Tamnoon

Cloud risk is evolving. Fast. The smartest security leaders aren’t waiting to catch up. They’re getting ahead. @Onyxia and @Tamnoon are hosting a private networking event in Boston’s Seaport to explore how AI is transforming exposure management and cloud governance. This networking event will explore how security leaders are using AI to improve exposure management, automate risk reduction, and build stronger governance frameworks. You’ll gain insights into building a proactive security strategy that balances innovation with control and connect with peers who are navigating the same challenges. Wednesday, May 14 6:00 to 9:00 PM ET Boston Seaport 🎯 Space is limited. Save your seat: 👉 https://hubs.ly/Q03hKM4k0

What a fantastic experience at the CISO XC event in Dallas! Tamnoon was proud to sponsor this conference, and I was thrilled to participate alongside so many talented cybersecurity leaders. The energy and insights shared throughout the day were truly inspiring. Kudos to the CISO XC organizing team for crafting a stellar agenda and delivering a seamless experience for all of us. Thank you for having us 🙏 In the evening, Tamnoon teamed up with our friends at Upwind Security and OX Security to host the Boots, Booze & BBQ happy hour – the perfect way to unwind after a full day of learning. Huge thanks to all the cybersecurity professionals who joined us at Lucchese Bootmaker and made it an unforgettable evening! The cybersecurity community here in Dallas is truly something special – so welcoming and passionate. I’m grateful for all the connections and conversations we shared. Already looking forward to the next time I come back to Dallas 🤠 Joseph Barringhaus 🐙, Mike Bjellos, Anthony M. Ward, Jacob Hernandez #CISOXC #CybersecurityCommunity #Dallas

$250 gift card, boots, BBQ, and the best security professionals crowd. Join us after #CISOXC in Dallas for a social evening of food, drinks, and boot shopping — Lucchese style. RSVP now! 🤠👇

Join us for an engaging CISO networking event in Boston's Seaport District on Wednesday evening, May 14th! We’re excited to partner with Tamnoon and welcome Ryan Davis, CISO of NS1, an IBM Company, as our featured guest. Connect with fellow security leaders over delicious hors d'oeuvres and cocktails while enjoying stunning harbor views. We'll discuss how CISOs can leverage AI to enhance exposure management, automate risk reduction, and strengthen governance frameworks. Don't miss it! RSVP today: https://lnkd.in/gAMjRKwt #CISO #Boston #AI #cybersecurity #ExposureManagement #CloudSecurity #CyberGovernance

Cloud security teams after closing their last critical alert:

“You see, in this world there’s two kinds of people: those who show up early... and those who miss out on boots.” – Probably Clint Eastwood Boots, Booze & BBQ April 17 | 5:30 – 7:30 PM | Lucchese at The Star We’re throwin’ a proper Texas get-together with our friends at Upwind Security and OX Security, and you’re invited. What’s in it for you? ✔️ First 30 guests get a $250 Lucchese gift card ✔️ We’re givin’ away a custom pair of Lucchese boots every hour ✔️ Smoked brisket, bourbon pours, and sharp minds in cloud security It’s first come, first booted. Come hungry. Stay sharp. Leave in style. 👉 https://hubs.ly/Q03h3tP10

I see it every day: cloud security teams drowning in alerts and struggling to fix them. And almost every time, these same three issues pop up: Too many tools adding unnecessary complexity. Too many alerts for your teams to keep up. Too few hands available to help In our latest blog, I share how we flipped the script, helping our customers carry out effective CTEM programs that turn reds into greens. See the exact steps we take to help our customers break up with red once and for all–because the grass really is greener on the other side (we promise) 👇 https://lnkd.in/gNaqm2un

I will be heading to Texas next week and will bring my best boots — or at least my best boot energy. I'll be in Dallas for #CISOXC and couldn't be more excited for a few days of security insights, warm weather, and (hopefully) zero Zoom calls. If you're around, let's meet in person — nothing beats good conversations, especially when there's BBQ involved. 🍖 To wrap up the event in proper Texas style, join us for Boots, Booze, & BBQ at Lucchese alongside the stellar folks from Upwind Security and OX Security. 🎉 Think: top-notch security people, smoky brisket, and maybe even some questionable two-stepping. Space is tight, so giddy-up and RSVP now 👇 https://lnkd.in/gNChk6xE #CISOCXC #TexasStyle #CybersecurityCommunity #HappyHourVibes #IRLNetworking #BootsBoozeBBQ

Howdy y'all, you don't want to miss this! Join us for Boots, Booze, & BBQ at Lucchese after CISO XC Dallas with our friends at Upwind Security and OX Security! Space is extremely limited. RSVP today 👇

More danger lurks in your high alerts than you know (and here’s why). I’ve seen a lot of chatter online about a specific threat actor exploiting IMDSv1 in the wild. Here’s what was happening: -> The threat actor sends a packet to a vulnerable and exposed application, causing it to make a web call that looks like it originated from EC2. -> The EC2 instance makes the web call to Instance Metadata Service to retrieve information, including credentials.  -> The response is then sent to the attacker, giving them access to the (now) compromised credentials. Why? Because IMDSv1 is unauthenticated. This same exploit was used to breach a major financial services company in the past. But there’s good news. Amazon Web Services (AWS) created IMDSv2 to solve this problem. It introduces authentication to the call and adds a much-needed layer of security. There are a few lessons to learn here: 1. Look for public endpoints vulnerable to SSRF. 2. Patch the vulnerability or put mitigating controls in place. 3. Inspect any permissions associated with your public-facing resources. You never know what you’ll find. Most CNAPPs will rate this as a high or below alert, not critical. But an exploit like this, left unchecked, can quickly become a terrible, horrible security event. Looking for more insights like these? See what my team discovered after analyzing millions of alerts by downloading Tamnoon’s State of Cloud Remediation report (link in comments).