Blue Lava Community

Information security is a team effort.
Count us in.

Your safe haven environment to gather, share, support and mentor

Grow your skills and career as a member of the Blue Lava Community - Built with, by and for security leaders.

Our Community Members

Alex
Kreilein

Qualys

Tammy
Moskites

CyAlliance

Mark
Weatherford

AlertEnterprise

Rock Lambros

RockCyber

Roger Hale

Agora

Russell Eubanks

Security Ever After

Jasper Ossentjuk

NielsenIQ

William Pugh

AWS

Frank Kim

SANS

Megan McCann

McCann Partners

Brian Johnson

Armorblox

Brian Contos

Phosphorus Security

Laz

Blue Lava

Deborah Blyth

Crowdstrike

Elizabeth Volini

JLL

Hamish Archer

IBM

Julie Cullivan

FireEye

Eward Driehuis

3Eyes Security

Membership Benefits

Private collaboration portal allowing members to gather, share, support, and mentor 365-days a year

Access to a support system of battle-tested business and security executives

Expert guidance on security program management

Relevant content and resources created with, by, and for members

Private meetups and best practice working groups led by member facilitators

Strategic mentor matchmaking

Join the community

Criteria to Join

CISOs (or equivalent responsibility)

Cybersecurity stakeholders including CIO, CRO, CTO, CPO

High potential cybersecurity leaders and aspiring CISOs

vCISOs, Consulting CISO, Business owners, Security Experts and Industry Influencers

Blue Lava customers

No sales, marketing, or business development executives are eligible

Join the community

Latest Discussions

Most common passwords for 2022
What, or who, do you sacrifice?
Germany bans O365 - how concerned should Microsoft be?
Compliance versus Security

1 person recommends this.
Will Intel's Pay-to-Play CPU Features be a Security Risk
RE: Happy Thanksgiving

1 person recommends this.

Featured resources

Crucial Conversations w/ Brian Contos on IoT Security

Brian Contos, CSO of Phosphorus Security, discusses how to take the necessary steps...

Crucial Conversations w/ Mark Weatherford - Cyberattacks on Complex Supply Chains Difficult to Resolve

Mark Weatherford, CSO and SVP of Regulated Industries, discusses supply chain security with ITSP's Sean Martin...

Crucial Conversations w/ Alex Kreilein - Product Security Best Practices

Alex Kreilein discusses what it takes for CISOs and InfoSec teams to become security advocates for customers by ensuring the safety...

View all

Events

On-Demand: Protect Yourself - Safeguarding Your Career as a Cybersecurity Leader

Blue Lava Community Event

Available On-Demand

Watch

Tuesday

6

December

(CA) Planet Cyber Sec Conference - (Hosted by Richard Greenberg; Featuring Community Member Shawn An

Dec 6, 08:00 AM - 05:00 PM (PT)
Tuesday

13

December

Group Workshop - 30/60/90 Day Plan in a New Role

Dec 13, 09:00 AM - 10:00 AM (PT)

How CISOs Can Recruit and Retain IT Security Teams While Also Fulfilling Their Own Careers

By: Megan McCann, 2 days ago

Blog Entry

The large ratio gap in the availability of IT security professionals to open positions existed long before COVID-19. And that gap has grown even bigger thanks to the great resignation that has continued ...
Cyberattacks on Complex Supply Chains Difficult to Resolve

By: Mark Weatherford, 19 days ago

Blog Entry

Traditional supply chain risk management is a fairly mature discipline where organizations focus on the logistics of how to get vendor products from point A to Point B. The reality however is that the ...
Cybersecurity Talent Challenge

By: Alexis Culp, 10-11-2022 09:23 AM

Blog Entry

After finishing my last blog, " How internships in cybersecurity can help you bridge the talent acquisition gap .” I felt somewhat inspired to continue on this chain of thought. As you probably have ...

