Home - Blue Lava Community

Message Image

Skip main navigation (Press Enter).

Information security is a team effort.
Count us in.

Your safe haven environment to gather, share, support and mentor

Grow your skills and career as a member of the Blue Lava Community - Built with, by and for security leaders.

Our Community Members

Alex
Kreilein

Qualys

Tammy
Moskites

CyAlliance

Mark
Weatherford

AlertEnterprise

Rock Lambros

RockCyber

Roger Hale

Agora

Russell Eubanks

Security Ever After

Jasper Ossentjuk

NielsenIQ

William Pugh

AWS

Frank Kim

SANS

Megan McCann

McCann Partners

Brian Johnson

Armorblox

Brian Contos

Sevco

Laz

Blue Lava

Deborah Blyth

Crowdstrike

Elizabeth Volini

JLL

Hamish Archer

IBM

Julie Cullivan

FireEye

Eward Driehuis

3Eyes Security

Member Exclusive Resources

Built with, by, and for the Community

Community Project - 30/60/90 Plan For Success

Take full advantage of the detailed information in this guide built with, by and for members of the Blue Lava Community. You will appreciate the guidance, language and experiences shared from our project champions.

Community Project - CISO Board Presentation Template

This customizable slide deck was built with, by and for members of the Blue Lava Community who are looking to enhance their board presentations. Guided by a team of 6 experienced CISOs as well as dozens of other community champions.

On-Demand Recording: Cognitive Warfare - The Weaponization of the Mind

The human mind becomes the battlefield in cognitive warfare on the ground in the virtual world. The goal is to change not only what an audience thinks, but also how they think and act.

Membership Benefits

Private collaboration portal allowing members to gather, share, support, and mentor 365-days a year

01

Career services including executive placement support

02

Expert guidance on security program management

03

Relevant content and resources created with, by, and for members

04

Private meetups and best practice working groups led by member facilitators

05

Strategic mentor matchmaking

06

Join the community

Criteria to Join

The Blue Lava Community is built with, by and for CISOs and also welcomes those who aspire to lead security teams in the future.

There is no sales, marketing or business development representation in the community.

CISOs (or equivalent responsibility)

01

Cybersecurity stakeholders including CIO, CRO, CTO, CPO

02

High potential cybersecurity leaders and aspiring CISOs

03

vCISOs, Consulting CISO, Business owners, Security Experts and Industry Influencers

04

Blue Lava customers

05

No sales, marketing, or business development executives are eligible

06

Join the community

Latest Discussions

More

Leaderboard

Events

Wednesday

6

December

Expert Insights on 23 Impact and 24's Opportunities - Featuring Sandy Dunn, Jules Okafor, Eric Adams

Dec 6, 07:00 AM - 08:00 AM (PT)
Wednesday

6

December

FutureCon Cybersecurity Conference Atlanta (Live/In-Person) - Featuring Member Ken Foster

Dec 6, 08:00 AM - 05:00 PM (ET)

More

Blogs

Striking the Balance: Effective Cybersecurity Visualization for Informed Decision-Making

By: Matthew Rosenquist, 10-23-2023 11:59 AM

Blog Entry

In the complex and ambiguous realm of cybersecurity, the power of visualization tools cannot be overstated. When employed judiciously, they serve as invaluable assets, offering crucial data in a readily ...
The Power of Mentorship - Sharing Experiences and Fostering Growth

By: Fletus Poston, 07-20-2023 09:50 AM

Blog Entry

In our professional journeys, we often find ourselves grappling with challenges, seeking guidance, and striving for continuous growth. It is during these moments that the value of mentorship becomes truly ...
Any good Cyber books?

By: Elizabeth Volini, 05-18-2023 05:02 AM

Blog Entry

Hi All, I just read (Listened to) the book America the Vulnerable by Joel Brenner. It was a little out of date, but I found it to be insightful and entertaining. Has anyone else read this one? ...

