In 2019, I founded and served as the CEO of a cloud security company (C3M), a journey that eventually led to our acquisition by CyberArk in 2022. Back then, the cloud security scene was budding, filled with migration buzz and a shifting urgency around securing the cloud. Acronyms like CSPM (cloud security posture management) were emerging, and enterprise security leaders grappled with where to begin. Jump to 2023, and cloud security has transformed.

Every IT and security leader loses sleep over insider threats. They’re notoriously difficult to detect, costly to mitigate and can lead to widespread loss and reputational damage. Despite efforts to mitigate insider threats, current global risks and economic pressure are fueling the flame. There’s no silver bullet for insider threat protection, however a greater focus on culture, engagement and empowerment can make a real difference.

The recent cyberattack on MGM Resorts International has raised serious concerns about the security of sensitive data and the vulnerabilities organizations face in today’s digital landscape. In this blog post, we will dive into the details of the attack based on the information currently available, analyze its root causes and discuss key takeaways to help organizations strengthen their security posture.

Our guest today is Phillip Wylie, an offensive security professional and evangelist, author and podcast host who recently added director of services and training at Scythe to his extensive CV. Wylie talks with host David Puner about the critical need for ethical hacking in cybersecurity, identity security revelations from years of penetration testing, and his fascinating career arc, which began in professional wrestling. Considering a cybersecurity career?

Over six in 10 security decision-makers say their teams operate with limited visibility across their environments. Why? We could easily speculate that it comes down to the tools they do or don’t use. However, two-thirds of enterprises now have tools from up to 40 different security vendors in place, and they’re still struggling for insights into the constant cycle of identities seeking access. I believe there’s a bigger-picture challenge we need to – and can – solve for.

Today, more than ever, security is all about identity. Especially in the cloud, the central management and proliferation of cloud services means that with the proper identity and permissions, one can do almost anything (legitimate or malicious).

Open source software (OSS) has driven technological growth for decades due to its collaborative nature and ability to share information rapidly. However, major OSS security vulnerabilities like Log4j, Heartbleed, Shellshock and others have raised concerns about the security and sustainability of similar projects. At the same time, major open source-based companies have changed their OSS licenses, like MongoDB, Elastic (formerly ElasticSearch), Confluent, Redis Labs and most recently, HashiCorp.

Today, I’m honored to share that CyberArk has been named a Leader in the “2023 Gartner® Magic Quadrant™ for Privileged Access Management.” This is the fifth time our company has been positioned as a Leader in this report.

Investing in cybersecurity is a lot like working hard to save for retirement. Your budget’s already tight, but you must secure the future. You’re faced with endless headlines and market updates that make you nervous about making the wrong choices – or not making moves quickly enough amid fast-changing conditions.

In this episode, we welcome back Shay Nahari, VP of CyberArk Red Team Services. His discussion with host David Puner revolves around attacker innovation, focusing on key areas like cascading supply chain attacks and session cookie hijacking. Lean in as Nahari explains how the Red Team simulates real-world attacks to help organizations identify vulnerabilities and improve their security posture.