About
With over two decades in cybersecurity, Nathan has contributed to the field as an author…
Articles by Nathan
-
From One Pathmaker to Another
From One Pathmaker to Another
'Terrified'. Radical candor brought on by radical transparency.
14 Comments
Activity
-
A graph database makes everything nice.
A graph database makes everything nice.
Shared by Nathan Sportsman
-
I heard from a customer that CrowdStrike thought we were the Russians. Nope, just 150 security engineers, a bad ass platform, and AI.
I heard from a customer that CrowdStrike thought we were the Russians. Nope, just 150 security engineers, a bad ass platform, and AI.
Shared by Nathan Sportsman
-
Up-next Episode 4: Real Name Unknown aka Skyper
Up-next Episode 4: Real Name Unknown aka Skyper
Liked by Nathan Sportsman
Experience
-
-
-
-
-
-
-
-
-
-
-
-
-
Education
Publications
-
Hacking Exposed 7th Edition
McGraw-Hill Osborne Media
See publicationThe latest tactics for thwarting digital attacks
“Our new reality is zero-day, APT, and state-sponsored attacks. Today, more than ever, security professionals need to get into the hacker’s mind, methods, and toolbox to successfully deter such relentless assaults. This edition brings readers abreast with the latest attack vectors and arms them for these continually evolving threats.” --Brett Wahlin, CSO, Sony Network Entertainment -
Hacking Exposed 6th Edition
McGraw-Hill Osborne Media
See publicationThe world's bestselling computer security book--fully expanded and updated
Right now you hold in your hand one of the most successful security books ever written. Rather than being a sideline participant, leverage the valuable insights Hacking Exposed 6 provides to help yourself, your company, and your country fight cyber-crime." --From the Foreword by Dave DeWalt, President and CEO, McAfee, Inc.
Patents
-
Method and system for validating a vulnerability submitted by a tester in a crowdsourcing environment
Issued US 10,291,643
See patentA method for validating a vulnerability submitted by a tester in a crowdsourcing environment. The method comprises identifying at least one vulnerability within at least one computer resource and receiving vulnerability data corresponding to the at least one vulnerability. The method further comprises pre-processing the vulnerability data to generate structured data and generating a replica of the vulnerability using the structured data and at least one validator. Further, the method comprises…
A method for validating a vulnerability submitted by a tester in a crowdsourcing environment. The method comprises identifying at least one vulnerability within at least one computer resource and receiving vulnerability data corresponding to the at least one vulnerability. The method further comprises pre-processing the vulnerability data to generate structured data and generating a replica of the vulnerability using the structured data and at least one validator. Further, the method comprises calculating a confidence score of the vulnerability using the replica of the vulnerability and a result of the at least one validator. The method executes at least one validating instruction based on the confidence score of the vulnerability.
-
Method and Apparatus for Identifying a Drift in a Quantized Signal
Issued US 7444268
See patentOne embodiment of the present invention provides a system that identifies a drift in a signal in a computer system. During operation, the system receives a sequence of quantized signal values of the signal. Next, the system generates a statistical distribution based on the sequence of quantized signal values, wherein the statistical distribution is generated using a set of counters, wherein each counter keeps track of the number of occurrences of an associated quantized signal value. The system…
One embodiment of the present invention provides a system that identifies a drift in a signal in a computer system. During operation, the system receives a sequence of quantized signal values of the signal. Next, the system generates a statistical distribution based on the sequence of quantized signal values, wherein the statistical distribution is generated using a set of counters, wherein each counter keeps track of the number of occurrences of an associated quantized signal value. The system periodically adjusts the counters by multiplying each counter by a compression factor if the system determines the sum of the set of counters is greater than or equal to a threshold. The system identifies the drift in the signal by comparing the statistical distribution with a reference distribution of the quantized signal values, wherein the reference distribution is associated with normal operation of the computer system.
