InfoSec Ukraine 2025 wasn't just another conference for me โ it was a reality check. As someone who spends my days defending networks, seeing experts break down the latest threats felt like looking into the future.
๐๐๐ง๐ ๐๐ง๐ 5 ๐๐๐ฎ ๐๐ฃ๐จ๐๐๐๐ฉ๐จ ๐ฉ๐๐๐ฉ ๐ฉ๐ง๐ช๐ก๐ฎ ๐จ๐ฉ๐ง๐ช๐๐ ๐ข๐.
1. ๐ผ๐ ๐๐๐๐ช๐ง๐๐ฉ๐ฎ (Bruce Schneier): The AI revolution is here, and with it comes massive risks.
* Key areas: Protecting AI systems, ensuring output integrity, and upcoming AI regulation.
*๐ค My take: I'm particularly fascinated by how we'll balance innovation and strict regulatory compliance. That's the real challenge ahead!
2. ๐ผ๐๐ ๐๐ง๐ค๐ช๐ฅ๐จ (Serhii Khariuk): APTs now operate like professional software companies! Complete with developers, QAs, PMs, and even "sales" teams.
*๐คฏ My take: Understanding their organizational structure is crucial for anticipating their strategies. We're not just dealing with lone hackers anymore.
3. ๐๐๐ ๐๐ฃ๐ค๐ฌ๐ก๐๐๐๐ ๐๐๐ฅ (Nazar Tymoshyk Eduard Chornyi Serhii Khariuk Ilya Aksyonenko): Both offensive and defensive teams struggle to keep pace with the rapid evolution of threats and defenses.
*โก๏ธ My take: Whoever invests in team training today wins tomorrow.
4. ๐๐๐ ๐๐ช๐๐ฃ๐ฉ๐ช๐ข ๐๐๐๐ฅ (Jaya Baloo): Her session on quantum computing's impact on cryptography was a wake-up call. Preparing for a post-quantum era should have started yesterday.
*โฑ My take: What we consider "secure" today will be broken tomorrow. And not in 10 years โ much sooner.
5. ๐๐ ๐ง๐๐๐ฃ๐๐๐ฃ ๐พ๐ค๐ข๐ฅ๐๐ฃ๐๐๐จ' ๐พ๐ฎ๐๐๐ง๐ฌ๐๐ง๐๐๐ง๐ ๐๐ญ๐ฅ๐๐ง๐๐๐ฃ๐๐ (Panel): Real-world attack scenarios on major entities like Kyivstar and Ukrzaliznytsia were sobering. Investment in security directly impacts customer trust.
*๐ก My take: This is the clearest illustration that security isn't an expense, but a vital investment in reputation.
๐ฅ ๐๐ฎ ๐๐๐๐ฃ ๐พ๐ค๐ฃ๐๐ก๐ช๐จ๐๐ค๐ฃ: Cybersecurity is a marathon, not a sprint. We need to be in it for the long haul.
๐ค Which of these trends concerns you most? Is your organization already preparing for the post-quantum era?
Save this post for 2025.โคต๏ธ
๐ฃ Share if you found this helpful.
#CyberSecurity #AISecurity #APT
@securediary
๐๐๐ง๐ ๐๐ง๐ 5 ๐๐๐ฎ ๐๐ฃ๐จ๐๐๐๐ฉ๐จ ๐ฉ๐๐๐ฉ ๐ฉ๐ง๐ช๐ก๐ฎ ๐จ๐ฉ๐ง๐ช๐๐ ๐ข๐.
1. ๐ผ๐ ๐๐๐๐ช๐ง๐๐ฉ๐ฎ (Bruce Schneier): The AI revolution is here, and with it comes massive risks.
* Key areas: Protecting AI systems, ensuring output integrity, and upcoming AI regulation.
*
2. ๐ผ๐๐ ๐๐ง๐ค๐ช๐ฅ๐จ (Serhii Khariuk): APTs now operate like professional software companies! Complete with developers, QAs, PMs, and even "sales" teams.
*
3. ๐๐๐ ๐๐ฃ๐ค๐ฌ๐ก๐๐๐๐ ๐๐๐ฅ (Nazar Tymoshyk Eduard Chornyi Serhii Khariuk Ilya Aksyonenko): Both offensive and defensive teams struggle to keep pace with the rapid evolution of threats and defenses.
