💡

"Gives me everything I need to be informed about a topic" - __UK.Gov__

Table of Contents

1. Phish & Chips: Serving Up Tycoon 2FA’s Secrets

2. AirPlay or Air Pain? Apple’s Zero Click Woes

3. The Token Talk: Unwrapping the Mystery of Payment Tokenization

4. Building a Bots Brigade: The Role of an Automation Architect

5. When the Cyber Hits the Fan: Ransomware Wreaks Havoc

6. Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis

Sign up for CISO Intelligence.

21st century industry insights for the modern CISO

It won't hurt, I promise.

Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Phish & Chips: Serving Up Tycoon 2FA’s Secrets

_When two-factor authentication becomes a buffet for cybercriminals, it's time to change the menu._

What You Need to Know

The Tycoon 2FA, a Phishing-as-a-Service platform designed to bypass multi-factor authentication protections, has significantly increased its activity. As of 2025, it accounts for 40% of user-account compromise cases. With advanced methodologies like custom CAPTCHA algorithms and traffic filtering, this threat is serious and persistent. It's crucial for the board and executives to be aware of the increased activity and preparedness in addressing these sophisticated phishing threats to safeguard corporate assets.

CISO Focus: Phishing and Authentication Bypass

Sentiment: Strong Negative

Time to Impact: Immediate

*

In the digital age, where multifactor authentication (MFA) is touted as a savior against unauthorized access, recent developments suggest otherwise. Tycoon 2FA, a nefarious player in the cyber underworld, has ramped up its operations, exploiting MFA vulnerabilities and posing a grave threat to cybersecurity. This article dissects the Tycoon 2FA phenomenon, illustrating how it's changing the phishing landscape and what must be done to combat it.

The Rising Tide of Tycoon 2FA

The eSentire Threat Response Unit (TRU) reports a daunting rise in Tycoon 2FA cases in 2025, commanding a whopping 40% in user-account compromises, dwarfing competitors like Sneaky 2FA and Mamba2FA. This notorious Phishing-as-a-Service (PhaaS) platform emerged in August 2023, marking its territory by skillfully bypassing MFA defenses and snatching session cookies from Microsoft 365 and Gmail, among others.

Dissecting the Tactics

One may ask, what makes Tycoon 2FA so effective? The platform is distinguished by its innovative tactics:

Advanced Evasion Techniques: Continually updated to elude detection, Tycoon 2FA employs strategies such as custom CAPTCHA algorithms instead of the widely used Cloudflare Turnstile captchas.

Decoy Deceptions: Incorporates anti-debugging mechanisms to cloak its activities from scrutiny.

Traffic Filtering: Leveraged to ensure the malicious campaign remains below the radar of conventional security measures.

These factors collectively make Tycoon 2FA a potent adversary, necessitating immediate attention.

The Anatomy of an Attack

Diving into the mechanics of a typical Tycoon 2FA campaign reveals a multi-faceted approach:

1. Initial Phishing Email: The attack typically begins with a well-crafted phishing email designed to lure users into a trap.

2. Adversary-in-The-Middle (AiTM) Sites: An unsuspecting click directs victims to an AiTM site, where Tycoon 2FA swings into action.

3. Session Hijacking: The phishing site then executes its primary objective by stealthily extracting session cookies, effectively bypassing any MFA defenses.

Call for Action

Given the gravity of this threat, organizations must bolster their defenses. Here's how:

Rigorous Employee Training: Foster awareness and implement ongoing training sessions to educate employees about phishing risks.

Robust Security Measures: Intensify security protocols, deploy AI-driven threat detection systems, and enforce stringent access controls.

Regular System Audits: Implement frequent security audits to identify and rectify vulnerabilities.

As cybercriminals feign sophistication with platforms like Tycoon 2FA, it's paramount for organizations to stay a step ahead. Remember, the best defense against this buffet of breaches is an ongoing commitment to innovation and education in cybersecurity.

Phishing may have changed its face, but it hasn't changed its game. Stay alert, stay informed.

*

Vendor Diligence Questions

1. How do our vendors protect against advanced phishing platforms like Tycoon 2FA?

2. What mechanisms are in place to detect any phishing-related anomalies?

3. What is the process for updating and patching digital signatures and algorithms to counter evolving threats?

Action Plan for the CISO Team

Immediate Risk Assessment: Evaluate current MFA solutions and identify potential weaknesses.

