Plumbing New Depths, Non-Seasonal Scares, A Draft in the Wall, The Encryption Game, Who Will Buy, and The New Race Leader. It's CISO Intelligence for Wednesday, 22nd October 2025.

Table of Contents

1. The Oracle Fishing Trip: Hackers Cast Lines into E-Business
2. Android Security: From Sweet Dreams to Nightmares
3. When Your Firewall Could Use a Little Firewalling Itself
4. 131 Chrome Extensions Caught Red-Handed: The Spam-tabulous Scandal
5. Data Brokers Anonymous: How Your Data is the Main Ingredient in Their Profit Soup
6. AI-Driven Social Engineering: The Next Great Cyber Adventure

The Oracle Fishing Trip: Hackers Cast Lines into E-Business

Hook, line, and sinker – not the catch Oracle had in mind.

What You Need to Know

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers exploited a server-side request forgery (SSRF) vulnerability in the Oracle E-Business Suite. This flaw allowed unauthorized access to internal networks, impacting several organizations globally. Board members and executive management should assess the risk implications of this breach, especially if their organization uses Oracle's suite. Immediate steps include reviewing network access controls and incident response plans to mitigate further risks.

CISO Focus: Application Security, Incident Response, Vendor Management
Sentiment: Strong Negative
Time to Impact: Immediate

In a troubling revelation, CISA has confirmed that cyber attackers have successfully exploited a server-side request forgery (SSRF) flaw within Oracle's E-Business Suite. This is the latest in a series of cyber misadventures, where attackers manipulated the SSRF to bypass access controls and gain unauthorized entry into internal systems, elevating concerns across industries reliant on Oracle's enterprise software. The clandestine fishing expedition left a trail of compromised data and is a clear reminder of the constant vigilance required in today's cyber landscape.

What Happened?

The Oracle E-Business Suite, a comprehensive set of applications crucial for managing enterprise business processes, harbored a critical SSRF vulnerability. By exploiting this flaw, malicious actors crafted requests that enabled them to act beyond their boundaries, effectively bypassing network defenses.

• The Breach Discovery: The vulnerability was brought to light by CISA, supported by cybersecurity firms that identified unauthorized network activities consistent with SSRF exploitation.
• Affected Parties: Although the full extent remains confidential, organizations from diverse sectors leveraging Oracle's suite are advised to assume vulnerability.

Immediate Implications

The exploit has immediate repercussions:

• Data Breach Risk: Hackers accessing internal systems may have exfiltrated sensitive information, including customer data, intellectual property, and possibly manipulated financial data.
• Operational Disruption: Organizations relying on Oracle's suite for business-critical operations face potential disruptions.
• Reputational Damage: Exploits like these erode trust in enterprise solutions, compounding reputation risks.

Preventive Measures for Organizations

• Patch Management: Prompt deployment of Oracle’s patches is critical. Oracle has released a fix addressing the vulnerability.
• Network Segmentation: Organizations should enforce strict network segmentation to minimize lateral movement opportunities for any future breaches.
• Security Audits: Conduct regular audits and penetration tests to identify vulnerabilities before they are exploited.

The Bigger Picture

This incident is emblematic of the broader challenges in securing complex enterprise software:

• Complex Dependencies: Large software suites often hide extensive dependencies, which can obscure potential vulnerabilities.
• Typical Attack Vector: SSRF continues to be a favored attack vector due to the access it can grant attackers to internal systems.

Security Insights

• Continual Monitoring: Organizations must invest in robust monitoring solutions to provide real-time alerts on anomalous activities.
• Vulnerability Management: Leverage vulnerability management tools to regularly assess the security posture of applications in use.
• Vendor Collaboration: Maintain strong partnerships with software vendors to ensure rapid dissemination and implementation of security updates.

No Time to Lose

Reflecting on this breach is a sobering reminder of the modern cyber threat landscape's complexity. Organizations utilizing Oracle's E-Business Suite must act swiftly to ensure patch compliance and review security protocols.

Vendor Diligence Questions

1. What are the timelines Oracle commits to for critical vulnerability disclosures to their customers?
2. How does Oracle's incident response plan align with industry standards to address post-breach scenarios?
3. How frequently does Oracle evaluate and refine their vulnerability management processes?

