Ron Eddings

Here’s a pattern I’m seeing more often: More sites. More assessments. More reporting expectations. Same headcount. Security teams are being asked to scale output without scaling structure. So what happens? Assessments become episodic. Reporting takes too long. Prioritization becomes subjective. And leaders spend more time translating risk than reducing it. This isn’t a capability issue. It’s an architecture issue. At some point, physical security has to operate with the same operational discipline as finance and IT. Otherwise it stays in permanent catch-up mode. For security people overseeing medium to large portfolios (20+ sites): What’s currently your biggest bottleneck volume, visibility, or validation? And why do you think this is?

5

1 Comment

#OSINT isn’t just for experts anymore. Horizon Identity empowers any team to uncover patterns, links, and real-world identity details - without needing OSINT skills or special training. One search bar for access to more than 550 publicly available data sources and more than 1,500 endpoints to make your investigation easy. Learn more here: https://hubs.la/Q03rsWqm0 #cai #investigations #shadowdragon #horizonidentity #pai #osintforgood #realtimeintel

23

We are solving the hardest problem in the math book, only to realize it’s the wrong curriculum. For years, we’ve played a transactional game with threat intelligence. We shared hashes, IPs, and attack patterns to gain collective defense. It was a "fingerprint" exchange. But the game has changed. As we integrate "AI for Security" platforms, we aren't just sharing fingerprints anymore. We are sharing context. When an AI hunts for an impersonation attempt or a phishing lure in an executive's inbox, it isn't just looking for "bad" code. It is "reading" the corporate mind—learning about pending mergers, trade secrets, and internal sentiment. The Problem: The "Mesh Intelligence" Era We are entering a period of AI-to-AI engagement (think platforms like Clawbook/Moltbook) where one vendor’s AI "socializes" with another to improve its logic. The Concern: Once your company’s proprietary logic or sensitive context is assimilated by a third-party model to "improve the collective," it’s gone. It is the "unwanted photo" of the enterprise world. You can’t delete it. You can’t pull it back. There is no "Right to Erasure" for a neural network’s weights and biases. We are facing a "learned helplessness" against machine-speed saturation. The Call to Action: We need a "Meeting of the Minds" to address three critical gaps: Technical: How do we create "Local-First" AI instances that protect context while retaining intelligence? Legal: How do we audit for "Recursive Learning" clauses in vendor contracts? Strategic: Who actually owns the "learned logic" derived from our private data? I’m thinking of hosting a webinar/roundtable to dive deep into these questions. Who’s in? 👇 Let’s discuss in the comments: Are we trading total data sovereignty for machine-speed security? Is the "blast radius" of AI context leakage even measurable yet? #CyberSecurity #AI #CISO #DataPrivacy #GenerativeAI #InfoSec #TechLeadership

29

6 Comments

Today’s San Antonio Chapter of CFMA lunch reminded me why cross-functional learning is one of the most underrated risk management tools we have. Here are the three insights that hit hardest for me: 1. Tax changes create security gaps. Rushed tech purchases to capture bonus depreciation or R&D credits often skip security vetting and that’s where exposure creeps in. 2. Construction firms face rising cyber risk. According to the Dodge Construction Network, 59% of construction firms experienced a cybersecurity threat over a two year period. The industry’s complexity makes it a prime target. 3. Finance + IT disconnect = avoidable risk. In most of the firms I talk to, finance leaders can’t list all of the cloud tools their project teams rely on. This is a blind spot attackers love. Takeaway: Your tax strategy, growth plan, and cybersecurity posture aren’t separate. They’re interconnected systems that can either reinforce or undermine each other. Huge thanks to Kathryn Hall, Bradley Frantz, Nita McBride, and the speaker for today's session Shelley Woitena for an outstanding CFMA meeting. Also wanted to thank Denice Allison for the introduction to the San Antonio crew. What’s an unexpected place you’ve learned something critical about your business?

6

1 Comment

Things Texas Takes Seriously: 1. Cowboy Hats 🤠 2. Not messing with it 🗑 3. Cybersecurity 🔒 Texas’s very own TX-RAMP Certification is becoming increasingly in-demand. Why? Well, Texas has done a few things right to make the cert stick: 1️⃣ It created an achievable standard based on the NIST SP 800-53 framework and provided clear use-cases. 2️⃣ It significantly reduced the audit burden on private companies. The Texas Department of Information Resources performs the certifying assessment – NOT an auditor. 3️⃣ It passed legislation requiring all vendors providing cloud-based services to Texas state agencies and higher education institutions to become TX-RAMP certified. It turns out that, when required by law to get certified or risk losing a big customer, vendors tend to get certified! We have helped a number of customers with TX-RAMP. But, we regularly get smaller companies asking us for help. We can't economically service them. Well, we couldn't... until now! We are announcing TX-RAMP Champ. TX-RAMP Champ allows small companies to get TX-RAMP certified with half the effort. We provide the templates needed, video to explain how to use the templates and access to our experts to help. Rob, that sounds amazing but I want to try it out without having to pay. Imaginary person, that's why we have a 45-day trial option to try out the tool. You can sign up from this link: https://lnkd.in/eFgAQfkx Don't want to sign up? We have a bunch of free resources for learning about TX-RAMP on our TX-RAMP Champ page. Of course, you could sign up for our TX-RAMP Complete and get all of the TX-RAMP resources including: - TX-RAMP Security Plan Workbook with Sample Answers for all Controls - Complete TX-RAMP Documentation Template Library - Complete Training Video Library - Access to one-on-one chats with U.S.-based TX-RAMP efforts - 2 live session reviews of TX-RAMP deliverables What do you think about a solution for helping with TX-RAMP? Do you know someone who is struggling with TX-RAMP and would like a speed boost? Tag them, please!!!

