Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Patrick Orzechowski (also known as “PO”) is Torq’s Field CISO, bringing his years of experience and expertise as a SOC leader to our customers. PO is a seasoned security veteran with a deep understanding of the modern security landscape. You can find him talking to SOC leaders and CISOs from major brands at cybersecurity events around the world. Why AI-driven Hyperautomation is the answer to your SOC pain.

The following is a guest blog by Lisel Newton, Executive Director, Information Security, Risk & Compliance at Gossamer Bio. When it comes to cybersecurity, too many companies treat offensive security measures, such as Red Team exercises and penetration testing, as mere compliance checkboxes. Gossamer Bio, however, prioritizes offensive security as an integral component of our proactive defense strategy rather than just a regulatory requirement.

You’ve heard about JavaScript SQL injection attacks before, but you’re not entirely sure what they look like in the wild or if you need to worry about them in the first place. Maybe you’re trying to figure out just how bad it could be. In short, if you’re building apps using SQL databases, like MySQL and PostgreSQL, you’re at risk—you’re not safe from attack methods plaguing developers and their databases for decades.

In the context of the HITRUST CSF, the PRISMA Maturity Levels are designed to help organizations assess their cybersecurity posture and maturity in relation to security controls and practices. The PRISMA maturity levels are structured to reflect different stages of an organization’s ability to effectively implement and manage cybersecurity controls. Two of the PRISMA levels are Implementation and Measured.

As developers continue to adopt AI tools to transform their workflows, AI-generated code has become more common. In fact, 96% of developers reported using AI coding assistants to streamline their work. Although generative AI (GenAI) tools like ChatGPT can speed up workflows and boost productivity, the security and quality of the outputs aren’t guaranteed.

JWTs are often used by developers who seek to implement authentication over traditional cookie-based sessions. However, what happens when developers misunderstand JWT security and risk a severe broken authentication vulnerability?

The confidence gap in secrets management is real: 75% of organizations feel secure while only 44% of developers follow best practices. Discover what security experts reveal about remediation challenges, responsibility issues, and practical solutions for protecting your most sensitive credentials.

For years, IT teams have been stuck in a reactive mode, scrambling to fix network performance issues only after users start complaining. Despite an abundance of monitoring tools, the real challenge has always been identifying and resolving issues before they impact productivity—without spending countless hours on manual troubleshooting.

Vulnerability management has always been a challenge, but today’s security teams are feeling the pressure more than ever. With thousands of new CVEs reported every month, the sheer volume makes it difficult to know where to focus. In-use vulnerability prioritization is one of the most effective ways to cut through the noise, focusing only on vulnerabilities that are actively loaded in runtime. To focus on what really matters, security teams need better ways to prioritize risk.

Cyber threats are evolving and are one of the reasons why data breach costs increase each year, and traditional security models are struggling to keep up. As businesses embrace cloud computing and working remotely, the old "trust but verify" approach is proving inadequate, leading to the increased adoption of zero-trust policies. But is Zero Trust widely accepted? The answer is increasingly yes. So, how does Zero Trust work, and what makes it so effective?