Update Defense Strategies: Integrate advanced evasion detection measures to combat next-gen threats.

Incident Response Drills: Conduct regular intrusion simulation exercises to improve response efficacy.

Key stakeholder engagement, continuous updates to security infrastructure, and unyielding vigilance are imperative to thwart the evolving phishing landscape, as demonstrated by Tycoon 2FA.

*

Source: Read more about this story on eSentire

*

AirPlay or Air Pain? Apple’s Zero Click Woes

_When streaming becomes screaming..._

What You Need to Know

Apple has identified critical vulnerabilities in AirPlay, its wireless communication protocol, potentially allowing zero-click remote code execution (RCE) attacks on iOS devices. This flaw leaves Apple users susceptible to attacks without any user interaction, emphasizing the urgency for immediate security patches. Executives must prioritize raising awareness about these vulnerabilities and ensure all Apple devices within the organization are promptly updated.

CISO focus: Vulnerability Management

Sentiment: Strong Negative

Time to Impact: Immediate

*

AirPlay Woes: Vulnerabilities in Apple’s Wireless Protocol Pose RCE Threats

In a world where connectivity spells convenience, Apple’s AirPlay feature makes sharing media across devices as effortless as breathing, giving users the digital freedom to extend their screens wirelessly. However, recent revelations disclose that this feature might also be an inadvertent gateway for cyber-threats, affording attackers zero-click access into sophisticated Apple devices. With the rapid discovery and patching of these 'AirBorne' vulnerabilities, Apple is racing against time, signaling a grim reminder of the burgeoning threats in ubiquitous connectivity.

Apple’s Achilles’ Heel: The AirBorne Vulnerabilities

With convenience reigning supreme, AirPlay has hailed praise for its seamless protocol. Yet, researchers have identified alarming security flaws that enable zero-click remote code execution attacks. These vulnerabilities, dubbed ‘AirBorne,’ could allow malicious actors to take control over a device without user interaction. This type of attack exploits weaknesses in the AirPlay architecture, making it possible for attackers to install unauthorized software or extract sensitive data silently.

The danger here is amplified by the nature of zero-click exploits, which bypass user-originated actions such as clicking on malicious links or downloading infected files. In other words, simply being within range of an attacker could compromise a device.

The Implications: Silent Infiltrations and Data Extractions

Once infiltrated, an attacker could potentially surveil the user’s activities, extract confidential information, or deploy additional malware for further harmful operations. Given AirPlay’s omnipresence in Apple’s ecosystem, from iPhones to iPads, the vulnerabilities extend a significant threat footprint. This situation raises the stakes for enterprise security, where Apple devices are increasingly used as standard equipment across various professional landscapes.

Apple Strikes Back: Patch, Patch, and Patch Again

Understanding the gravity of these vulnerabilities, Apple has swiftly rolled out security patches to mitigate the threats posed by AirBorne flaws. Users are urged to update their devices to the latest iOS version immediately, plugging any exploitable gaps. These patches represent Apple’s frontline defense in ensuring the security integrity of its ubiquitous devices.

Apple's proactive approach, though commendable, underscores the necessity for users to maintain an up-to-date software regime, a rule of thumb often overshadowed by user complacency or ignorance. Swift adoption of these patches will stifle an attacker's probability of success, turning the tide in favor of cybersecurity.

Industry Fracas: Aligning Cybersecurity with Innovation

The ‘AirBorne’ vulnerabilities mark yet another episode in the ongoing cat-and-mouse game between tech innovators and cybercriminals. As technologies evolve, offering sophisticated capabilities like AirPlay, the perimeter of cybersecurity is both expanded and tested. Each breakthrough, while transformative, is a fork in the road of security — where one direction harbors freedom, and the other, vulnerability.

For organizations, the implications extend into the strategic domains of cybersecurity frameworks. Enterprises must cultivate a fertile ground for cyber-awareness, explicit policies, and layered defenses that adapt in real-time against emergent threats.

The End of Something Whatever...

Do you hear that? It's the sound of AirPlay... playing it safer after a much-needed update.

*

Vendor Diligence Questions

1. What is the company's track record on addressing zero-day vulnerabilities, and how often are security patches released?