News

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, and Windows Zero-Days

12/1/2022 9:32:00 AM

A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox...
Hackers Leak Another Set of Medibank Customer Data on the Dark Web

12/1/2022 8:17:00 AM

Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. ...
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

12/1/2022 6:44:00 AM

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 ...
What Developers Need to Fight the Battle Against Common Vulnerabilities

12/1/2022 6:13:00 AM

Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While...
Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users

12/1/2022 5:07:00 AM

More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan. Mainly designed to steal Facebook credentials, the malware is camouflaged...
Researchers 'Accidentally’ Crash KmsdBot Cryptocurrency Mining Botnet Network

12/1/2022 4:48:00 AM

An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down. KmsdBot, as christened by the Akamai Security Intelligence Response...
LastPass Suffers Another Security Breach; Exposed Some Customers Information

12/1/2022 4:35:00 AM

Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity...
North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets

11/30/2022 1:30:00 PM

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The...
Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

11/30/2022 8:44:00 AM

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI...
This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms

11/30/2022 7:15:00 AM

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook...

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

11/28/2022 5:08:21 PM

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called...
Researchers Quietly Cracked Zeppelin Ransomware Keys

11/17/2022 9:30:26 PM

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called Zeppelin in May 2020. Hed been on the job less than six months, and because of the way his predecessor...
Disneyland Malware Team: It’s a Puny World After All

11/16/2022 12:32:00 PM

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that...
Top Zeus Botnet Suspect “Tank” Arrested in Geneva

11/15/2022 10:38:20 AM

Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and...
Lawsuit Seeks Food Benefits Stolen By Skimmers

11/10/2022 1:11:10 PM

A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming...
Patch Tuesday, November 2022 Election Edition

11/8/2022 8:50:14 PM

Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the...
LinkedIn Adds Verified Emails, Profile Creation Dates

11/4/2022 5:09:52 PM

For whatever reason, the majority of the phony LinkedIn profiles reviewed by this author have involved young women with profile photos that appear to be generated by artificial intelligence (AI) tools...
Hacker Charged With Extorting Online Psychotherapy Service

11/3/2022 10:43:22 AM

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but...
Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

10/31/2022 4:53:27 PM

A 26-year-old Ukrainian man is awaiting extradition to the United States on charges that he acted as a core developer for Raccoon, a "malware-as-a-service" offering that helped paying customers steal...
Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

10/20/2022 1:07:34 PM

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number...

Is MFA the Vegetable of Cybersecurity?

12/1/2022 10:27:02 AM

Don’t fuss now — another helping of multifactor authentication can keep your organization strong and its data safer.
IBM Cloud Supply Chain Vulnerability Showcases New Threat Class

12/1/2022 10:24:44 AM

The Hell's Keychain attack vector highlights common cloud misconfigurations and secrets exposure that can pose grave risk to enterprise customers.
Data Security Concerns Are Driving Changes in US Consumer Behavior and Demands

12/1/2022 10:00:00 AM

As consumers catch on to the dangers, protection could become a major topic for legislative bodies.
Guidehouse Insights Anticipates Market for Automotive Cybersecurity Solutions Will Grow to More Than $445 Billion by 2031

12/1/2022 9:16:00 AM

Market drivers include new regulations, increasing automobile complexity, and new vehicle types.
CyberRatings.org Announces Results from First-of-its-Kind Comparative Test on Cloud Network Firewall

12/1/2022 9:09:18 AM

Ratings ranged from AAA to CC, with security effectiveness scores from 27% to 100%.
Phylum Expands Its Software Supply Chain Security Capabilities, Introduces Automated Vulnerability Reachability

12/1/2022 9:04:11 AM

Know what you need to fix today and what you don’t.
CI Fuzz CLI Brings Fuzz Testing to Java Applications

11/30/2022 9:00:00 PM

CI Fuzz CLI, the open source fuzzing tool with just three commands, integrates fuzz testing directly into the software development workflow.
Nvidia GPU Driver Bugs Threaten Device Takeover & More

11/30/2022 5:10:00 PM

If unpatched, a host of GPU Display Driver flaws could expose gamers, graphic designers, and others to code execution, denial of service, data tampering, and more.
Google TAG Warns on Emerging Heliconia Exploit Framework for RCE

11/30/2022 2:33:49 PM

The framework has ties back to a Spanish exploit broker called Variston IT, and offers a one-stop shop for compromising Chrome, Defender and Firefox.
How Banks Can Upgrade Security Without Affecting Client Service

11/30/2022 1:00:00 PM

New protective measures work behind the scenes, with little impact on the customer experience.