*
4. ๐๐๐ ๐๐ช๐๐ฃ๐ฉ๐ช๐ข ๐๐๐๐ฅ (Jaya Baloo): Her session on quantum computing's impact on cryptography was a wake-up call. Preparing for a post-quantum era should have started yesterday.
*
5. ๐๐ ๐ง๐๐๐ฃ๐๐๐ฃ ๐พ๐ค๐ข๐ฅ๐๐ฃ๐๐๐จ' ๐พ๐ฎ๐๐๐ง๐ฌ๐๐ง๐๐๐ง๐ ๐๐ญ๐ฅ๐๐ง๐๐๐ฃ๐๐ (Panel): Real-world attack scenarios on major entities like Kyivstar and Ukrzaliznytsia were sobering. Investment in security directly impacts customer trust.
*
Save this post for 2025.
#CyberSecurity #AISecurity #APT
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐16๐คฏ1
I am inspired by Ukraineโs cyber resilience. โค๏ธโ๐ฅ
In todayโs world, cyber threats donโt pause for anyone. They adapt. They evolve. And in times of conflict, they become relentless.
Ukraineโs cyber defense has shown extraordinary strength. Our ability to stand firm against sophisticated adversaries is nothing short of remarkable.
๐๐๐๐ฉ ๐๐๐ฃ ๐ฌ๐ ๐ก๐๐๐ง๐ฃ ๐๐ง๐ค๐ข ๐๐ฉ?
1. Vigilance matters. Threat actors are always looking for vulnerabilities, and being proactive is the only way to stay ahead.
2. Cyber hygiene is non-negotiable. Regular updates, strong passwords, and employee training are not โextrasโ โ theyโre essentials.
3. Collaboration is powerful. Sharing intelligence across teams, industries, and borders can make or break your defenses.
Resilience doesnโt happen overnight. It takes continuous effort, adaptability, and a mindset that refuses to settle for โgood enough.โ
Kudos to all Ukrainians for setting the bar high.๐ซก
What steps are you taking to strengthen your cyber defense? ๐
#CyberSecurity #InfoSec #UkraineResistance
@securediary
In todayโs world, cyber threats donโt pause for anyone. They adapt. They evolve. And in times of conflict, they become relentless.
Ukraineโs cyber defense has shown extraordinary strength. Our ability to stand firm against sophisticated adversaries is nothing short of remarkable.
๐๐๐๐ฉ ๐๐๐ฃ ๐ฌ๐ ๐ก๐๐๐ง๐ฃ ๐๐ง๐ค๐ข ๐๐ฉ?
1. Vigilance matters. Threat actors are always looking for vulnerabilities, and being proactive is the only way to stay ahead.
2. Cyber hygiene is non-negotiable. Regular updates, strong passwords, and employee training are not โextrasโ โ theyโre essentials.
3. Collaboration is powerful. Sharing intelligence across teams, industries, and borders can make or break your defenses.
Resilience doesnโt happen overnight. It takes continuous effort, adaptability, and a mindset that refuses to settle for โgood enough.โ
Kudos to all Ukrainians for setting the bar high.
What steps are you taking to strengthen your cyber defense? ๐
#CyberSecurity #InfoSec #UkraineResistance
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
๐11
Top 10 things that help me protect sensitive data.
A while back, I thought โdata protectionโ meant setting up a few strong passwords and ensuring disk encryption.
I was wrong.
Today, data lives everywhere. And protecting it takes more than tools โ it takes strategy.
Hereโs what Iโve learned (and yes, Iโm still learning๐ ):
1๏ธโฃ Define your data goals
โ Know whatโs critical.
โ Know where it lives.
โ Talk to the business side โ risk and budget matter.
2๏ธโฃ Automate data classification
โ No one has time to tag files manually.
โ Let smart tools do the heavy lifting.
3๏ธโฃ Implement Zero Trust
โ โNever trust, always verifyโ is more than a buzzword.
โ Give people only what they actually need.
4๏ธโฃ Centralize your DLP
โ One place. Full visibility.
โ Less chaos, fewer false positives.
5๏ธโฃ Secure common exit points
โ Web, email, SaaS, and all the BYOD stuff.
โ Browser isolation helps with sketchy devices.
6๏ธโฃ Unify your policies
โ No more โwho owns what.โ
โ One rulebook, one language.
7๏ธโฃ Block bad stuff in real time
โ Alerts after the fact? Too late.
