CISO Marketplace

Big news from CISO Marketplace! We’re thrilled to announce that GeneratePolicy.com is now LIVE on Product Hunt! https://lnkd.in/ezqWU2fG Writing security & compliance policies is one of the most time-consuming tasks for CISOs and security teams. That’s why we built GeneratePolicy.com—an AI-powered policy generator that helps you create, update, and manage security policies in minutes, not weeks. Why use GeneratePolicy.com? Instant, AI-generated security policies aligned with NIST, ISO 27001, PCI DSS, CIS Controls, and SOC 2 Customizable & compliance-ready—tailored to your industry & security needs Continuous updates to keep policies in sync with evolving regulations Saves time & effort—no more writing policies from scratch Who is this for? CISOs & Security Teams – Automate policy creation and compliance documentation Startups & SMBs – Get enterprise-grade security policies without a full-time security team Consultants & MSPs – Generate policies for clients faster than ever before We’d love your support! Check out our Product Hunt launch here ?? https://lnkd.in/ejvsJStn Try it out & let us know what you think! Feedback is always welcome. #Cybersecurity #ProductHunt #AI #Compliance #GeneratePolicy #CISO #Security #CCO #DPO #HIPAA #GPDR #ISO #NIST

Steal my process!.... here you go "secret recipe" if you want to add #cybersecurity services to your #MSP or more to your #MSSP This is the process I work though with my clients to identify where they are today and build out a road map for more revenue though security. This works for product based services too (so if you want to sell some kit and the program for it). The heart of this is understanding your value and ICP The key to executing that is though good marketing & sales enablement You don't have to take on "everything" to move the needle, start small, manageable and grow it. Most importantly deliver good services, stay client focused! ?? Share this if you found it useful or know someone who will ?? Follow William (Wil) Klusovsky for #WilsRandomAdvice on how to grow your cybersecurity business

Does "vulnerability disclosure" for AI actually work? Last year my team at Stanford got 30 experts together and we argued the current system is broken. Our findings are out today! In our paper, "In-House Evaluation Is Not Enough: Towards Robust Third-Party Flaw Disclosure for General-Purpose AI", we lay out the following: ?? Independent, third-party evaluation of AI systems is essential, but current infrastructure is seriously underdeveloped. The AI industry is far behind more established fields like software security. Without safe harbor from providers of AI systems, researchers and white-hat hackers are much less likely to carry out this work ?? When critical flaws in general-purpose AI systems are reported, it's usually haphazard and incomplete. It's not clear what information should be shared, to whom, and when. In the figure below, we proposed a new system of coordinated flaw disclosure in which third-party evaluators submit standardized AI Flaw Reports to key players across the AI supply chain. Our paper includes templates to ease the process of submitting, reproducing, and triaging flaws ??? Providers of general-purpose AI systems should adopt broad flaw disclosure programs with legal safe harbors to protect researchers who follow good-faith rules of engagement. As in software security, researchers should commit to following these rules (e.g., respecting privacy, not harming real users or systems) in order to protect people and work more effectively with companies to mitigate flaws ?? Flaws in one AI system often transfer across many others (like universal jailbreaks). This means we need improved infrastructure to coordinate distribution of flaw reports across the entire ecosystem, since one developer's problem will almost certainly affect other developers as well as deployers and distributors Thanks to Shayne Longpre and Ruth E. Appel for co-leading the effort with me! Our collaboration brought together experts from 24 institutions across software security, machine learning, law, social science, and policy to identify gaps in the evaluation and reporting of flaws in GPAI systems. A huge shoutout to this wonderful group - Sayash Kapoor, Rishi Bommasani, Michelle Sahar, Sean McGregor, Avijit Ghosh, PhD, Borhane Blili-Hamelin, PhD, Nathan Butters, Alondra Nelson, Amit Elazari, Dr. J.S.D, Andy Sellars, Casey Ellis, Dane Sherrets, Dawn Song, Harley Geiger, Ilona Cohen, Lauren McIlvenny, Madhulika Srikumar, Mark Jaycox, Nadine Farid Johnson, Nicholas Carlini, Nicolas Miailhe, Nik Marda, Peter Henderson, Dr. Rebecca Portnoff, Rebecca Weiss, Victoria (Tori) Westerhoff, Yacine Jernite, Dr. Rumman Chowdhury, Percy Liang, Arvind Narayanan

This tool I've been working on (Threat Intel Slack Bot) fetches the latest cybersecurity news from thehackernews[.]com, uses AI to summarise the key points, extract Indicators of Compromise (IOCs) if present, and send actionable recommendations straight to your team's Slack channel. It's designed to help cybersecurity teams respond proactively to threats per the actionable recommendations. Please, see the GitHub link in the comments below to check the code out. #artificialintelligence #cybersecurity #threatintel #threatintelligence #infosec #openai #langchain #slack

Honored to have been featured in the latest #Cyberology podcast episode at Dakota State University! I had so much fun discussing the ins and outs of my experience with cybersecurity competitions, their benefits, and their real-world applications. Go Trojans! ?? YouTube: https://lnkd.in/eEtXeNwC Website: https://lnkd.in/e5JETqEe #DSUCyber #podcast