Action Plan for CISO Team

1. Patch Deployment: Ensure immediate application of Oracle’s security patches and confirm that updates are correctly provisioned across all instances of the E-Business Suite.
2. Incident Review: Conduct a thorough forensic analysis to identify any compromises and assess the damage extent.
3. Audit & Report: Schedule an immediate security audit and prepare a comprehensive report detailing potential exploits and implications specific to your organization.
4. Communication Plan: Develop a strategy to communicate with stakeholders, including customers and partners, regarding the measures taken to address the breach.
5. Training: Enhance staff training sessions to include recent breach tactics and preventive cybersecurity measures.

Source: CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw

Android Security: From Sweet Dreams to Nightmares

Ever thought your Android phone could play host to a cyber horror show? Time to wake up!

What You Need to Know

The increasing ubiquity of Android devices in the workplace could easily overshadow the lurking dangers of weak security protocols. Executives must prioritize robust Android security measures to safeguard corporate data against escalating cyber threats. Immediate action is required: review existing security policies, invest in threat detection tools tailored for mobile ecosystems, and enhance employee training. Strategic diligence in vendor selection is also crucial.

CISO Focus: Mobile Device Security
Sentiment: Strong Positive
Time to Impact: Immediate

In the dynamic ecosystem of enterprise mobile usage, Android devices have firmly embedded themselves due to their flexibility and wide array of apps. However, the open-source nature of Android systems also opens the door to significant vulnerabilities, making them attractive targets for cyber threats. Enterprises must now face a pressing challenge: bolstering Android security with proactive measures.

Android Security: The Imperative

As businesses incorporate mobile devices into their operations, Android systems have become an integral part of enterprise infrastructure, leading to a convergence of personal and professional use on a single device. Unfortunately, this has created a fertile landscape for cyber threats, from malware attacks to unauthorized data access. IT teams are tasked with securing these devices while maintaining usability, a balancing act that requires both immediate and long-term strategies.

Achieving Robust Security: Six Key Measures

1. Implement Mobile Device Management (MDM):

   • By enforcing security policies and monitoring device compliance, MDM solutions provide a solid baseline for securing Android devices. They help manage app distribution, enforce password policies, and control device configurations remotely.

2. Regular Security Updates:

   • Ensuring that all Android devices are updated with the latest security patches is crucial. Regular updates protect against known vulnerabilities and are an essential part of an organization's security hygiene.

3. Secure Network Connections:

   • Encouraging the use of Virtual Private Networks (VPNs) for secure internet access and sensitive tasks can prevent unauthorized interception of data. VPNs establish encrypted connections, a shield against eavesdropping and sniffing.

4. Comprehensive App Vetting:

   • IT departments should promote the use of vetted applications from Google Play or enterprise-approved app stores. Furthermore, security teams must be alert for malicious apps that masquerade as legitimate tools.

5. User Training and Awareness:

   • Regular training sessions for employees can highlight best practices, fostering a culture of security mindfulness. Understanding phishing threats, the importance of strong passwords, and recognizing suspicious activity can significantly mitigate risks.

6. Advanced Threat Detection:

   • Deploying sophisticated threat detection solutions that identify unusual behaviors or potential breaches can further enhance security posture. Machine learning and AI tools are evolving to anticipate and thwart complex threats before they materialize.

The Underlying Challenge

Securing Android devices is not just about technology—it's about culture and processes. As more businesses operate in hybrid and remote modes, integrating robust Android security within the organization's ethos becomes essential. Success depends on management buy-in and a holistic approach encompassing technology, people, and process improvements.

The Bitter-Sweet Android Security Reality

Let’s face it: robust Android security is not easy. Yet, as cyber threats evolve, organizations have no choice but to adapt swiftly or risk devastating breaches. Anchoring Android security within broader cybersecurity strategies will not only protect corporate assets but also enhance operational resilience.

Vendor Diligence Questions

1. How does your solution address the rapid deployment of security updates across multiple Android devices?
2. What capabilities does your product have in terms of real-time threat detection and response for mobile devices?
3. Can your service integrate with existing enterprise security tools such as SIEM, without compromising device performance?

