Phil Neray, CCSK

The future of defense is being rewritten - and autonomy is leading the charge. Thrilled to release NightDragon's latest market report analyzing the Defense Autonomy Market from Hannah Huffman and Morgan Kyauk. The report analyzes the Autonomy sector and why it represents a fundamental shift in how we secure our world for tomorrow. For decades, defense strategy has revolved around five domains: land, sea, air, space, and cyber. But today, autonomous systems are emerging as a powerful sixth domain — reshaping how missions are executed and how innovation happens. It’s not just theory anymore: organizations like the U.S. Coast Guard are already standing up dedicated offices for robotics, counter-UAS and autonomous systems, recognizing autonomy as a true force multiplier that makes operations faster, smarter, and more adaptive than ever. And it’s not just about the autonomous platforms themselves. Innovation is accelerating across the entire ecosystem — from edge computing and data interoperability to sensor networks and resilient command-and-control. Each of these building blocks opens new doors for companies ready to lead in this next frontier. NightDragon has been following this market closely, investing in 4+ companies already leveraging autonomy for different cyber or security outcomes: Epirus, HawkEye360, Horizon3.ai, and Saronic Technologies. But we also know the horizon of opportunity stretches much wider. As conflicts become more dispersed, technology-driven, and nonlinear, autonomy will define the next era of defense innovation. Read the full report: https://lnkd.in/gS2QFHVu Andy Lowery John Serafini Snehal Antani Dino Mavrookas

69

1 Comment

🔒DeCYFIR 2025 Impact Recap: Leading the Shift to Preemptive Cybersecurity 🔒 In 2025, DeCYFIR delivered proven preemptive cybersecurity and advanced predictive threat intelligence, empowering organizations to anticipate and prevent attacks before they occur. Key Measurable Results: 👇 Financial Safeguard - Prevented US$5.5 billion in potential cyber losses [tangible and intangible] Worldwide Trust & Adoption - 900+ enterprise licenses deployed globally - Trusted by 20% of governments and federal agencies Proactive Threat Neutralization - Issued 7158+ early warnings – weeks to months in advance - Managed 1.8+ million attack surfaces - Neutralized 2.1+ million cyber risks - Secured 27582+ domains AI-Driven Insights & Defense - Empowered 14600+ users via Ask DeCYFIR AI Agent - Detected & mitigated 6456+ deepfakes - Tracked 5235+ threat actors - Monitored 7298+ active hacking campaigns - Identified 682K unique threat indicators Supply Chain & Ecosystem Protection - Secured 82K third-party entities - Delivered 83 intelligence-led cyber programs - Deployed 16 deception environments to lure and trap attackers DeCYFIR is transforming cybersecurity—moving beyond frantic, reactive firefighting to powerful predictive and preemptive defense that neutralizes threats before they even materialize. The Future of Cyber Defense is Preemptive. Join the shift. #PreemptiveCybersecurity #PreemptiveCyberDefense #PredictiveThreatIntelligence  #ExternalThreatLandscapeManagement #AIinCybersecurity #DeCYFIR #CYFIRMA

102

7 Comments

Jen Easterly, former director of CISA and now a strategic advisory board member for Huntress, is focusing on boosting cyber resilience for small and medium enterprises. These organizations often face sophisticated attacks but lack the resources to defend themselves. During her CISA tenure, Easterly championed initiatives such as the Joint Cyber Defense Collaborative and persistent threat hunting. These measures strengthened federal capabilities and deepened operational collaboration with the private sector, enabling rapid sharing of threat intelligence and faster mitigation of risks. In light of the shift from espionage to disruptive attacks on critical infrastructure, Easterly urges all organizations, regardless of size, to prioritize resilience - preparing for, responding to, and recovering from incidents - and to demand secure-by-design technology from vendors. "Every business, large and small, should consider themselves vulnerable. It's all about resilience. How do you understand the threat, prepare for it, be able to respond to it and then recover so that you can mitigate and drive down risk," she said. https://lnkd.in/gejpe3CB