?? Room 641A ou l'espionnage massif par la NSA : Mark Klein, l'ancien salarié d'AT&T, qui avait dénoncé et documenté cette vaste opération, est décédé. ? Je crois qu'il y a des résistances honnêtes et des rébellions légitimes. ??Alexis de Tocqueville ?? Le 16 décembre 2005, le NYT publiait une importante enquête (1), relatant comment en 2002, George Bush, à travers un décret présidentiel, avait autorisé la National Security Agency à effectuer une collecte massive de données, sans mandat judiciaire. Cet espionnage important était effectué aussi bien à l'intérieur qu'en dehors de ses frontières. L'agence de renseignement se défendait, affirmant qu'elle demandait des mandats aux tribunaux, pour les communications nationales. Mais c'était faux, et l'espionnage était beaucoup plus important que l'on pouvait l'imaginer. Début 2006, Mark Klein, ancien salarié d'AT&T, entre 1984 et 2004, contacte l'Electronic Frontier Foundation (EFF), afin d'apporter son témoignage et des preuves. Il révéla l'existence d'une salle secrète, la ? Room 641A ?, située dans un batiment d'AT&T à San Francisco. Cette salle contenait des équipements permettant à la NSA d'intercepter et de surveiller de manière massive les communications et données Internet des citoyens américains, sans aucun mandat. EFF et Mark Klein entameront plusieurs procédures judiciaires, tout en informant les citoyens. L'agence de renseignement, ainsi que les différentes administrations, Bush et Obama, réfutaient les révélations. En 2013, les divulgations d'Edward Snowden sont venues confirmer les allégations de Mark Klein. Hier, l'EFF a fait part du décès de Mark Klein. Vous trouverez dans les commentaires quelques liens, qui vous permettront d'approfondir ce sujet concernant la Salle 641A. #sécuritéinformatique #infosec #cybersécurité #osint

Security vendor Symantec used the OpenAI Operator agent to show how an LLM-powered tool could perform a basic cyberattack with minimal prompt engineering — a showcase of what the future might hold.

?? The Ultimate Hacker’s Arsenal - Your OSCP Exploit Hub! ?? Every pentester and OSCP aspirant knows the pain : ?? Searching exploits everywhere. ? Wasting time instead of exploiting. ? Finding PoCs that don’t work. ?? Losing focus on real attacks. ?? Try it out : https://sploitify.haxx.it/ ?? Also, I’ll soon be sharing cybersecurity insights, bug hunting experiences, and OSCP tips on Medium. Stay tuned! ?? https://lnkd.in/gmMXYnUH ?? Why is Sploitify a game-changer? ???? Search by CVE ID, platform, or keyword. ???? Pulls exploits from multiple sources. ????Filters for privilege level, language, and type. ???? No more endless searching—get relevant exploits fast. ???? FREE & Open-source—Because knowledge should be shared! ?? The internet is your playground, but only if you have the right tools. Why waste time searching when you can have the best exploits at your fingertips? Full credits : Dzmitry Smaliak Go explore it and let me know what you think. Will this become your go-to tool for exploit research? ?? #CyberSecurity #EthicalHacking #InfoSec #RedTeam #BlueTeam #PenetrationTesting #ExploitDevelopment #OffensiveSecurity #ExploitResearch #VulnerabilityResearch #CyberAttack #BugBounty #BugBountyTips #BugBountyHunter #OSCP #OSCPJourney #TryHarder #HackingTools #SecurityTools #ExploitDB #Sploitify #ExploitSearch #CyberTools

"Is this vCISO thing gonna work?" That’s what this founder was thinking when he first joined the PowerGRYD. Launching a vCISO consultancy is no joke. The stress. The doubt. The fear of wasting time on something that might not take off. But in just 3 months, they turned uncertainty into $420K ARR. ?????? ???? ??????????????: ??- > Voraciously learned the system. ?????? ???? ????????: ??-> Dove into execution, built repeatability. ?????? ????’?? ??????????: ??-> Closed $420k in 70 days; steady building pipeline. This isn’t luck. This is what happens when you follow a system that works. Want to build your own 7-figure vCISO program? Swipe through to follow his journey. Then drop me a DM with "Grow" and start adding $1M+ ARR through vCISO services. Or head here next: https://lnkd.in/dV2xyx9j #ValueOverEverything

Following a months-long investigation stemming back to mid-2024, Mandiant (part of Google Cloud) just published details on a campaign by the China-nexus espionage actor UNC3886, targeting Juniper routers. Our investigation found a custom malware ecosystem, featuring six distinct variants of the TINYSHELL backdoor, deployed on end-of-life Juniper MX devices. This activity marks an evolution in UNC3886's tactics, now focusing on internal networking infrastructure. The blog details their techniques, including a novel process injection method to circumvent built-in protections, and an embedded script designed to disable logging. We recommend organizations upgrade their Juniper devices to the latest images released by Juniper and run the Juniper Malware Removal Tool (JMRT) Quick Scan and Integrity Check. The full blog post provides detailed instructions on this. We extend our sincere thanks to Juniper Networks for their partnership in investigating this threat. Read the full report here: https://lnkd.in/gssS4gxA Find Juniper's advisory here: https://lnkd.in/gwMrGcXY