Action Plan for CISO Team

1. Conduct an Inventory Audit: Catalog all Android devices within the organization to ensure compliance with existing policies.
2. Review and Update Policies: Align mobile security policies with current cybersecurity frameworks like NIST or ISO 27001.
3. Engage with Vendors: Partner with trusted vendors to deploy state-of-the-art MDM solutions and security updates.
4. Initiate Employee Training: Launch an extensive security awareness campaign focusing on mobile threats.
5. Implement Advanced Monitoring: Use AI-driven tools to monitor and analyze potential threat vectors in real time.

Source: 6 steps to increase Android security in the enterprise

When Your Firewall Could Use a Little Firewalling Itself

In a twisted culinary metaphor, your security devices may now serve a hot plate of 'Remote Code Execution' to cyber attackers, garnished with vulnerabilities.

What You Need to Know

Seventy-five thousand WatchGuard security devices globally have been identified as vulnerable to a critical Remote Code Execution (RCE) flaw. This flaw compromises firewall appliances, providing cyber attackers with easy access to execute code remotely. The immediate solution is patching. Organizations need to prioritize updating their WatchGuard devices to the latest firmware to prevent potential breaches, data loss, or network compromises.

CISO focus: Vulnerability Management, Patch Management, Endpoint Security
Sentiment: Strong Negative
Time to Impact: Immediate

In an alarming revelation, a recently disclosed critical vulnerability has left over 75,000 WatchGuard security devices prone to Remote Code Execution (RCE). This glaring security hole allows potential attackers to execute arbitrary code, potentially seizing control over crucial network components. WatchGuard users must act swiftly to rectify this flaw and secure their networks.

What's Happening?

WatchGuard's security devices, utilized to bolster enterprise network defenses, are ironically at risk themselves. A critical RCE vulnerability emerged, spotlighting the susceptibility of these supposed protectors. According to data discussed on BleepingComputer, as many as 75,000 devices are affected, raising serious concerns over network integrity and data security.

• The Flaw: The vulnerability is situated within the Fireware OS, upon which many of WatchGuard's firewall appliances run. This flaw can be exploited remotely, providing attackers with the chance to execute arbitrary commands as if they were legitimate users.
• Implications: Such a vulnerability can lead to network downtime, data breaches, and unmonitored access to the device's protected networks.

Immediate Steps

The potential ramifications of neglecting this vulnerability are grave. Here's what organizations using WatchGuard devices must do:

1. Patch Focus: Immediately deploy patches provided by WatchGuard. Ensure that all devices running vulnerable versions of Fireware OS are upgraded.
2. Audit & Monitor: Conduct thorough audits of all network traffic and security logs for signs of compromise or unusual activity that aligns with RCE attack signatures.
3. Security Procedures: Rethink and reinforce existing security protocols to bolster defenses against possible breaches.

Larger Landscape

While remote code execution is a high-severity vulnerability, it is not entirely uncommon. However, the scope and scale of this flaw concerning reputable security devices underscore the challenges inherent in the cybersecurity landscape. This incident highlights the need for constant vigilance and robust, proactive security strategies.

• Industry Impact: With cybersecurity as a burgeoning field, vulnerabilities in widely-used devices create ripples throughout industries, affecting enterprises' confidence in security vendors and prompting an overarching examination of defense mechanisms.
• Future Proofing: As cyber-attacks grow sophisticated, reliance on security devices must go hand-in-hand with persistent scrutiny, monitoring, and the readiness to remediate swiftly.

A Verbose Conclusion

Irony has struck, and the guardians have turned vulnerable. It's a stark reminder that the battle for cybersecurity is relentless. Stay patched, stay prepared, and, above all, stay aware.

Vendor Diligence

1. What is your current procedure for identifying and disclosing vulnerabilities in your devices?
2. How do you handle emergency patches or updates for disclosed vulnerabilities?
3. What assurances can you provide that my devices are protected from exploitations of critical flaws such as RCE?

Action Plan for CISO Team

1. Identify and Isolate: Catalog all WatchGuard devices in use within the organization. Temporarily isolate devices that cannot be immediately patched.
2. Implement Updates: Deploy the latest patches from WatchGuard across all systems. Follow up with testing to confirm patch efficacy.
3. Strengthen Monitoring: Enhance network traffic monitoring. Develop incident response protocols specifically addressing RCE vulnerabilities.
4. Staff Training: Conduct training sessions on recent vulnerabilities and potential threat responses to empower teams with knowledge and readiness.
5. Vendor Engagement: Engage with WatchGuard to acquire detailed updates and future security assurance plans.