Researchers found security pitfalls in IBM’s cloud infrastructure

12/1/2022 9:01:00 AM

Security researchers recently probed IBM Cloud’s database-as-a-service infrastructure and found several security issues that granted them access to the internal server used to build database images...
Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

12/1/2022 8:01:00 AM

The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code into software projects with CI/CD (continuous integration and continuous delivery...
8 things to consider amid cybersecurity vendor layoffs

12/1/2022 5:00:00 AM

2022 has been a heavy year for layoffs in the technology sector. Whether due to budget restraints, mergers and acquisitions, streamlining, or economic reasons, TrueUp’s tech layoff tracker
Fortanix unveils AWS integration for centralized key management

11/30/2022 3:09:00 PM

Cloud security vendor Fortanix has updated its Data Security Manager to incorporate support for AWS’ external encryption key store system, adding another major public cloud vendor to the list of...
AWS' Inspector offers vulnerability management for Lambda serverless functions

11/30/2022 1:31:00 PM

Amazon Web Services has announced AWS Lambda serverless function support for its automated vulnerability management service, Amazon Inspector, and a new automated sensitive data discovery capability...
AWS launches new cybersecurity service Amazon Security Lake

11/30/2022 9:12:00 AM

Amazon Web Services (AWS) has launched a new cybersecurity service, Amazon Security Lake, which automatically centralizes security data from cloud and on-premises sources into a purpose-built data...
5 top qualities you need to become a next-gen CISO

11/30/2022 5:00:00 AM

Ransomware and data breaches pose a massive risk to organizations, resulting in loss of customer trust and shareholder value, reputation damage, hefty fines, and penalties. Cyber risk is a top concern...
What is Ransom Cartel? A ransomware gang focused on reputational damage

11/30/2022 5:00:00 AM

Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil
BrandPost: SASE: The Only Way to Improve Network Security Without Added Complexity

11/29/2022 10:17:00 AM

By: Mike Spanbauer, Field CTO, Security at Juniper Networks The future of network security has a new shiny architecture to meet organizational needs with Secure Access Service Edge (SASE). Still...
How to build a public profile as a cybersecurity pro

11/29/2022 5:00:00 AM

Cybersecurity professionals interested in raising their profiles as subject matter experts can count on social media to become more visible. With everyone being online this may not be enough though...

Student Loan Breach Exposes 2.5M Records

8/31/2022 8:57:48 AM

2.5 million people were affected, in a breach that could spell more trouble down the line.
Watering Hole Attacks Push ScanBox Keylogger

8/30/2022 12:00:43 PM

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

8/29/2022 10:56:19 AM

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Ransomware Attacks are on the Rise

8/26/2022 12:44:27 PM

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Cybercriminals Are Selling Access to Chinese Surveillance Cameras

8/25/2022 2:47:15 PM

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Twitter Whistleblower Complaint: The TL;DR Version

8/24/2022 10:17:04 AM

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Firewall Bug Under Active Attack Triggers CISA Warning

8/23/2022 9:19:58 AM

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Fake Reservation Links Prey on Weary Travelers

8/22/2022 9:59:06 AM

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
iPhone Users Urged to Update to Patch 2 Zero-Days

8/19/2022 11:25:56 AM

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
Google Patches Chrome’s Fifth Zero-Day of the Year

8/18/2022 10:31:38 AM

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Ukraine at D+280: War against infrastructure, kinetic and cyber.

12/1/2022 12:02:04 PM

Russian partial mobilization remains deeply unpopular. The Kremlin continues to frame its ongoing campaign against civilian infrastructure as an attack against legitimate military objectives.
Risks and opportunities in telecom’s shift to cloud.

12/1/2022 10:54:29 AM

Moody’s released a report yesterday detailing the risks and opportunities associated with cloud adoption in the telecom sector.
Heliconia framework described.

12/1/2022 10:50:17 AM

Google describes a commercial spyware operation that exploited zero-days.
Moody’s discusses cyber risk in healthcare.

12/1/2022 10:42:30 AM

Moody’s Investors Service released a comment today, detailing the cyber risks associated with not-for-profit and public healthcare.
A vishing competition and a Black Badge holder.