2. How does the vendor ensure robust testing against previously unknown flaws in new system iterations?

3. Does the vendor facilitate third-party security reviews and public disclosure of vulnerabilities, and how transparent are they in communicating about such risks?

Action Plan

1. Immediate Device Update : Ensure that all Apple devices within the organization are updated to the latest software version containing the security patches for AirPlay vulnerabilities.

2. Awareness Campaign : Launch an internal awareness campaign to educate users about the potential threats posed by zero-click exploits and best practices in maintaining device security.

3. Review Access Policies : Conduct a thorough review of wireless access policies and tighten security protocols for AirPlay usage within the enterprise network.

4. Incident Response Drill : Coordinate with IT teams to rehearse an incident response plan focused specifically on wireless exploits and zero-click vulnerabilities.

*

Sources:

1. Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks - BleepingComputer: Apple 'AirBorne' Vulnerability Summary

2. Understanding Zero-click Exploits – A Security Perspective: Zero-click Exploit Overview

3. AirPlay Protocol – A Security Audit: AirPlay Protocol Security

*

The Token Talk: Unwrapping the Mystery of Payment Tokenization

_Tokens aren't just for the arcade anymore._

What You Need to Know

Payment tokenization is transforming the way businesses handle sensitive financial data by replacing it with non-sensitive equivalents. This shift is critical to reducing fraud and enhancing the security of payment transactions. Board members and executives must prioritize integrating this technology within their organizations to safeguard customer data and maintain consumer trust. A deep understanding and effective deployment can become a competitive advantage and prevent potentially costly data breaches.

CISO focus: Payment Security

Sentiment: Strong Positive

Time to Impact: Immediate

*

The New Era of Payment Security

In the realm of digital commerce, protecting consumer data is a cardinal rule. Payment tokenization is an innovation that revolutionizes data protection by transforming sensitive credit card information into a non-sensitive equivalent—tokens. These tokens are essentially randomly generated numbers that carry no intrinsic value or information. This security method sharply reduces the risk of data breaches, providing a solid barrier between hackers and valuable consumer credit card information.

Understanding Payment Tokenization

Tokenization takes the primary account number (PAN) and replaces it with a unique string of characters. These tokens are then used during transaction processing, leaving the actual payment data untouched. Merchants store tokens instead of card details, effectively mitigating risks associated with data theft and cyber-attacks.

The Benefits of Tokenization

1. Enhanced Security:

Directly addresses the increasing threats of cyber crimes by removing payment data from the equation.

Tokens provide robust fraud protection since they cannot be traced back to the underlying data.

2. Regulatory Compliance:

Simplifies compliance with standards such as PCI DSS by reducing the amount of stored credit card data.

3. Consumer Trust:

Boosts consumer confidence by showcasing a commitment to data security.

Fosters a loyal customer base which is assured of their financial safety.

How Tokenization Transforms Industries

Tokenization is not just a technical boost but a business imperative. It is versatile across various sectors, benefiting any entity that processes card transactions. Key industries leveraging this technology include:

Retail: Offers a seamless and secure checkout experience which can lead to increased sales.

Finance: Provides an extra layer of security across online and mobile banking services.

Health Care: Protects sensitive patient financial information in adherence to legal obligations.

Challenges and Considerations

Adopting payment tokenization isn't without its hurdles. Organizations face challenges such as:

Integration Complexity: Implementing tokenization requires IT system upgrades and the integration of advanced encryption technologies.

Vendor Selection: Choosing a reliable tokenization service provider is crucial as it significantly impacts the security and functionality of the system.

Cost: The initial investment might be significant, but it often results in long-term savings through reduced fraud losses.

The Path Ahead

To successfully implement tokenization, organizations need a strategic approach:

1. Assess Current Systems: Evaluate existing payment processes to understand system requirements and gaps.

2. Vendor Research: Identify tokenization solutions that align with business needs and industry standards.

3. Employee Training: Equip staff with the knowledge to manage and address token-related queries efficiently.

*

Vendor Diligence Questions

1. How does your tokenization solution manage token expirations and re-issuance processes?

2. Can your service scale with our transaction volume, and what is the proven track record of uptime?

3. What additional security measures do you implement beyond basic tokenization?

Action Plan

Evaluate Payment Ecosystem: Conduct a comprehensive audit of current payment handling systems and potential vulnerabilities.