Source: Over 75,000 WatchGuard security devices vulnerable to critical RCE

131 Chrome Extensions Caught Red-Handed: The Spam-tabulous Scandal

When Gmail met Spamzilla on WhatsApp.

What You Need to Know

A new cybersecurity crisis has unfolded, revealing that 131 Chrome extensions have been compromised, hijacking WhatsApp Web sessions for spamming purposes. This breach is a significant concern due to the widespread use of Chrome and WhatsApp. The executive team is urged to reassess their current security protocols and enhance monitoring techniques, ensuring robust defensive measures are in place to counteract such vulnerabilities.

CISO Focus: Browser Security Enhancements
Sentiment: Negative
Time to Impact: Immediate

A recent cybersecurity revelation has disclosed a breach involving 131 Chrome extensions hijacked to send spam through WhatsApp Web. Given the scale and implications, organizations need to accelerate defensive strategies to curb potential damages.

The Unfolding of a Cyber Scandal

A security research team recently uncovered a breach wherein 131 Chrome extensions were manipulated to exploit WhatsApp Web's messaging system. This exploit allowed the illicit developers behind the extensions to initiate spam campaigns without users’ knowledge. The widespread nature of both Chrome as a browser and WhatsApp as a communication tool makes this incident far-reaching and potentially dangerous for both personal and corporate data security.

• Exploitation via Extensions: The compromised extensions hijacked user sessions by injecting themselves into active Chrome tabs and targeting WhatsApp's communication protocols. As a result, malicious actors could send unsolicited messages, which could cascade into misinformation campaigns or amplify phishing efforts.

• Potential Impact on Users: Users who downloaded these extensions are at risk of having their data commandeered and unwittingly participating in spamming operations. In a corporate setup, this exposes businesses to reputational damage and breaches of confidential communications.

Immediate Reactions and Responsibilities

With the breach disclosed, cybersecurity teams and IT departments must prioritize the identification and removal of such extensions from all organizational devices. Key action steps include:

• Conducting an Audit: Initiate a comprehensive audit of all browser extensions installed within the organization's network. Utilize cyber tools that can detect anomalous activities within browser sessions.

• Enhancing Security Measures: Implement enhanced security settings for web browsers, restrict the installation of non-verified extensions, and consider browser isolation tactics to prevent direct attacks on enterprise systems.

• User Education: Conduct rapid awareness programs to educate employees on recognizing signs of a compromised browser extension and the importance of monitoring unusual browser behaviors.

The Impact on Cybersecurity Practices

This massive exploitation event highlights the evolving complexity of extension-based threats and the necessity for robust browser security practices.

• Regulatory Implications: Organizations must now consider this breach within their compliance and risk management frameworks. There is an increasing push for regulatory bodies to enforce stricter guidelines on third-party software and extension permissions.

• Innovation in Defense: Cybersecurity professionals are likely to see expanded development in browser security tools and AI-driven anomaly detection systems, as standard measures prove insufficient against sophisticated exploitation attempts.

A Cautionary Tale for WhatsApp Users

As users globally depend on WhatsApp for both personal and professional communication, the implications of this breach transcend mere technological inconvenience to an urgent call for vigilance and proactive security measures.

Vendor Diligence Questions

1. How does your extension development and vetting process ensure against hijacking and misuse for spam campaigns?
2. What immediate measures have been taken by your organization to prevent recurring incidents of malicious extension modifications?
3. Can you detail a case study where past vulnerabilities in extensions were mitigated successfully within your products?

Action Plan for CISO Team

• Task Teams: Assemble dedicated response teams to focus on browser security hygiene and remediation actions.
• Technical Steps: Mandate a thorough review of all installed extensions and employ sandboxing techniques for critical network applications.
• Policy Updates: Develop and enforce strict policies for the installation and monitoring of all third-party browser extensions.
• Monitoring Enhancements: Integrate real-time alerts for suspicious activities originating from browsers interfaced with critical applications.

Source: 131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign

Data Brokers Anonymous: How Your Data is the Main Ingredient in Their Profit Soup

Data may not get you a date but it sure can get you doxed.