4

Breaking Updates from the August CyberAB Town Hall Colleagues, this month’s CyberAB Town Hall delivered significant updates that will shape the path ahead for CMMC adoption across the Defense Industrial Base. A few highlights stood out: 🔹 Rulemaking Progress: The long-awaited Title 48 rule is under OMB review. While October 1, 2025 has circulated as a possible “go-live” date, DoD clarified that this was a holdover from CMMC 1.0 rulemaking. The official date is still pending, but all indications point to implementation before year’s end. 🔹 Certification Growth: To date, 270 Level 2 certifications have been issued. Nine conditional certifications are in place, and 91 assessments remain in progress. The ecosystem continues to grow: 79 Authorized C3PAOs (with #80 on the horizon) 500+ Certified Assessors (CCA) 351 RPOs supporting organizations with readiness 🔹 False Claims Act Reminder: DOJ announced a $1.75M settlement with AeroTurbine, underscoring the risks of non-compliance with NIST 800-171. The message was clear: self-attestation without implementation is a liability. 🔹 Tier 3 Vetting Changes: All personnel associated with the CMMC ecosystem will now be enrolled in continuous vetting under Trusted Workforce 2.0. Clearance verification letters are no longer accepted—packages must include OF306, Tier 3 nomination, and a resume. 🔹 C3PAO Advisory Council: A new 11-member body was introduced to strengthen assessor consistency, reduce costs for SMBs, and provide authoritative feedback on assessment guidance. 🔹 Events & Engagements: CS5 (October, National Harbor) will feature new contractor roundtables and vertical breakouts for architecture, construction, aerospace, and defense. Notably, Katie Arrington and Stacey Bostjanik are confirmed keynote speakers. Q&A Spotlight The Town Hall wrapped with a robust Q&A session. A few themes worth noting: MSP Certifications: An MSP holding a CMMC Level 2 certification can present this as part of a client’s body of evidence during their own assessment. Beyond DoD: Questions surfaced on whether non-DoD agencies will require CMMC. While no official mandates yet, the proposed FAR CUI rule suggests NIST 800-171 may become the unifying baseline across federal agencies. Guidance Consistency: The new C3PAO Advisory Council will review ambiguous scenarios (e.g., stalled assessments, shared responsibility matrices) and provide recommended guidance to improve consistency in application. Transparency in Vetting: For those in Tier 3 adjudication, timelines remain ~6 months on average, but continuous vetting enrollment will now be mandatory moving forward. ✅ Takeaway: The CMMC program is moving from “anticipated” to “operational.” Ecosystem numbers are climbing, rulemaking is on track, and oversight is tightening. Contractors—large and small—must be ready to demonstrate real compliance, not just paper compliance.

3

Last month, CISA released guidance aimed at addressing the risks associated with the convergence of OT/IT in modern #industrial organizations. 💡 On Claroty Nexus, experts weigh in on the challenges and what this means for #OTsecurity programs. https://gag.gl/0MiDvi

1

Move faster. Investigate with clarity. Security Operations Centers (SOCs) are under siege—not just by the volume of alerts but by their vagueness. Analysts waste countless hours deciphering what’s real and what isn’t, often without the evidence they need. Fatigue rises. Threats slip through. Talent is wasted. Binalyze AIR brings clarity to chaos. It augments your existing alerting stack (SIEM, EDR, XDR) with automated, forensic-grade context—enabling your team to validate alerts in minutes, streamline investigations, and make better decisions, faster. Less noise. More signal. All in a single platform. ==

3

One of the most actionable tips in Deepwatch’s new CISO 100 Days guide is simple but powerful: Executives don’t want dashboards. They want decisions. When reporting up: ✅ Translate alert tuning into reduced dwell time ✅ Tie detection improvements to uptime and customer trust ✅ Map telemetry to business systems, not log counts This is how security becomes a strategic function, not just a reactive one. 💡 Tip: Use “decision deltas” to anchor your board updates: What changed, why it mattered, and what action you took. #CISO

3

1 Comment

The Megatrends report is always interesting. I’m sure it will be even more insightful to hear the discussion with Steve Van Till. You won’t want to miss this!

3