12/1/2022 1:00:00 AM

This week, Carole Theriault is interviewing DEFCON Black Badge holder Chris Kirsch from RunZero on the recent DEFCON 30 vishing competition. Dave and Joe share some listener follow up from 3 different...
Patching healthcare cybersecurity risks.

12/1/2022 1:00:00 AM

Sam Heiney, Impero's VP of Products, sits down with Dave to discuss patching healthcare cybersecurity risks in the Internet of Medical Things. Ben discusses a lawsuit that takes aim at artificial intelligence...
Cybersecurity predictions for 2023.

12/1/2022 12:05:00 AM

We’ve rounded up expert predictions and commentary on the direction of the cybersecurity industry next year. Sit back and enjoy the long read.
Spoofing site taken down. World Cup risks. Data breach in county government. Third-party breach affects pediatric data.

11/30/2022 5:25:27 PM

International operation takes down spoofing website. Professional fouls: World Cup scams identified. Data breach in California county. Pediatric health data exposed in software company data breach.
PlainID partners with Dremio. SPHERE raises $31 million in Series B funding. Bitfront shutters operations.

11/30/2022 4:30:00 PM

PlainID partners with Dremio. SPHERE raises $31 million in Series B funding. Bitfront shutters operations.
LockBit 3.0 and Punisher ransomware described. Leave that USB right in the parking lot where you found it. Killnet’s woofing. Lilac Wolverin...

11/30/2022 4:15:00 PM

Has LockBit 3.0 been reverse engineered? A COVID lure contains a Punisher hook. A Chinese cyberespionage campaign uses compromised USB drives. Lilac Wolverine exploits personal connections for BEC. Killnet...

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, and Windows Zero-Days

12/1/2022 9:32:00 AM

A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox...
Hackers Leak Another Set of Medibank Customer Data on the Dark Web

12/1/2022 8:17:00 AM

Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. ...
Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

12/1/2022 6:44:00 AM

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 ...
What Developers Need to Fight the Battle Against Common Vulnerabilities

12/1/2022 6:13:00 AM

Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While...
Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users

12/1/2022 5:07:00 AM

More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan. Mainly designed to steal Facebook credentials, the malware is camouflaged...
Researchers 'Accidentally’ Crash KmsdBot Cryptocurrency Mining Botnet Network

12/1/2022 4:48:00 AM

An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down. KmsdBot, as christened by the Akamai Security Intelligence Response...
LastPass Suffers Another Security Breach; Exposed Some Customers Information

12/1/2022 4:35:00 AM

Popular password management service LastPass said it's investigating a second security incident that involved attackers accessing some of its customer information. "We recently detected unusual activity...
North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean Targets

11/30/2022 1:30:00 PM

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart. "The...
Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection

11/30/2022 8:44:00 AM

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI...
This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms

11/30/2022 7:15:00 AM

A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook...

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

11/28/2022 5:08:21 PM

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called...
Researchers Quietly Cracked Zeppelin Ransomware Keys

11/17/2022 9:30:26 PM

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called Zeppelin in May 2020. Hed been on the job less than six months, and because of the way his predecessor...
Disneyland Malware Team: It’s a Puny World After All

11/16/2022 12:32:00 PM

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that...
Top Zeus Botnet Suspect “Tank” Arrested in Geneva

11/15/2022 10:38:20 AM

Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and...
Lawsuit Seeks Food Benefits Stolen By Skimmers

11/10/2022 1:11:10 PM

A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming...
Patch Tuesday, November 2022 Election Edition

11/8/2022 8:50:14 PM

Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the...
LinkedIn Adds Verified Emails, Profile Creation Dates

11/4/2022 5:09:52 PM

For whatever reason, the majority of the phony LinkedIn profiles reviewed by this author have involved young women with profile photos that appear to be generated by artificial intelligence (AI) tools...
Hacker Charged With Extorting Online Psychotherapy Service

11/3/2022 10:43:22 AM

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but...
Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

10/31/2022 4:53:27 PM

A 26-year-old Ukrainian man is awaiting extradition to the United States on charges that he acted as a core developer for Raccoon, a "malware-as-a-service" offering that helped paying customers steal...
Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

10/20/2022 1:07:34 PM

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number...