What You Need to Know

Data brokers are operating largely unchecked and are profiting from large amounts of personal data, often without the knowledge or consent of those involved. This article highlights the dangers of data brokerage, including the potential for misuse in election interference or identity theft. Executive management should consider advocating for stricter regulations and developing a more robust approach to data protection in response to this growing threat.

CISO focus: Data Privacy and Information Security
Sentiment: Negative
Time to Impact: Immediate to Short-term

In the ever-evolving sphere of cybersecurity, data brokers occupy a shadowy domain operating with impunity, profiting immensely while compromising individual privacy. As all-encompassing data behemoths, they obscure how personal data is gathered, distributed, and sold, facilitating cybercriminal activities while staying under the compliance radar.

The Unveiled Operations

John Shavell, an expert in data privacy, explained to Cybernews the core principle fueling data brokerage: profit maximization without ethical considerations. Data brokers gather locally and internationally sourced data, selling it indiscriminately to anyone willing to pay, including political entities. This unscrutinized access enables foreign political manipulation, as seen with Russia's history of using purchased data for electoral interference. Key details like birthdays, relationship statuses, and even past vehicle ownership form the backdrop of this sprawling digital commerce.

Risk to Public Data and Privacy

Without legal bindings or penalties deterring unscrupulous data handling, these brokers continue to assemble detailed personal dossiers. The grim reality becomes increasingly stark—brokers amass and trade intangibles from social security numbers to court appearances. As these profiles circulate, they can be exploited for identity theft, fraudulent activities, or extensive information campaigns.

The Double-edged Sword of Data Transparency

A lack of transparency forms the linchpin of current challenges in data brokerage. The murky realm prevents tracking the initial data source and the eventual buyer. This cloak-and-dagger approach leaves the customer blind to how their sensitive information morphs into an accessible commodity available to the highest bidder.

Implications for Consumer Sentiment

Lack of sight into who possesses and profits from sensitive personal information can erode consumer trust in businesses associated with data brokerage services. Not only does this mistrust damage brand loyalty, but it diminishes the user's control over their digital footprint amid regulatory discussions that lack urgency.

Protecting Consumers: A Call to Action

There is a pressing need for legislative advancement in data protection. Stakeholders must exert pressure on regulators to introduce stringent checks on data brokerage operations. These defenses will provide a buffer to safeguard the consumer's personal information and ensure privacy rights are not continuously exploited.

What Organizations Should Gear Up For

Organizations and their data officers, spearheaded by CISOs, should prioritize comprehensive audits of their data sharing policies. They should:

• Implement strict protocols about data collection and distribution
• Employ robust encryption to protect sensitive customer information
• Educate consumers on safeguarding their digital identities

Emphasizing an ethical approach to data management is essential to prevent exploitation and misuse by data brokers.

Breaking Down the Barriers

The present scenario resembles a throne made of personal data—profitable yet inherently fragile. As consumer awareness increases and the call for compliance resounds, the industry must adapt before the cracks in the throne widen into chasms of distrust.

With the necessity of shielding consumer privacy becoming more paramount than ever, the path toward regulation and ethical data stewardship mustn’t meander but directly address the unchecked influence of data brokers. Interested parties should keep an eye out for legislative changes and the ramp-up in consumer-driven pressure demanding more transparency in a largely opaque industry.

Vendor Diligence Questions

1. What steps do you take to ensure the data you handle remains secure and is not sold to unauthorized third parties?
2. Can you provide evidence of compliance with current data protection regulations in all operating jurisdictions?
3. How frequently do you audit your data sources and what is your protocol for addressing data integrity breaches?

Action Plan for CISO Team

1. Establish an internal task force to assess data sharing agreements and identify potential data privacy risks.
2. Collaborate with legal teams to push for necessary policy changes aimed at greater transparency from data brokers.
3. Conduct bi-annual training sessions for employees on best practices for handling personal data and detecting malicious data activities.

Source: Cybernews Article on Data Brokers

AI-Driven Social Engineering: The Next Great Cyber Adventure

AI: Because tricking humans with realism is the future of hacking.