โ Catch it before it walks out the door.
8๏ธโฃ Connect your tools
โ No one wants another dashboard.
โ Integrate with what you already use.
9๏ธโฃ Make it easy for users
โ If securityโs a pain, people will go around it.
โ Smooth UX = better compliance.
๐ Plan for AI and BYOD madness
โ AI tools are everywhere.
โ So are unmanaged devices.
โ Set your guardrails now.
These 10 have saved me time, stress, and (probably) a few audits.๐
Save this post to your bookmarks and comment below! ๐
#CyberSecurity #InfoSec #DataProtection
@securediary
A while back, I thought โdata protectionโ meant setting up a few strong passwords and ensuring disk encryption.
I was wrong.
Today, data lives everywhere. And protecting it takes more than tools โ it takes strategy.
Hereโs what Iโve learned (and yes, Iโm still learning
1๏ธโฃ Define your data goals
โ Know whatโs critical.
โ Know where it lives.
โ Talk to the business side โ risk and budget matter.
2๏ธโฃ Automate data classification
โ No one has time to tag files manually.
โ Let smart tools do the heavy lifting.
3๏ธโฃ Implement Zero Trust
โ โNever trust, always verifyโ is more than a buzzword.
โ Give people only what they actually need.
4๏ธโฃ Centralize your DLP
โ One place. Full visibility.
โ Less chaos, fewer false positives.
5๏ธโฃ Secure common exit points
โ Web, email, SaaS, and all the BYOD stuff.
โ Browser isolation helps with sketchy devices.
6๏ธโฃ Unify your policies
โ No more โwho owns what.โ
โ One rulebook, one language.
7๏ธโฃ Block bad stuff in real time
โ Alerts after the fact? Too late.
โ Catch it before it walks out the door.
8๏ธโฃ Connect your tools
โ No one wants another dashboard.
โ Integrate with what you already use.
9๏ธโฃ Make it easy for users
โ If securityโs a pain, people will go around it.
โ Smooth UX = better compliance.
๐ Plan for AI and BYOD madness
โ AI tools are everywhere.
โ So are unmanaged devices.
โ Set your guardrails now.
These 10 have saved me time, stress, and (probably) a few audits.
Save this post to your bookmarks and comment below! ๐
#CyberSecurity #InfoSec #DataProtection
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
๐9
What best describes your current role or experience in cybersecurity?
Anonymous Poll
7%
CISO / Security Leader
18%
Security Engineer / Architect
27%
SOC / Analyst / Pentester
48%
Student / Interested in security
What cybersecurity topics would you like to see MORE of here?
Anonymous Poll
51%
Latest Threats / CVE Reviews
53%
Personal Security Tips
26%
Data Protection & Regulations
64%
Playbooks / Practical guides
๐2๐ค1
I've been writing for 7 years, and this post just reminded me why I still struggle.
(original author post link)
I saw this line and had to pause:
โThe 'write like you talk ' principle completely changed my game. I used to write like I was submitting a college paper โ formal, stiff, trying to sound smart. Now I write like I'm texting my best friend about something I'm genuinely excited about. Game changer.โ
That hit home for me.
In my early days, I tried to sound 'clean.' Every sentence felt heavy. Every word had to be perfect. I thought smart writing meant big words and long sentences.
But my writing was not fun. Not all people were connected with it.
When I learned to write like I talk, things changed๐ก. My ideas felt more real. People started to reply and share their own stories. I felt like I had found my voice.
But I still have one big struggle: ๐๐๐ซ๐๐ง๐๐จ. I want to cut them, but they sneak in when I am not watching.๐
From this list of 7 writing rules, thatโs my weak spot. Curious if anyone else feels the same.
Here is one more tip I would add as #8:
โ Read your work out loud before you share it. You catch the parts that sound wrong, the words that do not flow, and you hear where your voice is missing. (Trust me, it works!)
Also, I do not fully agree with the 'never be formal ' rule. Sometimes a little formality helps. It can show respect or match your readerโs style.
After 7 years, I am still learning. Writing is always about finding your real voice, but also being open to new ideas.
If you're curious, hereโs the link to my personal blog I started back in 2018: https://t.iss.one/dreamerdiary ๐ฑ
Which principle changed your writing most?
