Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In our first article exploring vulnerability management vs. exposure management, we explored the growing recognition that exposure management is not just a rebranding of vulnerability management. Rather, it’s a strategic evolution. Where traditional vulnerability management often focuses narrowly on CVEs and technical severity, exposure management demands a broader, more integrated understanding of risk across assets, environments, and attack vectors.

Learn how Snowflake is tackling NHIs, from secrets sprawl to a secretless architecture using GitGuardian for detection and Aembit for prevention.

A security operations center (SOC) leader is the point person for an organization’s security operations. They run a team of security analysts, engineers, and other specialists. But what exactly do they do on a day-to-day basis? As the person managing the organization’s cybersecurity hub, the SOC leader has to navigate all the complexities that come with it.

The internet isn’t always a safe place. Behind every click, every download, and every flashy pop-up ad, there might be something lurking that could bring down entire systems or steal sensitive information. That “something” goes by a name we’ve all heard: malware. But while the word gets used a lot, how many of us really know what it means? Or better yet, how many of us understand the different ways malware can mess with our data, our privacy, or even our businesses?

Today, we're taking a big step toward making trust management even easier for our customers: Vanta has acquired Riskey, a company leading the way in real-time third-party risk monitoring. Their continuous vendor monitoring and alerting will soon be part of Vanta’s Vendor Risk Management product. ‍ Managing vendor risk is more important than ever.

Despite growing investments and advances in cybersecurity, incidents and data breaches continue to increase year over year. From the continuous uptick of vulnerabilities to the rapidly expanding human attack surface, it’s clear that as new risk points appear, threat actors are right there, ready to take action.

We are working tirelessly on our AI First strategy to better protect both humans and their AI tools. KnowBe4 and its advocates spend a lot of time talking to audiences about AI-enabled threats, and rightly so, as recently covered in dozens of previous posts, including this recent one. This year and next promise to be an explosion of cyber threats better enabled by AI. After years of saying AI attacks would be coming, they are here and will be the way that most cybercrime is committed forevermore.

Modern platforms demand modern protection. As organizations adopt Kubernetes, OpenShift, and hybrid cloud environments, legacy backup tools—designed for static, VM-only systems—fall short. Today’s applications span containers, VMs, and dynamic cloud-native services. Protecting OpenShift Virtualization requires more than basic snapshots or namespace-level restores—it requires precision.

Patrick Orzechowski (also known as “PO”) is Torq’s Field CISO, bringing his years of experience and expertise as a SOC leader to our customers. PO is a seasoned security veteran with a deep understanding of the modern security landscape. You can find him talking to SOC leaders and CISOs from major brands at cybersecurity events around the world. Running a SOC isn’t for the faint of heart. I should know.

Fintech and banking ranked among the top three most targeted industries in 2024, according to the CISO’s guide to DevOps threats. Real-world incidents underscore this trend: Byte Federal, the leading Bitcoin ATM operator in the U.S., suffered a breach linked to a GitLab vulnerability. Meanwhile, financial software provider Iress and crypto wallet company Ginco were both targeted by threat actors exploiting GitHub repositories. Source: 2024 DevOps Threats Unwrapped.