InfoSec Ukraine 2025 wasn't just another conference for me — it was a reality check. As someone who spends my days defending networks, seeing experts break down the latest threats felt like looking into the future.

𝙃𝙚𝙧𝙚 𝙖𝙧𝙚 5 𝙆𝙚𝙮 𝙄𝙣𝙨𝙞𝙜𝙝𝙩𝙨 𝙩𝙝𝙖𝙩 𝙩𝙧𝙪𝙡𝙮 𝙨𝙩𝙧𝙪𝙘𝙠 𝙢𝙚.

1. 𝘼𝙄 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 (Bruce Schneier): The AI revolution is here, and with it comes massive risks.
* Key areas: Protecting AI systems, ensuring output integrity, and upcoming AI regulation.
* 🤔 My take: I'm particularly fascinated by how we'll balance innovation and strict regulatory compliance. That's the real challenge ahead!

2. 𝘼𝙋𝙏 𝙂𝙧𝙤𝙪𝙥𝙨 (Serhii Khariuk): APTs now operate like professional software companies! Complete with developers, QAs, PMs, and even "sales" teams.
* 🤯 My take: Understanding their organizational structure is crucial for anticipating their strategies. We're not just dealing with lone hackers anymore.

3. 𝙏𝙝𝙚 𝙆𝙣𝙤𝙬𝙡𝙚𝙙𝙜𝙚 𝙂𝙖𝙥 (Nazar Tymoshyk Eduard Chornyi Serhii Khariuk Ilya Aksyonenko): Both offensive and defensive teams struggle to keep pace with the rapid evolution of threats and defenses.
* ⚡️ My take: Whoever invests in team training today wins tomorrow.

4. 𝙏𝙝𝙚 𝙌𝙪𝙖𝙣𝙩𝙪𝙢 𝙇𝙚𝙖𝙥 (Jaya Baloo): Her session on quantum computing's impact on cryptography was a wake-up call. Preparing for a post-quantum era should have started yesterday.
* ⏱ My take: What we consider "secure" today will be broken tomorrow. And not in 10 years — much sooner.

5. 𝙐𝙠𝙧𝙖𝙞𝙣𝙞𝙖𝙣 𝘾𝙤𝙢𝙥𝙖𝙣𝙞𝙚𝙨' 𝘾𝙮𝙗𝙚𝙧𝙬𝙖𝙧𝙛𝙖𝙧𝙚 𝙀𝙭𝙥𝙚𝙧𝙞𝙚𝙣𝙘𝙚 (Panel): Real-world attack scenarios on major entities like Kyivstar and Ukrzaliznytsia were sobering. Investment in security directly impacts customer trust.
* 🛡 My take: This is the clearest illustration that security isn't an expense, but a vital investment in reputation.

🔥 𝙈𝙮 𝙈𝙖𝙞𝙣 𝘾𝙤𝙣𝙘𝙡𝙪𝙨𝙞𝙤𝙣: Cybersecurity is a marathon, not a sprint. We need to be in it for the long haul.

🤔 Which of these trends concerns you most? Is your organization already preparing for the post-quantum era?

Save this post for 2025.⤵️

📣Share if you found this helpful.

#CyberSecurity #AISecurity #APT

@securediary

Most companies fear cyberattacks. But misconfigurations are the real silent killer. 🫨

Cloud misconfigurations are everywhere.
They hide in small mistakes, missed settings, or rushed rollouts.

Capital One lost $1.8M because of a single overlooked setting. 💰
(No, it was not a fancy hack. It was a tiny checkbox left open.)

Here’s what I learned:

→ 80% of cloud breaches start with simple misconfigurations.
→ Old security tools miss these gaps.
→ The biggest risks are often the ones no one sees.

Want to know where to look first?
Here are the Top 5 cloud misconfigurations I check every time:

1. Publicly open storage buckets (easy target!)
2. Weak access controls (too many people with keys)
3. Missing encryption (data left in plain sight)
4. Default passwords still active (yes, it happens)
5. Unmonitored services (no alerts, no eyes)

How do I prevent these?
I use a simple playbook:
→ Review cloud settings often
→ Set alerts for changes
→ Limit access to what people need
→ Remove unused accounts fast
→ Train teams on what to watch for

Cloud security does not need to be hard.
But it does need care.
One small mistake can cost a lot.

Have you seen a cloud misconfiguration at work?
How did you fix it?
Your story could help save someone else’s data. 👇

#CloudSecurity #CyberSecurity #ThreatFridays

@securediary