Build Business Case: Advocate for the adoption of tokenization by highlighting security and compliance benefits.

Select Vendors: Establish criteria for vendor selection that emphasize security certifications and proven industry experience.

Deployment Roadmap: Develop a clear timeline that includes testing, integration phases, and stakeholder training sessions.

*

Source: How payment tokenization works and why it's important

*

Building a Bots Brigade: The Role of an Automation Architect

_Who needs caffeine when your job is to make computers do the work for you?_

What You Need to Know

The role of the automation architect is becoming increasingly crucial as organizations strive for digital transformation. Automation architects design, implement, and manage automated systems across various domains to optimize workflows and efficiency. Executive management should consider leveraging automation architects' expertise to enhance operational agility and achieve cost savings. It's advisable to support initiatives to identify areas within the organization that could benefit from automation and allocate budget accordingly.

CISO Focus: Automation and Efficiency Optimization

Sentiment: Positive

Time to Impact: Short (3-18 months)

*

The Evolution of the Automation Architect

In the evolving landscape of digital transformation, organizations are increasingly turning to automation to streamline operations and improve productivity. Central to this paradigm shift is the role of the automation architect. This role may not be as renowned as traditional IT roles, but it's gaining significance in modern enterprises.

What They Do:

The automation architect is responsible for designing, implementing, and managing automated solutions. They integrate various tools and technologies to create systems that run without human intervention. These professionals ensure that automation is not only technically feasible but also aligns with business goals.

Key Responsibilities Include:

System Design and Implementation: Crafting automation solutions tailored to specific business processes.

Integration: Developing systems that synchronize with existing IT infrastructure and software.

Monitoring and Improvement: Continuously assessing and enhancing automated processes for efficiency.

The rise of automation architects indicates the push towards more efficient, tech-driven business processes.

Why Automation Architects Are Essential

The benefits brought by automation architects extend beyond mere operational efficiency. Their contributions lead to overall strategic alignment within the organization and support sustainable growth.

Strategic Benefits:

Cost Reduction: Automation can significantly reduce operational costs by minimizing manual labor.

Error Minimization: Automated processes are less prone to human error, leading to better quality outcomes.

Scalability: Automated systems allow companies to scale operations seamlessly as they grow.

With their ability to optimize operations, automation architects can position businesses ahead of their competitors.

Emerging Trends in Automation Architecture

As the field grows, so do the innovative strategies and tools utilized by automation architects. Several trends highlight the importance and evolving nature of this role:

AI and Machine Learning Integration: Leveraging AI to create more intelligent and autonomous systems.

Cloud Automation: Utilizing cloud technologies to build flexible and scalable solutions.

Focus on Security: Ensuring automated systems are secure against cyber threats.

These trends signify the dynamic and continually evolving landscape that automation architects navigate.

Challenges Faced by Automation Architects

Despite the many advantages, the role does come with its set of challenges. Implementing automation is not without hurdles, including:

Change Management: Overcoming resistance from staff who fear automation might lead to job losses.

Complex Integration: Ensuring that all automated systems work harmoniously together.

Skill Gaps: Finding personnel with the requisite blend of technical and business acumen.

A Nod to Automation: The Future Is Here

The future seems bright for automation architects, with their demand expected to rise as more companies understand the strategic benefits of automation.

Career Prospects: With an increasing push towards digital transformation across industries, the demand for skilled automation architects is set to surge.

Evolution of the Role: Continuous learning and adaptation will be key as technology keeps evolving.

In conclusion, the role of an automation architect is indispensable for businesses aiming for innovation and growth. Embracing their expertise means not only staying afloat in the competitive digital era but sailing smoothly towards new horizons of efficiency and success.

*

Vendor Diligence Questions

1. How does your technology enable scalability in automation systems?

2. What security measures are integrated into your automation solutions?

3. Can you provide case studies or examples of successful implementations of your automation systems?

Action Plan

1. Assessment of Current Systems: Evaluate existing processes that could be automated to enhance efficiency.

2. Budget Allocation: Identify necessary financial resources to support automation initiatives.

3. Training Programs: Develop training sessions for IT teams and stakeholders on automation technologies.

4. Collaboration with HR: Work on change management strategies to address concerns about job displacement due to automation.