Is there a rule you think does not fit your style? ๐
#WritingTips #Copywriting #Storytelling #PersonalBranding
@securediary
(original author post link)
I saw this line and had to pause:
โThe 'write like you talk ' principle completely changed my game. I used to write like I was submitting a college paper โ formal, stiff, trying to sound smart. Now I write like I'm texting my best friend about something I'm genuinely excited about. Game changer.โ
That hit home for me.
In my early days, I tried to sound 'clean.' Every sentence felt heavy. Every word had to be perfect. I thought smart writing meant big words and long sentences.
But my writing was not fun. Not all people were connected with it.
When I learned to write like I talk, things changed๐ก. My ideas felt more real. People started to reply and share their own stories. I felt like I had found my voice.
But I still have one big struggle: ๐๐๐ซ๐๐ง๐๐จ. I want to cut them, but they sneak in when I am not watching.๐
From this list of 7 writing rules, thatโs my weak spot. Curious if anyone else feels the same.
Here is one more tip I would add as #8:
โ Read your work out loud before you share it. You catch the parts that sound wrong, the words that do not flow, and you hear where your voice is missing. (Trust me, it works!)
Also, I do not fully agree with the 'never be formal ' rule. Sometimes a little formality helps. It can show respect or match your readerโs style.
After 7 years, I am still learning. Writing is always about finding your real voice, but also being open to new ideas.
If you're curious, hereโs the link to my personal blog I started back in 2018: https://t.iss.one/dreamerdiary ๐ฑ
Which principle changed your writing most?
Is there a rule you think does not fit your style? ๐
#WritingTips #Copywriting #Storytelling #PersonalBranding
@securediary
๐7๐คฏ1
Most companies fear cyberattacks. But misconfigurations are the real silent killer. ๐ซจ
Cloud misconfigurations are everywhere.
They hide in small mistakes, missed settings, or rushed rollouts.
Capital One lost $1.8M because of a single overlooked setting.๐ฐ
(No, it was not a fancy hack. It was a tiny checkbox left open.)
Hereโs what I learned:
โ 80% of cloud breaches start with simple misconfigurations.
โ Old security tools miss these gaps.
โ The biggest risks are often the ones no one sees.
Want to know where to look first?
Here are the Top 5 cloud misconfigurations I check every time:
1. Publicly open storage buckets (easy target!)
2. Weak access controls (too many people with keys)
3. Missing encryption (data left in plain sight)
4. Default passwords still active (yes, it happens)
5. Unmonitored services (no alerts, no eyes)
How do I prevent these?
I use a simple playbook:
โ Review cloud settings often
โ Set alerts for changes
โ Limit access to what people need
โ Remove unused accounts fast
โ Train teams on what to watch for
Cloud security does not need to be hard.
But it does need care.
One small mistake can cost a lot.
Have you seen a cloud misconfiguration at work?
How did you fix it?
Your story could help save someone elseโs data. ๐
#CloudSecurity #CyberSecurity #ThreatFridays
@securediary
Cloud misconfigurations are everywhere.
They hide in small mistakes, missed settings, or rushed rollouts.
Capital One lost $1.8M because of a single overlooked setting.
(No, it was not a fancy hack. It was a tiny checkbox left open.)
Hereโs what I learned:
โ 80% of cloud breaches start with simple misconfigurations.
โ Old security tools miss these gaps.
โ The biggest risks are often the ones no one sees.
Want to know where to look first?
Here are the Top 5 cloud misconfigurations I check every time:
1. Publicly open storage buckets (easy target!)
2. Weak access controls (too many people with keys)
3. Missing encryption (data left in plain sight)
4. Default passwords still active (yes, it happens)
5. Unmonitored services (no alerts, no eyes)
How do I prevent these?
I use a simple playbook:
โ Review cloud settings often
โ Set alerts for changes
โ Limit access to what people need
โ Remove unused accounts fast
โ Train teams on what to watch for
Cloud security does not need to be hard.
But it does need care.
One small mistake can cost a lot.
Have you seen a cloud misconfiguration at work?
How did you fix it?
Your story could help save someone elseโs data. ๐
#CloudSecurity #CyberSecurity #ThreatFridays
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐12
#CyberMonday This Week in Cybersecurity โ May 26
Big week for cyber news! Hereโs what caught my eye โ and what I think matters most ๐
1๏ธโฃ Windows Server 2025 dMSA Vulnerability
โ A new flaw lets attackers gain privilege and compromise any user in Active Directory.