Is MFA the Vegetable of Cybersecurity?

12/1/2022 10:27:02 AM

Don’t fuss now — another helping of multifactor authentication can keep your organization strong and its data safer.
IBM Cloud Supply Chain Vulnerability Showcases New Threat Class

12/1/2022 10:24:44 AM

The Hell's Keychain attack vector highlights common cloud misconfigurations and secrets exposure that can pose grave risk to enterprise customers.
Data Security Concerns Are Driving Changes in US Consumer Behavior and Demands

12/1/2022 10:00:00 AM

As consumers catch on to the dangers, protection could become a major topic for legislative bodies.
Guidehouse Insights Anticipates Market for Automotive Cybersecurity Solutions Will Grow to More Than $445 Billion by 2031

12/1/2022 9:16:00 AM

Market drivers include new regulations, increasing automobile complexity, and new vehicle types.
CyberRatings.org Announces Results from First-of-its-Kind Comparative Test on Cloud Network Firewall

12/1/2022 9:09:18 AM

Ratings ranged from AAA to CC, with security effectiveness scores from 27% to 100%.
Phylum Expands Its Software Supply Chain Security Capabilities, Introduces Automated Vulnerability Reachability

12/1/2022 9:04:11 AM

Know what you need to fix today and what you don’t.
CI Fuzz CLI Brings Fuzz Testing to Java Applications

11/30/2022 9:00:00 PM

CI Fuzz CLI, the open source fuzzing tool with just three commands, integrates fuzz testing directly into the software development workflow.
Nvidia GPU Driver Bugs Threaten Device Takeover & More

11/30/2022 5:10:00 PM

If unpatched, a host of GPU Display Driver flaws could expose gamers, graphic designers, and others to code execution, denial of service, data tampering, and more.
Google TAG Warns on Emerging Heliconia Exploit Framework for RCE

11/30/2022 2:33:49 PM

The framework has ties back to a Spanish exploit broker called Variston IT, and offers a one-stop shop for compromising Chrome, Defender and Firefox.
How Banks Can Upgrade Security Without Affecting Client Service

11/30/2022 1:00:00 PM

New protective measures work behind the scenes, with little impact on the customer experience.

Home

Information security is a team effort. Count us in.

Alex Kreilein

Qualys

Tammy Moskites

CyAlliance

Mark Weatherford

AlertEnterprise

Rock Lambros

RockCyber

Roger Hale

Agora

Russell Eubanks

Security Ever After

Jasper Ossentjuk

NielsenIQ

William Pugh

AWS

Frank Kim

SANS

Megan McCann

McCann Partners

Brian Johnson

Armorblox

Brian Contos

Phosphorus Security

Laz

Blue Lava

Deborah Blyth

Crowdstrike

Elizabeth Volini

JLL

Hamish Archer

IBM

Julie Cullivan

FireEye

Eward Driehuis

3Eyes Security

Membership Benefits

Private collaboration portal allowing members to gather, share, support, and mentor 365-days a year

Access to a support system of battle-tested business and security executives

Expert guidance on security program management

Relevant content and resources created with, by, and for members

Private meetups and best practice working groups led by member facilitators

Strategic mentor matchmaking

Criteria to Join

CISOs (or equivalent responsibility)

Cybersecurity stakeholders including CIO, CRO, CTO, CPO

High potential cybersecurity leaders and aspiring CISOs

vCISOs, Consulting CISO, Business owners, Security Experts and Industry Influencers

Blue Lava customers

***No sales, marketing, or business development executives are eligible***

Latest Discussions

Leaderboard

Featured resources

Crucial Conversations w/ Brian Contos on IoT Security

Crucial Conversations w/ Mark Weatherford - Cyberattacks on Complex Supply Chains Difficult to Resolve

Crucial Conversations w/ Alex Kreilein - Product Security Best Practices

Events

On-Demand: Protect Yourself - Safeguarding Your Career as a Cybersecurity Leader

Blogs

News

Information security is a team effort.
Count us in.

Alex
Kreilein

Tammy
Moskites

Mark
Weatherford

No sales, marketing, or business development executives are eligible