News

Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats

12/1/2023 5:50:00 AM

The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting...
Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan

12/1/2023 5:49:00 AM

A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called...
Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks

12/1/2023 5:26:00 AM

The most recent Gcore Radar report and its aftermath have highlighted a dramatic increase in DDoS attacks across multiple industries. At the beginning of 2023, the average strength of attacks reached...
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

12/1/2023 5:04:00 AM

Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been described as an "additional...
U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign-Based Agents

12/1/2023 2:43:00 AM

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents...
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

12/1/2023 1:22:00 AM

Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication...
Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

11/30/2023 11:25:00 PM

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software...
Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

11/30/2023 8:08:00 AM

Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in...
North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

11/30/2023 6:55:00 AM

Threat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions...
This Free Solution Provides Essential Third-Party Risk Management for SaaS

11/30/2023 6:55:00 AM

Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management (TPRM) and...

Okta: Breach Affected All Customer Support Users

11/29/2023 2:41:14 PM

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal...
ID Theft Service Resold Access to USInfoSearch Data

11/28/2023 10:57:38 AM

One of the cybercrime underground's more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch...
Alleged Extortioner of Psychotherapy Patients Faces Trial

11/16/2023 2:59:14 PM

Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki, a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice...
Microsoft Patch Tuesday, November 2023 Edition

11/14/2023 6:00:59 PM

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already...
It’s Still Easy for Anyone to Become You at Experian

11/11/2023 12:59:07 PM

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re...
Who’s Behind the SWAT USA Reshipping Service?

11/6/2023 8:51:31 AM

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational...
Russian Reshipping Service ‘SWAT USA Drop’ Exposed

11/2/2023 3:55:34 PM

One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia...
.US Harbors Prolific Malicious Link Shortening Service

10/31/2023 9:26:55 AM

The top-level domain for the United States -- .US -- is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research...
NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison

10/23/2023 9:08:27 AM

A 22-year-old New Jersey man has been sentenced to more than 13 years in prison for participating in a firebombing and a shooting at homes in Pennsylvania last year. Patrick McGovern-Allen was the subject...
Hackers Stole Access Tokens from Okta’s Support Unit

10/20/2023 2:39:23 PM

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support...

Okta Breach Widens to Affect 100% of Customer Base

11/30/2023 5:52:00 PM

Early disclosures related to September compromise insisted less than 1% of Okta customers were impacted; now, the company says it was all of them.
Law Firms & Legal Departments Singled Out for Cyberattacks

11/30/2023 5:22:00 PM

Cybercriminals use legal search terms to ensnare unwitting victims, then launch ransomware or business email compromise attacks.
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets

11/30/2023 3:50:00 PM

A decade and a half after Gh0st RAT first appeared, the "SugarGh0st RAT" variant aims to make life sweeter for cybercriminals.
Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks

11/30/2023 1:30:00 PM

Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure.
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus

11/30/2023 12:35:00 PM

The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.
Deluge of Nearly 300 Fake Apps Floods Iranian Banking Sector

11/30/2023 10:40:00 AM

No Iranian bank customers are safe from financially motivated cybercriminals wielding convincing but fake mobile apps.
8 Tips on Leveraging AI Tools Without Compromising Security

11/30/2023 10:00:00 AM

AI tools can deliver quick and easy results and offer huge business benefits — but they also bring hidden risks.
10 Holiday Gifts For Stressed-Out Security Pros

11/29/2023 10:23:00 PM

Office giving-friendly fidgets, stress balls, brain teasers, and more that are perfect to calm the most harried cybersecurity professionals.
Wiz-Securonix Partnership Promises Unified Threat Detection

11/29/2023 9:00:00 PM

The collaboration focuses on helping security teams detect and address cloud threats more effectively.
Rundown of Security News from AWS re:Invent 2023

11/29/2023 8:00:00 PM

Amazon Web Services announced enhancements to several of its security tools, including GuardDuty, Inspector, Detective, IAM Access Analyzer, and Secrets Manager, to name a few during its re:Invent event...