โ If you run AD, review your delegated Managed Service Accounts. Patch as soon as updates drop!
2๏ธโฃ TikTok Malware via ClickFix
โ Hackers use TikTok videos to spread Vidar and StealC malware.
โ The โClickFixโ trick gets people to download malware fast.
โ Training users to spot these tricks is key. Social media is now a top threat vector.
3๏ธโฃ GitLab Duo AI Prompt Injection
โ Attackers can hijack AI responses and steal source code using hidden prompts.
โ AI-powered tools save time, but always check for new risks โ especially indirect prompt injection.
4๏ธโฃ Europol Strikes Ransomware Networks
โ 300 servers and โฌ3.5M seized, 650 domains neutralized, 20 arrest warrants issued.
โ Law enforcement is stepping up. Global teamwork works!
5๏ธโฃ SafeLine WAF โ Open Source Web App Firewall
โ New open-source WAF with zero-day detection and bot protection.
โ If you run web apps, try SafeLine for better defense.
๐ซข Recent Critical & High Severity CVEs
โ CVE-2025-4632 (Samsung MagicINFO 9 Server)
โ CVE-2025-27920 (Output Messenger)
โ CVE-2025-4428/4427 (Ivanti Endpoint Manager)
โ CVE-2023-38950 (ZKTeco BioTime)
See full CVE lists for the last 7 and 30 days if you want more detail โ https://www.cvedetails.com/
My take:
Cybersecurity is not slowing down. Every week brings new threats, new tools, and new wins for defenders.
Staying informed is part of defense.
Keeping teams trained and systems patched is how we win.
Want more?
Check the links for CVE details and threat feeds.
Letโs keep our networks safe โ together.๐
Whatโs the most important cyber risk you saw last week? ๐
#CyberSecurity #InfoSec #CloudSecurity #ThreatIntel
@securediary
Big week for cyber news! Hereโs what caught my eye โ and what I think matters most ๐
1๏ธโฃ Windows Server 2025 dMSA Vulnerability
โ A new flaw lets attackers gain privilege and compromise any user in Active Directory.
โ If you run AD, review your delegated Managed Service Accounts. Patch as soon as updates drop!
2๏ธโฃ TikTok Malware via ClickFix
โ Hackers use TikTok videos to spread Vidar and StealC malware.
โ The โClickFixโ trick gets people to download malware fast.
โ Training users to spot these tricks is key. Social media is now a top threat vector.
3๏ธโฃ GitLab Duo AI Prompt Injection
โ Attackers can hijack AI responses and steal source code using hidden prompts.
โ AI-powered tools save time, but always check for new risks โ especially indirect prompt injection.
4๏ธโฃ Europol Strikes Ransomware Networks
โ 300 servers and โฌ3.5M seized, 650 domains neutralized, 20 arrest warrants issued.
โ Law enforcement is stepping up. Global teamwork works!
5๏ธโฃ SafeLine WAF โ Open Source Web App Firewall
โ New open-source WAF with zero-day detection and bot protection.
โ If you run web apps, try SafeLine for better defense.
โ CVE-2025-4632 (Samsung MagicINFO 9 Server)
โ CVE-2025-27920 (Output Messenger)
โ CVE-2025-4428/4427 (Ivanti Endpoint Manager)
โ CVE-2023-38950 (ZKTeco BioTime)
See full CVE lists for the last 7 and 30 days if you want more detail โ https://www.cvedetails.com/
My take:
Cybersecurity is not slowing down. Every week brings new threats, new tools, and new wins for defenders.
Staying informed is part of defense.
Keeping teams trained and systems patched is how we win.
Want more?
Check the links for CVE details and threat feeds.
Letโs keep our networks safe โ together.
Whatโs the most important cyber risk you saw last week? ๐
#CyberSecurity #InfoSec #CloudSecurity #ThreatIntel
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
๐10๐คฏ2
An insightful question about AI and LLM security ๐ค
๐ค: So, how could organizations defend themselves against AI injections? Or is it more about the developers of LLMs, not the users?
๐: Great question โ and itโs both, really ๐
โก๏ธ LLM providers (Devs) need to harden their models against prompt injection by improving context handling, sandboxing actions, and applying prompt input filters.
โก๏ธ But orgs using LLMs also have responsibilities:
โ Avoid blindly integrating AI into sensitive workflows (Do the security check first!)
โ Sanitize and validate user inputs before sending them to the model.
