the less expensive it is to fix and the less negative customer impact it has – this is a basic principle of software development. And the value of a shift-left approach becomes even more apparent when applied to data privacy in the age of AI. If you use personal information to train models and realize later that you shouldn’t have, the only solution is to roll back the model, which also rolls back the value of the system and the competitive advantage it was intended to deliver. ... Companies need a scalable approach to determine where to go deep and where to move quickly. Prioritize based on impact by applying stricter controls where AI is high-risk or high-stakes, such as projects where AI is core to the functionality of new solutions or segments of the business. Apply lighter-touch governance where risk is low and build scalable policies that align governance intensity with business context, risk appetite, and innovation goals. ... Future-proofing your data and AI strategy is more than having the right tools and processes; it’s a mindset. If your approach isn’t designed for scalability and agility, it can quickly become a source of friction. A rigid, compliance-focused model makes even the best tools feel ineffective and can result in governance being seen as a bottleneck rather than a value driver.The Unavoidable ‘SCREAM’: Why Enterprise Architecture Must Transform for the Organization of Tomorrow
 In an era where every discussion, whether personal or organizational, is
  steeped in the pervasive influence of AI and data, one naturally questions the
  true state of Enterprise Architecture (EA) within most organizations today.
  Too often, we observe situational chaos and a predominantly reactive posture,
  where EA teams find themselves supporting hasty executive decisions in a
  culture of order-taking. Businesses, in turn, perceive Information Technology
  as slow to deliver, while IT teams, grappling with a perceived lack of
  business understanding, struggle to demonstrate timely value. This dynamic
  often leads to organizations becoming vendor-driven, with core architectural
  management often unaddressed. Despite this, there’s no doubt that the demand
  for Enterprise Architecture is surging. However, the existing challenges—from
  the sheer breadth of required skillsets and knowledge to the overwhelming
  abundance of frameworks to choose from—frequently plunge EA practices into
  moments of SCREAM: Situational Chaotic Realities of Enterprise Architecture
  Management. However, among these challenges, there persists a profound desire
  for adaptive design and resilient enterprise architecture. Significant
  architectural efforts are indeed undertaken across organizations of all sizes.
  The equilibrium that every organization truly needs, however, often feels
  elusive.
  In an era where every discussion, whether personal or organizational, is
  steeped in the pervasive influence of AI and data, one naturally questions the
  true state of Enterprise Architecture (EA) within most organizations today.
  Too often, we observe situational chaos and a predominantly reactive posture,
  where EA teams find themselves supporting hasty executive decisions in a
  culture of order-taking. Businesses, in turn, perceive Information Technology
  as slow to deliver, while IT teams, grappling with a perceived lack of
  business understanding, struggle to demonstrate timely value. This dynamic
  often leads to organizations becoming vendor-driven, with core architectural
  management often unaddressed. Despite this, there’s no doubt that the demand
  for Enterprise Architecture is surging. However, the existing challenges—from
  the sheer breadth of required skillsets and knowledge to the overwhelming
  abundance of frameworks to choose from—frequently plunge EA practices into
  moments of SCREAM: Situational Chaotic Realities of Enterprise Architecture
  Management. However, among these challenges, there persists a profound desire
  for adaptive design and resilient enterprise architecture. Significant
  architectural efforts are indeed undertaken across organizations of all sizes.
  The equilibrium that every organization truly needs, however, often feels
  elusive.
   
 
No comments:
Post a Comment