What You Need to Know

AI-driven social engineering is projected to be the top cyber threat in 2026, according to ISACA's latest Tech Trends and Priorities report. This type of AI threat is seen as a significant challenge by 63% of the respondents in a survey of 3000 IT and cybersecurity professionals. As regulations vary across regions, compliance can become particularly complex, especially in the US where state-level laws are emerging in the absence of federal mandates. Your task is to formulate a strategy to combat these AI-driven threats, ensuring compliance with regional regulations and enhancing organizational preparedness.

CISO focus: AI-driven Social Engineering
Sentiment: Strong Negative
Time to Impact: Short (3-18 months)

In a startling shift of focus, the 2026 ISACA Tech Trends and Priorities report has unearthed AI-driven social engineering as the preeminent threat in cyberspace, edging ahead of ransomware and extortion attacks. This landmark revelation, a first in the report’s trajectory, positions the rapidly advancing AI capabilities as both the perpetrator and key challenge for enterprises worldwide.

The Eye of the Storm: AI-Driven Social Engineering

The report, based on surveys from 3000 seasoned IT and cybersecurity professionals, underscores AI's evolving prowess in crafting deceptive and realistic social engineering schemes. This stark narrative shift places 63% of respondents in alignment over its impending priority, dwarfing traditional threats like ransomware (54%) and supply chain attacks (35%).

While the specter of AI-driven threats looms, a mere 13% of organizations profess confidence in being "very prepared" to tackle these challenges. The majority, around 50%, admit to being "somewhat prepared," with the remaining quarter revealing the concerning truth — they are "not very prepared" for the looming AI challenge.

Navigating the Regulatory Maze

The uneven state of AI safety and security regulations has amplified the challenge. ISACA’s VP of content development, Karen Heslop, highlights the preparedness gap with regulations serving as a critical safety net. The EU emerges as a leader in this domain, setting the benchmark for technology compliance, including cybersecurity and AI security.

Conversely, the US presents a complex tableau, with disparate state-level laws creating a tangled web of compliance challenges. Heslop illuminates the plight of companies operating across multiple states, encountering a "compliance nightmare" that could see them wrangling different laws in each jurisdiction — onerous and costly.

The Realism and Reach of AI

AI-fueled social engineering leverages sophistication in algorithms to simulate human-like behaviors and interactions with uncanny accuracy. These AI models can craft personalized phishing attacks or impersonate voices with eerie precision, hoodwinking even the most cautious of individuals.

The advent of generative AI not only magnifies these capabilities but also democratizes access to powerful tools, allowing even small-scale cybercriminals to orchestrate sophisticated attacks without significant investment.

Charting the AI-Laden Cyber Future

Despite the looming challenges, there is a palpable urgency for companies to bolster their defenses. As noted by the ISACA report, numerous organizations continue to underestimate the potency of AI-driven threats due to a lack of understanding and investment in robust threat assessment and response strategies.

In this volatile cyber landscape, staying ahead demands a focus on adaptive defense mechanisms, continuous threat intelligence gathering, and fostering a resilient cybersecurity culture that can pivot and counteract emerging threats.

AI, much like fire, can both illuminate and incinerate — its role as an adversary needn't overshadow its potential as a defender, yet organizations must tread cautiously on this double-edged path.

Vendor Diligence Questions

1. How does your solution address AI-driven social engineering threats?
2. What frameworks or standards does your company follow to ensure compliance with the latest AI security regulations?
3. Can your system provide adaptive threat intelligence specific to AI-generated cyber threats?

Action Plan for CISO Team

• Risk Assessment: Conduct a thorough assessment of current vulnerabilities related to AI-driven social engineering threats.
• Compliance Strategy: Develop a cohesive strategy to navigate and manage diverse regulatory landscapes, focusing on EU and US state-specific regulations.
• Training & Awareness: Implement regular training sessions to enhance employee awareness of AI-driven social engineering tactics.
• Invest in AI Defenses: Allocate resources towards AI-driven cybersecurity tools that can proactively identify and mitigate AI-originated threats.
• Threat Intelligence: Establish a continuous threat intelligence program focusing on emerging AI tactics and strategies.

Sources:

• Infosecurity Magazine article on AI-driven social engineering

CISO Intelligence is lovingly curated from open source intelligence newsfeeds and is aimed at helping cybersecurity professionals be better, no matter what their stage in their career.

We're passionate advocates for good cybersecurity at home, at work, and in government.

Thank you so much for your support!

CISO Intelligence by Jonathan Care is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International