โ Log and audit AI activity โ treat it like any critical system.
I see both misconfigurations and poor input handling open the door to attackers. Donโt let your guard down.
#CyberSecurity #LLM #AI #DataProtection
@securediary
๐ค: So, how could organizations defend themselves against AI injections? Or is it more about the developers of LLMs, not the users?
๐: Great question โ and itโs both, really ๐
โก๏ธ LLM providers (Devs) need to harden their models against prompt injection by improving context handling, sandboxing actions, and applying prompt input filters.
โก๏ธ But orgs using LLMs also have responsibilities:
โ Avoid blindly integrating AI into sensitive workflows (Do the security check first!)
โ Sanitize and validate user inputs before sending them to the model.
โ Log and audit AI activity โ treat it like any critical system.
I see both misconfigurations and poor input handling open the door to attackers. Donโt let your guard down.
#CyberSecurity #LLM #AI #DataProtection
@securediary
๐7
My Path Into Cybersecurity Started With a Choice That Changed Everything.
I was top of my Computer Science class at Military Institute of Telecommunications and Information Technologies (MITIT) with multiple career paths ahead of me.
Then, I heard about a brand-new cybersecurity unit being formed in 2015.
Most classmates chose traditional tech roles. Military Intelligence looked prestigious. Telecommunications seemed stable.
But something about defending critical infrastructure from invisible enemies sparked something in me I didn't know existed.
๐๐๐ ๐๐ค๐ข๐๐ฃ๐ฉ ๐๐ซ๐๐ง๐ฎ๐ฉ๐๐๐ฃ๐ ๐พ๐ก๐๐๐ ๐๐
Picture this: 2015, Ukraine. Cyber warfare wasn't theoretical โ it was happening in real-time.
I walked into that newly formed cybersecurity unit as a fresh graduate with book knowledge.
I walked out every day knowing I was part of something bigger than code and algorithms.
We weren't just IT professionals. We were digital defenders.๐ก
๐ช๐ต๐ฎ๐ ๐ก๐ผ๐ฏ๐ผ๐ฑ๐ ๐ง๐ฒ๐น๐น๐ ๐ฌ๐ผ๐ ๐๐ฏ๐ผ๐๐ ๐ ๐ถ๐น๐ถ๐๐ฎ๐ฟ๐ ๐๐๐ฏ๐ฒ๐ฟ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐
Working in AFU's cybersecurity division taught me lessons no classroom ever could:
โ Stakes are real - When defending critical infrastructure, there's no "test environment."
โ Teamwork saves lives - Cyber defense isn't solo when national security is on the line.
โ Adaptability is survival - Threat actors don't follow textbooks.
โ Purpose fuels performance - Protecting your country changes how you approach problems.
๐ง๐ต๐ฒ ๐ง๐ฒ๐ฎ๐ฐ๐ต๐ฒ๐ฟ๐ ๐ช๐ต๐ผ ๐๐ต๐ฎ๐ป๐ด๐ฒ๐ฑ ๐ ๐ ๐ง๐ฟ๐ฎ๐ท๐ฒ๐ฐ๐๐ผ๐ฟ๐
My MITIT teacher who saw potential in cybersecurity before it was mainstream.
My AFU manager, who believed in developing talent, not just using it.
These people showed me what it means to serve something bigger than yourself.
๐๐ฟ๐ผ๐บ ๐ฆ๐ข๐ ๐๐ป๐ฎ๐น๐๐๐ ๐๐ผ ๐๐ถ๐๐ถ๐๐ถ๐ผ๐ป ๐๐ต๐ถ๐ฒ๐ณ
Starting in that unit in 2015, I never imagined I'd grow into SOC Division Chief.
Here's what I learned:
1. Technical skills get you in the door
2. Leadership skills keep critical systems protected
3. People skills turn individual defenders into unified teams
4. Strategic thinking transforms reactive responses into proactive defense
๐ง๐ต๐ฒ ๐ฅ๐ฒ๐ฎ๐น ๐ฆ๐ฒ๐ฐ๐ฟ๐ฒ๐ ๐๐ผ ๐๐๐ฏ๐ฒ๐ฟ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐ฆ๐๐ฐ๐ฐ๐ฒ๐๐
It's not about being the smartest person in the room. It's about caring deeply enough to never stop learning, defending, and improving.