Recommendations received
-
LinkedIn User
8 people have recommended Nathan
Join now to viewMore activity by Nathan
-
This underscores why offensive security technology demands offensive security experts in the loop. As software commoditizes, the only defensible…
This underscores why offensive security technology demands offensive security experts in the loop. As software commoditizes, the only defensible…
Shared by Nathan Sportsman
-
🚨 We have released an improved Nuclei template that more accurately detects the unauthenticated RCE vulnerability in Ingress NGINX Controller for…
🚨 We have released an improved Nuclei template that more accurately detects the unauthenticated RCE vulnerability in Ingress NGINX Controller for…
Liked by Nathan Sportsman
-
Praetorian Red Team Security Engineer, John Stawinski, recently discovered a vulnerability in GitHub's CodeQL where a token was exposed for just…
Praetorian Red Team Security Engineer, John Stawinski, recently discovered a vulnerability in GitHub's CodeQL where a token was exposed for just…
Liked by Nathan Sportsman
-
Today marks my last day at Praetorian where I've had the chance to work with two great technical teams. It goes without saying that I'm extremely…
Today marks my last day at Praetorian where I've had the chance to work with two great technical teams. It goes without saying that I'm extremely…
Liked by Nathan Sportsman
Other similar profiles
Explore more posts
-
Shawn Waldman
This recent ransomware attack on an Arkansas water treatment facility highlights a growing concern for critical infrastructure security. I shared some thoughts on what this breach means for the future of cybersecurity in the water sector and how we can better defend these essential services. Check out my full commentary and the detailed coverage below! 👇 #CyberSecurity #CriticalInfrastructure #Ransomware #WaterSecurity
1 Comment -
Rob Black
I often get asked “where do I start with TX-RAMP?” Companies know they need it - they’re told they do. But it’s not easy to know where to start. Here’s what you need to know 👇 1️⃣ File for your provisional certification. This will give you 18 months to get the full certification. 2️⃣ Download the TX-RAMP Security Plan Workbook. This serves as your questionnaire and list of necessary controls (117 for Level 1 certification, 223 for Level 2). 3️⃣ Build your program, one control at a time. Once your program is built, you can submit your workbook and other documents to the Texas DIR for their evaluation. No expensive, third party audits necessary! TX-RAMP Certification is a big project, even for companies that have an existing cybersecurity compliance program. There’s a reason they give you 18 months to go from provisional to full certification! Your certification lasts three years, but there are some ongoing reporting requirements to meet. You need to monitor, fix, and report vulnerabilities and breaches to the Texas DIR. More helpful info can be found in the guide below. https://lnkd.in/etitFTkY
-
Wade Baker, Ph.D.
I often hear the question "Where/What are our biggest security exposures?" Cyentia Institute recently had the opportunity to explore this question using data from hundreds of thousands of attack path assessments conducted through the XM Cyber Continuous Exposure Management (CEM) platform. The attached figure gives a categorical breakdown of what we observed based on all entities (digital assets), total security exposures, and exposures affecting critical assets. . The left-most chart represents the attack surface based on broad categories of digital entities discovered during attack path assessments. Active Directory constitutes just over half of entities identified across all environments. On-premises IT and network devices account for another 31% of entities and cloud environments house the remaining 17%. Not all entities, however, are exposed via attack paths. If we change the scope of the attack surface to include only vetted exposures (entities susceptible to attack techniques), things look different. The middle chart captures this perspective and Active Directory exposures dominate the attack surface. But not all of those exposures affect critical assets. To be truly effective, Exposure Management must encompass all environments and account for where critical assets are most at risk. If we once again rescope the attack surface to focus on exposures to critical assets, a very different picture emerges, which is captured in the rightmost chart. Cloud environments now encompass over half of all critical asset exposures, followed by AD at 33% and IT/Network devices at 11%. Does this sync with exposures across your attack surface? Which perspective/view/chart is your primary guide for managing exposures? The full report contains tons of additional insights on exposure management. Download here: https://lnkd.in/dPfqXG7y #cybersecurity #exposuremanagement #cyberrisk
8 Comments -
Cole Kennedy
We are shifting compliance left with #Witness and #Hadolint. Want to ensure your Dockerfiles meet compliance controls? This short guide can help you automate the reporting of AC-6, CM-2, and CM-7 for every artifact every time. This is the first in a long series of how to shift compliance left. Follow me and subscribe to never miss out. If there is a tool you would like us to look at and map please let me know in the comments. https://lnkd.in/etNRetSQ
5 Comments -
Tobias Musser