*

Source: What is an automation architect?

*

When the Cyber Hits the Fan: Ransomware Wreaks Havoc

_Crying over spilt data is more productive than ignoring a ransomware threat._

What You Need to Know

The FBI has reported a significant rise in ransomware attacks targeting critical infrastructure, raising alarms for businesses worldwide. The time for proactive measures is now to protect assets and ensure business continuity. Executives should prioritize strengthening cyber defenses, increasing incident response readiness, and engaging with industry partners to share threat intelligence.

CISO Focus: Threat Management and Incident Response

Sentiment: Strong Negative

Time to Impact: Immediate

*

The tide of ransomware attacks is surging, with critical infrastructure increasingly in the crosshairs of cybercriminals. According to a recent report by the FBI, these malicious intrusions have escalated to alarming levels, threatening to disrupt essential services and safety infrastructure.

The Stark Reality of Cyber Assaults

The latest data from the FBI reveals a perilous landscape where ransomware attacks are not only more frequent but also more audacious. Targeting vital sectors such as energy, healthcare, and transport, the consequences of these cyber incursions extend beyond data loss to potentially life-threatening scenarios.

Key Statistics:

A significant spike in ransomware incidents over the past year.

Healthcare, energy, and public safety identified as primary targets.

Sophisticated attack strategies, including double extortion tactics.

The Mechanics of Mayhem: How Ransomware Attacks Operate

Ransomware attacks follow a nefarious process where cybercriminals gain unauthorized access to systems, encrypt critical data, and demand a ransom for decryption keys. The latest trends highlight a shift toward targeting operational technology that governs essential services, escalating the gravity of these attacks.

Notable Tactics:

Double Extortion: Apart from encrypting data, attackers threaten to leak sensitive information if their demands are not met.

RaaS (Ransomware as a Service): Lowering the technical barriers for entry, this model allows more criminals to engage in cyber extortion.

Industry Response: Guarding the Gates

With the increasing threat, industry leaders are amplifying collaborative efforts to bolster cyber resilience. Sharing intelligence and pooling resources are vital strategies in counteracting the sophisticated methods employed by cyber adversaries.

Proactive Measures:

Strengthening multi-factor authentication.

Regular patch management and software updates.

Enhanced network segmentation to limit lateral movement during breaches.

Beyond the Breach: Consequences and Costs

Ransomware attacks deliver a hefty blow to affected organizations, not just financially but reputationally. Recovering from such incidents often requires more than a robust IT strategy; it demands regaining the trust of stakeholders and customers.

Key Considerations:

Financial Loss: Millions in ransom payments and remediation costs.

Operational Disruption: Downtime affecting crucial services.

Reputation Damage: Loss of consumer confidence and trust.

Dodging the Digital Bullet

As the axiom goes, "Prevention is better than cure." Companies are urged to adopt a proactive cyber defense posture rather than reacting to incidents post-occurrence.

Recommended Practices:

Conducting regular cybersecurity audits and simulations.

Integrating AI into threat detection systems for early identification.

Building robust incident response teams to handle emerging threats efficiently.

When Cyber Threats Come Knocking

The rise in ransomware attacks is a clarion call for organizations to reassess their cybersecurity frameworks. Investment in cutting-edge technology, combined with a culture of vigilance and readiness, holds the key to safeguarding critical infrastructure from future cyber threats.

*

Vendor Diligence Questions

1. How does your product/service enhance our current defenses against ransomware attacks?

2. What compliance frameworks is your solution aligned with to protect critical infrastructure?

3. Can you provide case studies or references from organizations in similar sectors that illustrate the efficacy of your solution?

Action Plan

1. Enhance Threat Detection: Implement advanced intrusion detection systems and conduct continuous network monitoring.

2. Incident Response Drills: Regularly simulate potential attack scenarios to evaluate response effectiveness and readiness.

3. Employee Training: Conduct frequent security awareness training aimed at recognizing and reporting suspicious activities.

4. Intelligence Sharing: Engage with sector-specific Information Sharing and Analysis Centers (ISACs) to exchange threat intelligence.