๐ฌ๐ผ๐๐ฟ ๐ง๐๐ฟ๐ป
What moment made cybersecurity "click" for you?
Was it:
A personal experience?
A mentor who opened your eyes?
A realization about how much depends on digital security?
A desire to serve and protect?
Share your story below. Every journey is unique, but they all share one thing: the drive to protect what matters.
__
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn
#CyberSecurity #InfoSec #CyberWarfare
I was top of my Computer Science class at Military Institute of Telecommunications and Information Technologies (MITIT) with multiple career paths ahead of me.
Then, I heard about a brand-new cybersecurity unit being formed in 2015.
Most classmates chose traditional tech roles. Military Intelligence looked prestigious. Telecommunications seemed stable.
But something about defending critical infrastructure from invisible enemies sparked something in me I didn't know existed.
๐๐๐ ๐๐ค๐ข๐๐ฃ๐ฉ ๐๐ซ๐๐ง๐ฎ๐ฉ๐๐๐ฃ๐ ๐พ๐ก๐๐๐ ๐๐
Picture this: 2015, Ukraine. Cyber warfare wasn't theoretical โ it was happening in real-time.
I walked into that newly formed cybersecurity unit as a fresh graduate with book knowledge.
I walked out every day knowing I was part of something bigger than code and algorithms.
We weren't just IT professionals. We were digital defenders.๐ก
๐ช๐ต๐ฎ๐ ๐ก๐ผ๐ฏ๐ผ๐ฑ๐ ๐ง๐ฒ๐น๐น๐ ๐ฌ๐ผ๐ ๐๐ฏ๐ผ๐๐ ๐ ๐ถ๐น๐ถ๐๐ฎ๐ฟ๐ ๐๐๐ฏ๐ฒ๐ฟ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐
Working in AFU's cybersecurity division taught me lessons no classroom ever could:
โ Stakes are real - When defending critical infrastructure, there's no "test environment."
โ Teamwork saves lives - Cyber defense isn't solo when national security is on the line.
โ Adaptability is survival - Threat actors don't follow textbooks.
โ Purpose fuels performance - Protecting your country changes how you approach problems.
๐ง๐ต๐ฒ ๐ง๐ฒ๐ฎ๐ฐ๐ต๐ฒ๐ฟ๐ ๐ช๐ต๐ผ ๐๐ต๐ฎ๐ป๐ด๐ฒ๐ฑ ๐ ๐ ๐ง๐ฟ๐ฎ๐ท๐ฒ๐ฐ๐๐ผ๐ฟ๐
My MITIT teacher who saw potential in cybersecurity before it was mainstream.
My AFU manager, who believed in developing talent, not just using it.
These people showed me what it means to serve something bigger than yourself.
๐๐ฟ๐ผ๐บ ๐ฆ๐ข๐ ๐๐ป๐ฎ๐น๐๐๐ ๐๐ผ ๐๐ถ๐๐ถ๐๐ถ๐ผ๐ป ๐๐ต๐ถ๐ฒ๐ณ
Starting in that unit in 2015, I never imagined I'd grow into SOC Division Chief.
Here's what I learned:
1. Technical skills get you in the door
2. Leadership skills keep critical systems protected
3. People skills turn individual defenders into unified teams
4. Strategic thinking transforms reactive responses into proactive defense
๐ง๐ต๐ฒ ๐ฅ๐ฒ๐ฎ๐น ๐ฆ๐ฒ๐ฐ๐ฟ๐ฒ๐ ๐๐ผ ๐๐๐ฏ๐ฒ๐ฟ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐ฆ๐๐ฐ๐ฐ๐ฒ๐๐
It's not about being the smartest person in the room. It's about caring deeply enough to never stop learning, defending, and improving.
๐ฌ๐ผ๐๐ฟ ๐ง๐๐ฟ๐ป
What moment made cybersecurity "click" for you?
Was it:
A personal experience?
A mentor who opened your eyes?
A realization about how much depends on digital security?
A desire to serve and protect?
Share your story below. Every journey is unique, but they all share one thing: the drive to protect what matters.
__
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn
#CyberSecurity #InfoSec #CyberWarfare
๐14๐คฏ2
#CyberMonday 5 CVEs jumped 50%+ in exploitability in 7 days. Are you chasing the wrong threats?
Another week, another reminder that cybersecurity never sleeps. Hereโs what caught my eye.
