Cybersecurity Industry Collaborations

Today’s cyber threats don’t respect vendor boundaries—or national borders. As Michael Sikorski of Palo Alto Networks Unit 42 reminds us, we must mirror that coordination through “competitive allies”—competitors collaborating to defend shared infrastructure. In a compelling Threat Vector podcast, he and J. Michael Daniel, former White House Cybersecurity Coordinator and CEO of the Cyber Threat Alliance, unpack why the real barrier to collaboration isn’t misaligned systems—it’s misaligned cultures and boardroom incentives. This isn’t about goodwill—it’s about national resilience. As adversaries operate in lockstep, defenders must replicate that cohesion—across vendors, sectors, and government—to protect citizens and critical infrastructure. For executives, that means shifting from competitive silos to purposeful partnerships. Embedding threat-sharing into corporate strategy strengthens not just your enterprise—but national defense. https://lnkd.in/gDtyp-kV

One of the most impactful developments in security we have seen over the past few decades is the emergence of trusted networks for information sharing and collaboration. Two of the most important ones are Information Sharing and Analysis Centers (ISACs) and peer networks. As the National Council of ISACs explains, “Information Sharing and Analysis Centers help critical infrastructure owners and operators protect their facilities, personnel, and customers from cyber and physical security threats and other hazards. ISACs collect, analyze, and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency. ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness”. ISACs solve the problem of trust when it comes to threat intelligence sharing and collaboration. Historically, security leaders sworn to secrecy and bound by non-disclosure obligations had no incentives to share their most sensitive findings. There was always a danger that their attempt to be helpful would backfire and expose them to personal and professional liability. Since ISACs are supported by the government, they make it possible for CISOs to open up with their trusted peers in ways they are not able to do anywhere else. The Financial Services Information Sharing and Analysis Center (FS-ISAC), founded in 1999, has long been an example of what success can look like, and there are now tens of ISACs active in other segments. Many other forms of collaboration take part in peer networks for CISOs and security practitioners. Usually, these are invite-only communities that congregate in Slack, WhatsApp, Discord, or on proprietary platforms and encourage professional collaboration. While these communities are invisible and inaccessible to outsiders, they play an important role in the dissemination of best practices, peer support, aggregation of feedback about vendors, professional development, and more.

This week I had the pleasure of sitting down with Kristina Walter, Director of the NSA Cybersecurity Collaboration Center, for the latest episode of Cyber Focus. Kristina offers a rare look inside how NSA is partnering with industry to tackle some of the most advanced cyber threats we face—from detecting Chinese zero-day exploits in real time to exposing stealth campaigns like Volt Typhoon.    She also shares how the CCC is scaling protective services for defense contractors, confronting AI and post-quantum risks, building the trust needed to act before the next crisis hits (“you can’t surge trust in a crisis”), and the importance of reauthorizing the Cybersecurity Information Act of 2015 (which sunsets at the end of September). It’s a compelling conversation with a sharp and thoughtful leader at the helm of one of the true gems in the cybersecurity community.   🎧 Watch the full Cyber Focus episode here: https://lnkd.in/eFBP4Nuh   #Cybersecurity #NSA #ZeroDay #VoltTyphoon #PublicPrivatePartnership #NationalSecurity"

Cybersecurity is a team sport. And the other team? They’re playing to win. On the dark web, cybercriminals aren’t working in silos. They’re collaborating—sharing tools, tactics, vulnerabilities, and targets. They operate like startups: agile, well-funded, and relentlessly focused. If that’s how the opposition works, why would we try to defend in isolation? As CISOs, CIOs, business leaders, and operators, we need to build that same connective tissue—within our organizations and across industries. Security isn’t just a tech problem. It’s a business imperative that requires buy-in and coordination from the boardroom to the SOC. We win when we share, when we educate, when we collaborate. No single person or department can carry the weight of defending an enterprise. But together? We shift from reactive to resilient. Let’s act like a team—because the adversaries already are. #CyberSecurity #Leadership #CISO #Collaboration #TeamSport #Resilience #InfoSec

