Opinion

The pen test report. The risk register. The green dashboard. They feel like facts. They're not. They're a record of someone else's decisions, at a point in time that's already passed. And in your first 90 days as CISO, they'll shape everything you do, if you let them.

Preview first 90 days new CISO whitepaper

What kills new CISOs in their first 90 days – it’s not attackers. 

The pen test report. The risk register. The green dashboard. They feel like facts. They're not. They're a record of…
fallback image

CVE-2026-33727 – When “Low Privilege” Isn’t Low Enough: A Pi-hole LPE Story

Pi-hole's pihole user is low-privileged. It's configured with nologin. It looks contained. It isn't. Here's how a writable file and…
Proof of human social engineering

Proof of Human solves the bot problem. It doesn’t solve the people problem.

World ID can prove a real human is behind an account. It can't prove that human hasn't already been phished,…
Jayson street robbing bank social engineering

Why Robbing Banks Is Easy (And Why That Should Terrify You)

A globally recognized ethical hacker shares real social engineering stories from legally robbing banks across five continents. The tools change.…
Black and white surveillance perspective view of people at a table through a car window, symbolizing covert observation and offensive security reconnaissance

When a former UK Government cyber operations chief says AI is “limitless” in Offensive Security, we should pay attention

Jim Clover says AI has made offensive cyber "limitless." Attackers are using it now. The horse has already bolted. And…
OT worker in the dark

Threat Actors Don’t Wait For Your Annual OT Pen test

Annual OT pen tests provide snapshots. Real attackers operate continuously. This is why your operational technology security strategy needs to…
Abstract image of people walking with long shadows on a city street, symbolising human presence guiding automation in offensive security.

Humans In The Loop: The Non-Negotiable In Offensive Security

AI and automation have transformed offensive security, but not replaced human ingenuity. Luke Potter explains why real attackers, and real…

Everyone has a plan until they get punched in the face: reflections on the NCSC 2025 annual review

The NCSC Annual Review 2025 delivers a reality check. Highly significant cyber incidents have increased by 50 percent year over…
Passengers waiting in an airport terminal during global check-in disruption caused by ransomware attack

Airport Chaos Shows How Fragile Our Infrastructure Really Is

Recent airport chaos revealed how fragile global infrastructure really is. A basic ransomware attack disrupted shared systems, grounding flights worldwide.…