*

Source: Ransomware Attacks on Critical Infrastructure Surge, Reports FBI

*

Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis

_A Bug's Life in the Cyber Universe: Zero-Day Edition_

What You Need to Know

Google Threat Intelligence Group has analyzed zero-day vulnerabilities exploited in 2024, observing a decrease from 2023 but a troubling increase in enterprise-targeting attacks. Executive teams should focus on enhancing security measures for enterprise-specific products due to this rising trend. It's crucial to allocate resources toward vendor diligence and ensuring diverse security measures to safeguard against this pervasive threat.

CISO focus: Zero-Day Vulnerability Management

Sentiment: Neutral to Negative

Time to Impact: Immediate to Short

*

2024 Zero-Day Exploitation Trends

In a report released by the Google Threat Intelligence Group (GTIG), 2024 marked a notable year for zero-day vulnerability exploits in the wild. According to GTIG, the instances declined to 75 from 98 in the previous year. Though quantitatively reduced, the focus shift toward enterprise-specific products has enhanced the urgency in addressing cybersecurity measures across the board.

Key Insights:

* Decrease in Exploits, But Shifting Focus: While the overall number of exploited zero-day vulnerabilities decreased compared to previous years, an alarming shift toward enterprise-targeted attacks has emerged. This shift calls for an intense assessment of enterprise-specific technologies.

* Continuation of End-User Targeting: The traditional targeting of mobile devices, operating systems, and browsers persisted, although with slightly reduced frequency. Nevertheless, the threat to these ubiquitous tools remains significant.

* Commercial Surveillance Vendors Upping Their Game: CSVs have adapted their operational security practices, making them less detectable and harder to attribute, a fact that underscores the increased operational sophistication of these actors.

A Closer Look: Enterprise vs. End-User Technologies

Enterprise-specific technologies face growing threats, increasingly becoming the battleground for zero-day exploits. Despite their smaller share in overall exploit numbers, these technologies nonetheless represent crucial points of interest for attackers seeking deeper network infiltration.

End-user technologies still dominate the landscape, yet the diversification of targets now includes security software, appliances, and other enterprise-level infrastructure, suggesting a need for diversified security strategies and vendor accountability.

Industry Actions and Adaptations

* Vendors are becoming more proactive , developing and deploying improvements that make zero-day exploits increasingly difficult.

* Reinforcement of Operational Security : Vendors stress the importance of operational security enhancements, though these efforts encounter challenges of attribution and detection, thanks to improved adversarial techniques.

Implications for Security Teams

* Security teams must invest in holistic vulnerability management and not merely focus on historically targeted platforms.

* The rise of CSV sophistication poses new challenges, requiring more advanced threat detection technologies and methodologies.

* Proactive vendor engagements and diligence assessments are critical to securing enterprise-focused products from exploitation.

Having to navigate these shifting sands of cyber threats, organizations must recalibrate their security postures to accommodate new realities posed by evolving adversarial tactics and technology landscapes.

_witty conclusion:_ As the curtains close on our bug-studded performance of 2024, it turns out it wasn't just about swatting flies; some stung more than others!

*

Vendor Diligence Questions

1. How does your current technology measure against established best practices for resisting zero-day exploits?

2. What measures do you have in place specifically addressing the operational security of your products?

3. Can you outline your approach to increasing transparency and detection for potential attribution of commercial surveillance activities?**

Action Plan

1. Conduct Immediate Security Reviews : Audit existing enterprise-level technologies for vulnerability against zero-day exploits.

2. Enhance Vendor Partnerships : Engage with technology vendors to understand their security postures and the measures they are taking to address zero-day vulnerabilities.

3. Expand Threat Detection Capabilities : Invest in advanced threat detection solutions to identify and respond to emerging threats swiftly.

4. Employee Awareness and Training : Ensure regular training sessions for staff on the latest threats, including zero-day exploit awareness.

*

Source: <https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends/>

*

_References:_

1. Google Cloud Blog, 2024 Zero-Day Trends.

2. Google Threat Intelligence Group Reports.

3. Industry input on cybersecurity from various anonymous experts.

*

_CISO Intelligence is lovingly curated from open source intelligence newsfeeds and is aimed at helping cybersecurity professionals be better, no matter what their stage in their career._

_We’re a small startup, and your subscription and recommendation to others is really important to us._

*Thank you so much for your support!(