Cyber defense is never a solo sport. It is a team effort with national stakes. For years, I have seen organizations try to face cyber threats alone. That approach no longer works. Nation-state actors move across corporate boundaries. Criminal groups target both public and private institutions. Attackers share tools and data in ecosystems that often move faster than defenders can respond. This is why public-private collaboration has been essential. Campaigns like Volt Typhoon revealed how adversaries can pre-position inside critical infrastructure for years, waiting for the moment of maximum leverage. No company, agency, or sector can detect and counter that threat in isolation. Yet at the very moment when collaboration matters most, one of the key frameworks for sharing information has lapsed. The Cybersecurity Information Sharing Act of 2015 expired this week, removing the legal protections that allowed companies to share cyber threat information without fear of liability. Experts warn that without these protections, sharing may decline dramatically, leaving us all a bit more vulnerable. Cybersecurity Awareness Month reminds us that resilience depends not only on technology, but on trust. Stronger passwords, multifactor authentication, and better employee training remain vital, but broader resilience comes from partnerships built on confidence and legal clarity. This is not a post about politics. It is about security. We must ensure that companies and government can share cyber threat intelligence without hesitation, because in cyberspace, we are under attack from all sides. Our best defense will always be the one we build together. #Cybersecurity #ThreatIntelligence #NationalSecurity #PublicPrivatePartnership #Leadership #CrisisPreparedness #CriticalInfrastructure

Last week, I had the privilege of participating in the inaugural meeting of the Operational Technology Cybersecurity Center of Excellence (OTC-COE). The OTC-COE aims to provide a global platform to enhance shared knowledge and foster multi-stakeholder collaboration to advance common interests in OT and Industrial Control Systems (ICS) cybersecurity. This initiative was co-founded by ARAMCO and the Global Cybersecurity Forum (GCF), with founding members playing a pivotal role in guiding the strategic direction of the center.   During the meeting, I introduced our OT/ICS Cybersecurity Track, part of the OT/ICS Cybersecurity Workforce Development efforts. The architect of the this Track is Dr. Rashid Tahir from the Department of Cyber Security and Forensic Computing at the University of Prince Mugrin. This track is designed in a way to bridge the gap between academic output and job market needs by focusing on the following areas: 1. Comprehensive understanding of various OT/ICS environments 2. Offensive and defensive strategies in OT/ICS cybersecurity 3. Governance, risk, and compliance for the OT sector 4. Research and innovation in the OT and IIoT domains   The OT/ICS Cybersecurity Track is the result of an extensive benchmarking exercise, drawing from both academic and industry resources. It comprises four courses totaling 12 credit hours, exclusively focusing on OT/ICS, and includes an optional Final Year Capstone Project. The courses are:   a. *Introduction to OT & ICS* – Covers Industry 4.0, ICS components and architectures, and networking protocols in the OT sector, with regular field visits to operational facilities.   b. *Fundamentals of OT Security* – Involves cybersecurity essentials for OT/ICS, penetration testing, hacking ICS (including MITRE ATT&CK for ICS), threat analysis, network security, and incident response (ICS Cyber Kill Chain), enriched with guest lectures from OT security experts.   c. *Advanced OT Security* – Offers an in-depth study of ICS malware such as Stuxnet, Industroyer, Trisis, and PIPEDREAM, includes Red vs. Blue Team exercises, and features a 10-week industry-sponsored research project focusing on either offensive or defensive security.   d. *Governance, Risk, and Compliance (GRC) for OT Sectors* – Covers standards such as ISA 62443, NIST SP 800-82 Rev. 3, NCA OTCC, Aramco OT Compliance Framework and CISA CSET-based evaluations for Various Industry 4.0 Verticals (carried out with industry partners)   These courses will be delivered in collaboration with industry partners and OT security professionals worldwide, providing a comprehensive and practical learning experience. The program also includes a practical summer field training or a 6-month on-site COOP training program in the industry. I would like to thank Dr. Rashid Tahir and his team for the great work. Special thanks to Eng. Naveed Ahmad and Eng. Mohammed AL-khatib for their exceptional efforts and significant contributions in reaching this milestone.