๐ฅ Top News:
1๏ธโฃ Linux flaws in Ubuntu, RHEL, Fedora โ password hash theft via core dumps. Not flashy, but deadly if missed.
2๏ธโฃ U.S. DoJ took down 4 โcrypting serviceโ domains. Attackers keep innovating, law enforcement is catching up.
3๏ธโฃ EDDIESTEALER malware broke Chromeโs latest encryption. Even browser security is a moving target.
4๏ธโฃ China-linked APTs went after SQL Server, expanding attack vectors across Asia and Brazil.
5๏ธโฃ Microsoft OneDrive File Picker bug โ possible exposure of whole cloud storage, not just the file you pick.
ESSP score check: CVE-2024-9916 went from low risk to 80.49% exploitability โ up 79.40 points. Thatโs a warning to look at.
More at cvedetails.com
Hereโs what Iโve learned:
โ The โboringโ stuff โ core dump handlers, file pickers, config basics โ gets ignored until attackers show us why it matters.
โ 80% of cloud breaches start with simple misconfigurations, not zero-days. Remember Capital Oneโs $1.8M lesson?
โ Attackers target what we trust most: โinvisibleโ things that hold our systems together.
My take: Security leaders who audit the basics win the long game. Fancy tools matter, but discipline around the fundamentals saves millions.
Are you focusing on the right risks? Or is your team missing whatโs hiding in plain sight?
Stay secure out there.๐
__
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn
#Cybersecurity #InfoSec #ThreatIntel
Another week, another reminder that cybersecurity never sleeps. Hereโs what caught my eye.
1๏ธโฃ Linux flaws in Ubuntu, RHEL, Fedora โ password hash theft via core dumps. Not flashy, but deadly if missed.
2๏ธโฃ U.S. DoJ took down 4 โcrypting serviceโ domains. Attackers keep innovating, law enforcement is catching up.
3๏ธโฃ EDDIESTEALER malware broke Chromeโs latest encryption. Even browser security is a moving target.
4๏ธโฃ China-linked APTs went after SQL Server, expanding attack vectors across Asia and Brazil.
5๏ธโฃ Microsoft OneDrive File Picker bug โ possible exposure of whole cloud storage, not just the file you pick.
ESSP score check: CVE-2024-9916 went from low risk to 80.49% exploitability โ up 79.40 points. Thatโs a warning to look at.
More at cvedetails.com
Hereโs what Iโve learned:
โ The โboringโ stuff โ core dump handlers, file pickers, config basics โ gets ignored until attackers show us why it matters.
โ 80% of cloud breaches start with simple misconfigurations, not zero-days. Remember Capital Oneโs $1.8M lesson?
โ Attackers target what we trust most: โinvisibleโ things that hold our systems together.
My take: Security leaders who audit the basics win the long game. Fancy tools matter, but discipline around the fundamentals saves millions.
Are you focusing on the right risks? Or is your team missing whatโs hiding in plain sight?
Stay secure out there.
__
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
๐10
After 2 weeks of #CyberMonday threat intel and CVE updates, I want to hear from YOU.
Every Monday, I share the latest threats, key CVEs, and Cybersecurity news to help you stay ahead.
My goal? Make your week safer and save you hours of research. But I know every team has different needs.
Hereโs what I want to know:
โ Are these weekly updates helping you spot risks faster?
โ Do you use them to brief your team, patch systems, or guide your strategy?
โ What would make these updates even more useful for you?
Your feedback shapes what I share next. I want #CyberMonday to be your go-to for:
1๏ธโฃ Actionable Threat Intel
2๏ธโฃ Fast CVE Highlights
3๏ธโฃ Simple, clear takeaways you can use right away
Help me deliver the best #Cybersecurity content for YOU ๐
Every Monday, I share the latest threats, key CVEs, and Cybersecurity news to help you stay ahead.
My goal? Make your week safer and save you hours of research. But I know every team has different needs.
Hereโs what I want to know:
โ Are these weekly updates helping you spot risks faster?
โ Do you use them to brief your team, patch systems, or guide your strategy?
โ What would make these updates even more useful for you?
Your feedback shapes what I share next. I want #CyberMonday to be your go-to for:
1๏ธโฃ Actionable Threat Intel
2๏ธโฃ Fast CVE Highlights
3๏ธโฃ Simple, clear takeaways you can use right away
Help me deliver the best #Cybersecurity content for YOU ๐
๐9