CMMC Level 2 Assessment Objective: Data in Transit PRACTICE: Organizations must implement cryptographic mechanisms to prevent unauthorized disclosure of controlled unclassified information (CUI) during transmission unless otherwise protected by alternative physical safeguards. ASSESSMENT: The intent of this requirement is to ensure CUI is cryptographically protected during transit, particularly on the internet. The most common way to accomplish this is to establish a transport layer security (TLS) tunnel between the source and destination using the most current version of TLS. Because the use of cryptography in this requirement is to protect the confidentiality of CUI, the cryptography used must meet the criteria specified in requirement SC.L2-3.13.11. Be prepared! Your assessor could ask to 🔍 EXAMINE system and communications protection policy. 🗣 INTERVIEW system or network administrators. 📝 TEST cryptographic mechanisms or mechanisms supporting or implementing transmission confidentiality. (CMMC Assessment Guide: Level 2 Version 2.11, page 222) #CMMC #DoD #cybersecurity #NIST #InformationSecurity https://bit.ly/45HMpUs
-
Tobias Musser
CMMC Level 2 Assessment Objective: Flaw Remediation for Controlled Unclassified Information (CUI) Data PRACTICE: Organizations must identify, report, and correct system flaws in a timely manner. ASSESSMENT: All software and firmware have potential flaws. Organizations must identify systems that are affected by announced software and firmware flaws, including potential vulnerabilities resulting from those flaws, and report this information to designated personnel with information security responsibilities. Security-relevant updates include patches, service packs, hot fixes, and antivirus signatures. Be prepared! Your assessor could ask to 🔍 EXAMINE system and information integrity policy. 🗣 INTERVIEW system or network administrators. 📝 TEST organizational processes for identifying, reporting, and correcting system flaws. (CMMC Assessment Guide: Level 2 Version 2.11, page 241) #CMMC #DoD #cybersecurity #NIST #InformationSecurity
-
Bill Alderson
🚨 Case Study Alert: How DigiCert Traced Incident Breadcrumbs for Swift Resolution 🚨 Explore how rapid threat detection and remediation can make the difference between a minor issue and a major breach. See the full story and how WireX Systems' advanced tools helped DigiCert react in minutes. #CyberSecurity #ThreatRemediation #IncidentResponse #WireXSystems #DigiCert"
-
Wade Baker, Ph.D.
Heads up on this once in 5 years opportunity to sponsor Cyentia Institute research into the largest #cybersecurity incidents. See the call for sponsors for the 2025 "Xtreme" edition of the Information Risk Insights Study at the link below. #cyberrisk #cyberresilience #cyberattacks https://lnkd.in/etc6FjsY
2 Comments -
Chris Petersen
Tracking your SPRS score doesn't have to be a guessing game. Victor Cich, Compliance Consultant at RADICL, explains how our platform’s live SPRS score calculator simplifies NIST 800-171 compliance. With real-time updates, you can easily monitor progress, identify roadblocks, and ensure your team stays on track. In this clip, Victor walks through how our tool makes compliance management effortless for both teams and executives. How are you tracking your compliance progress? #SPRS #NIST800171 #CyberSecurity #Compliance #RealTimeTracking #RADICL
-
Wade Baker, Ph.D.
Thrilled to have the opportunity to analyze #vulnerability remediation timelines again, this time using data from NopSec. The chart below is based on a survival analysis of vulnerabilities across an environment. Essentially - the time it takes to remediate all affected assets after a vuln is discovered. Everytime I see analysis like this, I'm reminded of how different the real world of #vulnerabilitymanagement is from the "just patch it all yesterday" shallow advice that's so often bandied about. If it were that easy, vuln survival curves wouldn't look like this time after time. How does this square with your experience? I'll be discussing this chart and several others in a webinar next week. Register here and bring your questions, comments, and rants! https://lnkd.in/eHWDrEYN
26 Comments -
Christopher Puderbaugh
Sandboxed recommendations that are prioritized by their risk-reduction potential are part of the foundation for strategic and programmatic cyber decisions, such as those made during risk committee meetings. The outcomes of those decisions can either be technically observed (i.e., implemented and validated via integration) or provided via user feedback (i.e., silencing because of control sustainability within a given business environment). The ultimate success story for this type of capability is enabling decision-analysis across business quarters, where three very simple questions can be answered: 1) What have we done? 2) What do we need to do? 3) How are we trending? #pelloniumriskintelligence
-
John McNulty
DIGITAL PRIVACY ALERT--CMOs for HEALTHCARE SERVICE PROVIDERS: See important article below regarding another data hack of major USA Healthcare service provider. The CYBER security experts with whom we speak are now dissecting how the "bad guys" infiltrated their systems. This is complicated cyber-security detective work, which often results in no clear answers. Yet one thing is increasingly clear, digital tracker codes on healthcare service provider websites are viewed as a possible "data PRIVACY" backdoor risk area.Part of our Web3.0 privacy protecting marcomtek service here at Didgebridge, is "digital data PRIVACY assessing" tracker code possible risk on healthcare websites. So in assessing tracker code presence on website (below) from this Healthcare service provider, what data-hoovering tracker codes did we find? How about this list: Facebook, Linkedin, Google Analytics, Google-Doubleclick, Yahoo, Bing, etc. This last-gen, privacy challenged approach to digital marketing has become increasingly antiquated & ethics (full dislosure?) challenged. If any CEOs and General Counsels are curious about a better way to conduct digital marketing in 2025, we'd welcome your discussion, here at Didgebridge. Our Web3.0 Intellismart, digital data-protecting marcomtek platform might be a solution worth considering? (BELOW ARTICLE)