31

19 Comments

Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-53690, carries a CVSS score of 9.0 out of a maximum of 10.0, indicating critical severity. "Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said. "This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution." https://lnkd.in/gH5V4Ek2

3

Great to see and need to encourage this further! Lead the AI dont get made obsolete.... Mindset trumps everything..... a curious approach plus a willingness to challenge and learn..... and thats exactly why we focus on cognitive agility, being comfortable in uncertainty, taking a multidisciplinary approach and being able to utilise different experts no matter their background to help come up with innovative solutions to the complex problems we are all facing. That's exactly where the Cyber Leaders Challenge focusing on building competencies of our student competitors and helping nurture the cyber security leaders of the future! #cyber #cybersecurity #cyberleaderschallenge #leadership #skills #cyberisntjusttechnical

8

Some of ya'll may know that FUNNULL CDN and their Chinese Triad Nexus partners is my research white whale. Over the last few weeks there has been some extremely important research released about FUNNULL that I want to make sure folks understand (links in the comments). But before I get into that, I’m very excited to announce I’ll be presenting on FUNNULL at RSA this year in a talk, “Chinese CDN FUNNULL's Post-Treasury Sanctions Efforts and Ongoing Attacks.” This presentation wouldn’t be possible without the support from the amazing team at Silent Push who continue to conduct cutting edge research into FUNNULL and a wide variety of the most serious threat actors and who have allowed me to present this research at RSA, along with my new team at Infoblox who have also been immensely supportive. Stopping FUNNULL is absolutely a team sport. When FUNNULL was sanctioned by the U.S. Treasury in May of last year, we learned that U.S. victims have lost more than $200 million on the investment scam websites hosted on FUNNULL and they are linked to the *majority* of virtual currency investment scam websites reported to the FBI… Today's news is from a jaw dropping piece released by the team at Hudson Rock titled, “How One Infostealer Infection Solved a Global Supply Chain Mystery and Unmasked DPRK Spies in U.S. Crypto.” Their team was able to investigate a compromised device clearly owned by a DPRK hacker associated with their fake IT worker schemes. The compromise exposed thousands of browser logs, user credentials, browser autofill data, and thousands of Google Translate queries. This breach data proved that shockingly, a DPRK threat actor was working closely with the FUNNULL threat actors on the 2024 Polyfill supply chain attack. The breached logs also prove that FUNNULL and these DPRK threat actors had/have an exploit for GoEdge CDN servers and they were taking careful steps to try and hide their exploit code from the public and from victims. The rest of their fabulous research also includes details about the companies this DPRK threat actor compromised, so you get a front-row seat at what sensitive attacks are being undertaken when a serious organization accidentally hires a DPRK hacker. The other massive research piece was from the team at Qianxin Xlab titled, “Funnull Resurfaces: Exposing RingH23 Arsenal and MacCMS Supply Chain Attacks” which highlights a potential new front company you may hear about at my RSA presentation ;D and more importantly it includes a wide range of details about how FUNNULL has used their GoEdge exploit to conduct massively underreported supply chain attacks (they poisoned a Github project with 2,700+ stars!), along with details about some malware they have been using. At this point, there’s basically more FUNNULL research than any one person can keep up with, so I look forward to any future collaborations with folks on this important topic, and appreciate everyone’s time who attends my upcoming RSA presentation. 🖖

52

3 Comments

The primary priority of any investigative team is a repeatable process. You can either fail fast, or you can pivot faster on the clues that can eventually create a clearer picture of what you are looking for with #OSINT. What we offer isn't comparable in the market. With ShadowDragon SocialNet or our #OSINT Platform Horizon, we cover * 550+ publicly available sources, 1,500+ endpoints, and our new Horizon(tm) Identity capability. Horizon Identity makes investigations easy for nontechnical users who want to get into OSINT or scale a needed repeatable capability outside of a specialized investigative team. Horizon Identity changes the game. No fluff, real-time queries for real results. Investigate without friction, scripts, or delays. Explore what’s possible: https://hubs.la/Q03q4DYw0 #OSINTforGood #PAI #CAI #HorizonIdentity #ShadowDragon #IdentityIntelligence #ThreatIntelligence #OSINT #RiskManagement #CyberSecurity #InsiderThreats #DueDiligence #KYC #Compliance #Investigations #RealTimeIntel #DigitalFootprint #ActionableIntel #IdentityResolution

45

6 Comments