Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 2020, the SolarWinds compromise showed how far attackers can go when they look legitimate. Instead of breaking in loudly, threat actors tampered with trusted software updates and gained access that appeared routine to many defenses. The U.S. government later assessed that roughly 18,000 customers installed affected Orion updates, and a smaller subset experienced follow-on intrusion activity, often discovered only after time had passed.

Encrypted data has a shelf life, and for many organizations it must remain secret for years. The post-quantum risk is not a dramatic collapse of encryption, but a quieter threat: attackers harvesting encrypted traffic today so they can decrypt it in the future. That is why post-quantum readiness is increasingly a board and CEO-level responsibility, with the CISO leading execution, because quantum risk threatens long-term business stability, compliance expectations, and trust.

Working at the Black Hat Network Operations Center (NOC) as a data scientist makes me a bit of an outlier (pun intended) among network engineers and hard-core threat hunters.

With the holiday season all wrapped up (pun definitely intended), I finally have time to sit down and digest what we saw in the network traffic at Black Hat Europe 2025 while working alongside the other Network Operations Center (NOC) partners: Arista, Cisco, Jamf, and Palo Alto Networks. As usual, there is a mix of the expected, a dash of the unexpected, and some lessons for newcomers and greybeards alike. Let’s get into it.

Software-defined networking (SD-WAN) has transformed enterprise infrastructure, enabling dynamic connectivity between sites with centralized management and control. But when the control plane itself becomes vulnerable, network integrity is no longer a given.