No Data Found

Student Loan Breach Exposes 2.5M Records

8/31/2022 8:57:48 AM

2.5 million people were affected, in a breach that could spell more trouble down the line.
Watering Hole Attacks Push ScanBox Keylogger

8/30/2022 12:00:43 PM

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

8/29/2022 10:56:19 AM

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Ransomware Attacks are on the Rise

8/26/2022 12:44:27 PM

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Cybercriminals Are Selling Access to Chinese Surveillance Cameras

8/25/2022 2:47:15 PM

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Twitter Whistleblower Complaint: The TL;DR Version

8/24/2022 10:17:04 AM

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Firewall Bug Under Active Attack Triggers CISA Warning

8/23/2022 9:19:58 AM

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Fake Reservation Links Prey on Weary Travelers

8/22/2022 9:59:06 AM

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
iPhone Users Urged to Update to Patch 2 Zero-Days

8/19/2022 11:25:56 AM

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
Google Patches Chrome’s Fifth Zero-Day of the Year

8/18/2022 10:31:38 AM

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

Widespread exploitation of severe vulnerability in ownCloud.

11/30/2023 4:10:00 PM

Reports of a Critical Vulnerability in ownCloud. Sites serving bogus McAfee virus alerts. Japan’s space agency reports a breach. Okta revises the impact of their recent breach. Cryptomixer gets taken...
Lawmakers push for reauthorization of Section 702. DoD advises on responsible military use of AI.

11/30/2023 4:00:00 PM

International guidance on AI system development. US Navy’s cyber strategy’s focus on non-kinetic measures. CISA resurrects cyber insurance working group.
The ongoing convergence of crime and espionage.

11/30/2023 11:21:11 AM

"SugarGh0st" RAT prospects targets in Uzbekistan and South Korea. cam steals travel company customer credentials. ScamClub's bogus alert pop-ups. Okta breach update. Cryptomixer taken down in international...
Ukraine at D+684: A hacktivist auxiliary is actively recruiting.

11/30/2023 7:12:41 AM

NATO conducts its annual cyber exercise against a background of hybrid war, heightened cyber espionage, and increased activity on the part of hacktivist auxiliaries.
Mike Brown: CEO of Talion

11/30/2023 4:00:00 AM

Mike Brown, CEO of the MSSP Talion, joins Marc in the latest episode of CyberCEOs Decoded. Mike shares his unconventional and winding story about buying an MSSP on the eve of the COVID-19 pandemic – and...
Critical challenges for critical infrastructure.

11/30/2023 1:00:00 AM

Nick Sanna of the FAIR Institute and Safe Security joins to discuss the challenges the White House faces in attempting to harmonize critical infrastructure regulations. Ben has the story of a warrantless...
Artificial Intelligence: Insights & Oddities

11/30/2023 12:00:00 AM

On this episode, Perry celebrates the one year birthday of ChatGPT by taking a look at AI from technological, philosophical, and folkloric perspectives. We see how AI was formed based on human words and...
Major crackdown on international cybersecurity.

11/29/2023 4:10:00 PM

A major ransomware gang is taken down in an international sweep. CISA and the WaterISAC respond to the Aliquippa cyberattack. Attacks against infrastructure operators hit business systems. Qlik Sense...
Godspeed Capital launches Crimson Phoenix. BlueVoyant acquires Conquest Cyber and raises $140 million in Series E round. Proofpoint names Su...

11/29/2023 4:00:00 PM

Godspeed Capital launches Crimson Phoenix. BlueVoyant acquires Conquest Cyber and raises $140 million in Series E round. Proofpoint names Sumit Dhawan as CEO.
Control systems and business systems under attack at utilities.

11/29/2023 11:12:42 AM

Qlik Sense installations hit with Cactus ransomware. Report: Google Workspace vulnerability discovered. CISA and the WaterISAC respond to the Aliquippa cyberattack. Attacks against infrastructure operators...

Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats

12/1/2023 5:50:00 AM

The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting...
Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan

12/1/2023 5:49:00 AM

A suspected Chinese-speaking threat actor has been attributed to a malicious campaign that targets the Uzbekistan Ministry of Foreign Affairs and South Korean users with a remote access trojan called...
Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks

12/1/2023 5:26:00 AM

The most recent Gcore Radar report and its aftermath have highlighted a dramatic increase in DDoS attacks across multiple industries. At the beginning of 2023, the average strength of attacks reached...
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

12/1/2023 5:04:00 AM

Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been described as an "additional...
U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign-Based Agents

12/1/2023 2:43:00 AM

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday sanctioned the North Korea-linked adversarial collective known as Kimsuky as well as eight foreign-based agents...
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices

12/1/2023 1:22:00 AM

Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication...
Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

11/30/2023 11:25:00 PM

Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software...
Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

11/30/2023 8:08:00 AM

Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in...
North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

11/30/2023 6:55:00 AM

Threat actors from the Democratic People's Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions...
This Free Solution Provides Essential Third-Party Risk Management for SaaS

11/30/2023 6:55:00 AM

Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management (TPRM) and...

Okta: Breach Affected All Customer Support Users

11/29/2023 2:41:14 PM

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal...
ID Theft Service Resold Access to USInfoSearch Data

11/28/2023 10:57:38 AM

One of the cybercrime underground's more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch...
Alleged Extortioner of Psychotherapy Patients Faces Trial

11/16/2023 2:59:14 PM

Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki, a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice...
Microsoft Patch Tuesday, November 2023 Edition

11/14/2023 6:00:59 PM

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three "zero day" vulnerabilities that Microsoft warns are already...
It’s Still Easy for Anyone to Become You at Experian

11/11/2023 12:59:07 PM

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re...
Who’s Behind the SWAT USA Reshipping Service?

11/6/2023 8:51:31 AM

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational...
Russian Reshipping Service ‘SWAT USA Drop’ Exposed

11/2/2023 3:55:34 PM

One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia...
.US Harbors Prolific Malicious Link Shortening Service

10/31/2023 9:26:55 AM

The top-level domain for the United States -- .US -- is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research...
NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison

10/23/2023 9:08:27 AM

A 22-year-old New Jersey man has been sentenced to more than 13 years in prison for participating in a firebombing and a shooting at homes in Pennsylvania last year. Patrick McGovern-Allen was the subject...
Hackers Stole Access Tokens from Okta’s Support Unit

10/20/2023 2:39:23 PM

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support...

Okta Breach Widens to Affect 100% of Customer Base

11/30/2023 5:52:00 PM

Early disclosures related to September compromise insisted less than 1% of Okta customers were impacted; now, the company says it was all of them.
Law Firms & Legal Departments Singled Out for Cyberattacks

11/30/2023 5:22:00 PM

Cybercriminals use legal search terms to ensnare unwitting victims, then launch ransomware or business email compromise attacks.
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets

11/30/2023 3:50:00 PM

A decade and a half after Gh0st RAT first appeared, the "SugarGh0st RAT" variant aims to make life sweeter for cybercriminals.
Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks

11/30/2023 1:30:00 PM

Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure.
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus

11/30/2023 12:35:00 PM

The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.
Deluge of Nearly 300 Fake Apps Floods Iranian Banking Sector

11/30/2023 10:40:00 AM

No Iranian bank customers are safe from financially motivated cybercriminals wielding convincing but fake mobile apps.
8 Tips on Leveraging AI Tools Without Compromising Security

11/30/2023 10:00:00 AM

AI tools can deliver quick and easy results and offer huge business benefits — but they also bring hidden risks.
10 Holiday Gifts For Stressed-Out Security Pros

11/29/2023 10:23:00 PM

Office giving-friendly fidgets, stress balls, brain teasers, and more that are perfect to calm the most harried cybersecurity professionals.
Wiz-Securonix Partnership Promises Unified Threat Detection

11/29/2023 9:00:00 PM

The collaboration focuses on helping security teams detect and address cloud threats more effectively.
Rundown of Security News from AWS re:Invent 2023

11/29/2023 8:00:00 PM

Amazon Web Services announced enhancements to several of its security tools, including GuardDuty, Inspector, Detective, IAM Access Analyzer, and Secrets Manager, to name a few during its re:Invent event...

Powered by Higher Logic