The post discusses the persistent security issue known as the Golden Ticket attack in Windows, which allows attackers to impersonate legitimate users and maintain long-term access. The author draws parallels to a new variant calle...
About:
Gunnar Peterson is a cybersecurity expert focused on practical guidance and security strategy.
Website:
Specializations:
Interests:
Subscribe to RSS:
The article discusses the inadequacies of traditional authentication methods in the face of evolving cyber threats, particularly focusing on the rise of account takeover (ATO) attacks facilitated by compromised credentials. It emp...
Security architects must transition from 'shift left' to 'shift right' strategies, integrating threat intelligence with operations for improved defense against evolving cyber threats.
Ancient clay bullae exemplify enduring security principles, revealing that foundational concepts of authentication and value transfer predate modern technology.
The text discusses the security challenges of adopting MCP and the need for a multi-layered design approach to address the lack of access control and inversion of control. It introduces the concept of thinking in zones to address ...
The text discusses the security challenges of the Model Context Protocol (MCP) in AI systems, and the potential solutions to these challenges. It highlights the need for security measures to protect against information disclosure,...
Pat Opet's open letter to third party suppliers highlights the poor quality of third party software and the worsening state of SaaS security. The letter discusses the failure of identity protocols to deliver what SaaS security nee...
The text discusses the role of OAuth in the Model Context Protocol (MCP) security, highlighting the potential gaps and limitations of OAuth in providing security for the new integration layer. It emphasizes that while OAuth can pr...
Announcement of a new addition to the Defensible Systems Substack publication: a subscriber chat space for exclusive conversation and updates.
The text discusses the essential components of building a security program from scratch, emphasizing the importance of Multi-Factor Authentication, Cloud-Native Application Protection Platforms, Mobile Device Management, and Endpo...
The text discusses the importance of security architects having solution architecture skills. It explains the roles of security and solution architects, highlighting the need for security architects to consider business objectives...
0Identity Security Venn
2025-02-20 • security identity api authentication
The Financial API group at OpenID Foundation released a security profile for high security applications using OAuth framework and an attacker model for OAuth 2.0. The documents provide important guidance for understanding how iden...
The author discusses the intersection of cybersecurity and AI, emphasizing the need to understand where AI security investments are most influential and how to protect against AI security threats.
The text discusses the aging of security protocols and the need to continuously update threat models to address the weaknesses in the assumptions that authentication and system security protocols were built on. It highlights the g...
The text discusses the distinction between IT risk and cybersecurity risk, emphasizing that cybersecurity risk is a subset of IT risk. It outlines the different categories of IT risk and cybersecurity risk, and provides recommenda...
The text discusses Application Security Posture Management (ASPM) and its role in providing a centralized view of application security, integrating data from multiple security tools, and prioritizing security findings based on bus...
The text discusses the importance of threat modeling in security architecture, emphasizing the need to identify risks and focus on controls to counter threats. It highlights the role of security architects in creating cohesion acr...
The text discusses the security risks associated with integrating AI into business processes and offers mitigations. It outlines common AI security risks and the NIST AI Risk Management Framework. It also provides AI-unique mitiga...
The text discusses the recent resurgence of the 'Secure by Design' approach in technology, focusing on the efforts of leading organizations such as CISA, Google, and Amazon Web Services. It highlights the core principles of the in...
The text discusses the limitations of CSPM and DSPM in identifying cloud security issues and the importance of adding an identity layer to bridge the gap. It highlights the need for better recognition of the efficacy, health, and ...
The text discusses the relationship between executive function and security architecture, emphasizing the impact of security measures on user experience and productivity. It provides examples of how security architecture can suppo...
0Stealth Academy
2024-10-24 • technology cybersecurity startup ecosystem saas solutions ai
Stealth Academy is a quarterly event featuring leading cybersecurity and AI startups for rapid pitches and Q/A sessions. The Winter 2024 event will feature Suridata, The Cyber Boardroom, and Knostic. These companies offer innovati...
The text discusses the challenges of defending against account takeover, focusing on the threat model inversion, identity layer attacks, and the limits of widely deployed defenses. It emphasizes the need for a new mindset for defe...
The text discusses the role of Governance, Risk, and Compliance (GRC) in modern security organizations. It highlights the challenges and barriers to implementing GRC solutions and the need for an engineering approach to GRC. It al...