1 Comment -
Rob Black
I had a great time today speaking about communicating cyber risk. Shout out to the right side of the room at the Houston Data Connectors Cybersecurity Community! Special thanks to 360 Advanced for the invitation to speak. In my presentation I focused on what you can say to get your cybersecurity project funded. The finance team doesn't say "high impact". They say, this project will save $2.5 million dollars for the organization. The sales team doesn't say "high sales". They say, this deal will generate $250,000 annually and has a 70% chance of closing. The customer support team doesn't say "high customer satisfaction" they say, customer retention is 97% this year. But somehow in cybersecurity we think it is okay to say "high risk" and expect that, others will 1) understand what we are saying and 2) we will get what we need to reduce organizational risk. The value of quantitative risk is that it can be used to... 1) Get on the same page with senior management about organizational risk. 2) Prioritize cybersecurity initiatives 3) Understand how important various security projects are to lowering organizational cyber risk. Even if you don't buy-in, take a look and think about how you can make your cybersecurity program more quantitatively focused. You can take baby steps in this direction. What do you think of quantifying cyber risk? Exciting? Terrifying? #fciso
10 Comments -
Kevin Beaver
Check out this podcast interview with me just after my TribalNet keynote in Vegas recently. I was asked a random question at the end about the first concert I attended that you might find interesting (and it's not just what's listed in the podcast description). #infosec #CISO #CIO #businessleaders #cybersecurity #podcast #keynotespeaker #backtobasics #rockconcerts #ISAC
-
Rob Black
TX-RAMP is becoming an increasingly important cybersecurity certification. Texas is leading the way in protecting its agencies from vendor risk by legally requiring cloud service providers to get the certification. Many SaaS, Edtech, and Healthtech companies are now on deadlines to get the certification. For larger companies with existing compliance programs, it’s not such a big deal. For midsize and smaller companies who don’t? It’s a significant lift. Smart and capable employees can get bogged down as they stretch to take on new compliance tasks. They’re capable of doing them, but figuring it all out takes time. We’re trying to make it easier for them with our new program, TX-RAMP Champ. TX-RAMP Champ makes it easier for companies to earn TX-RAMP by taking a lot of the guesswork out of the equation. We provide: 1️⃣ A complete TX-RAMP implementation plan. 2️⃣ High-quality documentation templates with required TX-RAMP components included. 3️⃣ Videos with step-by-step instructions on completing policies, templates, and other required documentation. 4️⃣ Personalized support to quickly clear roadblocks. We’ve designed this to help companies that don’t need a full-service Virtual CISO, but need a little bit of help completing their certification. Learn more at our fancy new TX-RAMP Champ webpage! #fciso https://lnkd.in/eiUNfg_E
7 Comments -
Ryan Rowcliffe
Attention all cybersecurity enthusiasts! 🚨👨💻 Globe Life, a prominent Texas-based insurance holding company, is currently investigating a potential data breach involving one of its web portals. 😱 The incident, discovered on June 13, 2024, highlights the critical importance of robust access permissions and user identity management. As a proud member of the HYPR team, The Identity Assurance Company, I cannot stress enough the significance of implementing phishing-resistant MFA and passkeys. These cutting-edge solutions, championed by the FIDO Alliance, provide unparalleled protection against phishing attempts and unauthorized access. 🔐 While the full extent of the breach is yet to be determined, Globe Life has taken swift action by removing external access to the affected portal and activating its incident response plan. They have also engaged external security experts to assess the scope, nature, and impact of the incident. 🔍 This event serves as a stark reminder that no organization is immune to cyber threats. It is crucial for companies to prioritize the security of their digital assets and the sensitive information of their customers. 🙌 I encourage everyone to stay informed about the latest developments in cybersecurity and to advocate for the adoption of robust security measures within their own organizations. 💪 To learn more about this developing story, check out the article by Sergiu Gatlan on Bleeping Computer: https://lnkd.in/gGRz8vD4 #CybersecurityAwareness #DataBreach #IdentityManagement #HYPR #FIDOAlliance
-
Sandor Klein
⚡ Cybersecurity threats are evolving fast! To stay ahead, organizations must embrace new security approaches involving fresh strategies, technologies, and a cloud-ready mindset. 🌐 Enter MITRE ATT&CK — the ultimate guide for security practitioners packed with invaluable insights into attacker techniques and behavior. Pretty handy, right? 💡 Sysdig's eBook show you how to identify and defend against common threats to #AWS environments using open-source Falco rules mapped to the ATT&CK framework. Boost your #AWScloud security and tackle any threat head-on by giving it a read today:
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More