Emagine IT, Inc.

GPT-4 Exploits 87% of Vulns, New CISA Requirements, VPNs Under Attack, and NIST Issues Digital Identity Updates In case you missed it, when it comes to cyber, April was packed. New guidelines from CISA for companies in the critical infrastructure space NIST Unveils New Consortium to Operate its National Vulnerability Database according to Tanya Brewer at VulnsCo A New Roadmap for FedRAMP focuses on ensuring the right ideas and the best customer experience is at the center The Cyber Safety Review Board published its analysis of the Summer 2023 Microsoft Exchange Online Intrusion Secure Supply Chain remains at the top of the conversation GPT-4 and AI Agents prove effective in a recent study, exploiting 87% of tested vulnerabilities NIST issues updates to the digital identity guidelines to support the use of synced passkeys. Have any comments? Let us know what you think below. Going to RSA Conference? Let's meet up! Adam Chun Erik Dominguez Danny R. Andrew Kostecka Colin Birch Drew Jezioro Song Pak John Albright

In case you missed it, we were fortunate enough to sponsor and support as keynote speakers for the recent Aquia and Amazon Web Services (AWS) 2024 Cloud Compliance Summit held on March 19, 2024. During the scheduled panel session, our very own Adam Chun and Erik Dominguez led a discussion alongside Allison DiPietro where we unpacked:   ⦿ FedRAMP Post-Authorization & What it Means For Your Organization ⦿ Current & Future State of Continuous Monitoring Requirements ⦿ FedRAMP PMO Drives Rev5 Transition You can now find the full live recording via the Emagine The Future podcast Episode 42. Hope you enjoy tuning in 🎙 🎧 📲

Unless you stop pushing code to production, vulnerabilities are inevitable. So how do you measure your ability to maintain resilience without slowing down? Ajay Chandhok, CEO and Founder of Stratus Cyber joined us for this week's episode of the Emagine the Future Podcast to discuss: ⦿ The Future of ConMon ⦿ Why Our Adversary is Always 2-Steps Ahead ⦿ Over-reliance on Tools Hinder Enterprise Resilience And measuring performance while continuing to drive your business forward with new features and product releases. Ajay brings more than two decades of experience supporting the Intelligence Community, defense sector, federal civilian agencies, and the commercial markets.

"We're going to miss out on the next Alan Turing or Grace Hopper because of the unnecessary and misaligned requirements we enforce on new cyber talent." On episode 39 of Emagine The Future, we were joined by Sebastian E. and as you can see, he came out swinging (paraphrased but not by much). We discuss the state of China, electric vehicles at targets, understanding our adversary, secure supply chain, and in line with the opening quote - Workforce Development. Seb's got shy of a decade of active duty in the United States Marine Corps, is a Founding Partner for Unicorn Strategies, and is heavily involved in #NatSecGirlSquad#NatSecGirlSquad to promote cyber pathways, education, and early development. Joining this forever battle against our cyber adversaries is simple and Seb says it best: "Find an industry you care about and go protect it." Even recording this while waiting to board his flight, Seb brought it. Go check it out you may just learn a few things.

As an active player in the fight to build resilience do you feel truly informed? In case you feel like you have missed something, we've created a monthly format designed as a cyber "catch-all". On the last Tuesday of every month, we release our This Month In Cyber video/audio podcast. Then on Friday (today), the long-form blog will be released to support an expanded view. Key topics from February's This Month in Cyber: ⚫ US Critical infrastructure remains a top target ⚫ Electric vehicles get external stress test at live event in Tokyo ⚫ CISA's targets support efforts for "target rich cyber poor" entities to prepare for imminent and escalating cyber conflict PS: There is even a January catch-up for those who missed it in January. Great collaborative effort by Justin Kinney and Erik Dominguez with support from Abdalla Elamin. https://lnkd.in/eGdG4Kvk

Excited for our very own, Adam Chun and Erik Dominguez, to rock the stage with an incredible cohort of public and private sector experts all on this shared mission to Level Up and Scale with FedRAMP 👊🏻 🎤

"The bad guys won't be allow listed so why should your team be during the assessment?" - We hear this regularly and push back every time - Here's why. Penetration tests are designed to identify critical holes in your security by showing you clearly where the greatest threats lay so you can fix them before they are exploited. However, as Erik Dominguez shared, most companies overestimate the value of a clean report and underestimate how unprepared their people are in the face of a real social engineering campaign. Sure, 99% of attacks will fail to get through. But what about the 1% that does? And unlike the assessments where you give them a "heads up, we have a social engineering campaign so be on the lookout...", in this case, they have no warning. Their readiness is put entirely on display with everything on the line. Just as we're seeing with Microsoft Azure compromises and the continued targeting of senior executives' Microsoft 365 apps, what if that 1% that gets through to senior executive(s) who never set up Multi-Factor Authentication (MFA) because "speed is everything in business"? And now, because that executive was never made aware that they were the hole in the organization's security, the adversary has domain access and is sending emails as that executive to people in the company asking to "help him/her with some updates and changes". How trained is that employee? How prepared are they to receive what looks to be an email from their boss's boss's boss asking them to do something? Or will they just do it because who questions somebody that high above them on the org chart? This is about people. Allow listing during a penetration test is about helping ensure the readiness and resilience of your people. Fight the urge to check the box and pursue the squeaky-clean report. If you go to the doctors do you want to squeaky clean report or do you want to see the early symptoms and tackle it head on before it spreads? For more from This Month in Cyber - February Edition, check the resources in the comments.

China shifts its cyber offensive strategy from espionage to pre-positioning ahead of future conflicts, Cybersecurity and Infrastructure Security Agency Director Jen Easterly addresses the US House Select Committee (puts pressure on software developers to prioritize security over fast releases and manufacturers to manufacture products that are secure by design), the US fed doubles down on securing critical infrastructure and building joint incident response plans in the event of an attack, Senior Microsoft Azure executives are targeted for Microsoft 365 logins and more... Those are just a few of the stories from February's "This Month in Cyber" episode. Incidents, breaches, regulatory and governance updates. Here's a month of news in 4 minutes to keep you informed and impactful in the fight to build resilience nationwide. Interested in the full deep dive? Check the resources provided in the comments. Erik Dominguez

Important questions are being asked about the future of key technologies and their impact on the world. Unfortunately, we seem to want simple, comfortable lies instead of the uncomfortable truth. A powerful statement from this week's episode. On episode 37 of Emagine The Future, we are joined by Scott Cory, Former Chief Information Officer for Administration for Community Living. From 2013 until recently, Scott served as CIO for ACL where he focused on leveraging information and technology to help ensure older adults and people of all ages with disabilities can live where they choose, with the people they choose, and with the ability to participate fully in their communities. I will say, the above quote is paraphrased. However, you'll notice that Scott didn't hold back in sharing his belief that this is an important moment in history and it's an important time to scrutinize how decisions are made, ask the tough questions, and pursue truth over everything - especially comfort. During this episode, we discuss some of the more recent events (like Cybersecurity and Infrastructure Security Agency Director Jen Easterly's address at the House Select Committee on Strategic Competition between the United States and the Chinese Communist Party from January 31, as well as other topics like: ⚫ The Current State of the Threat Landscape ⚫ Moving from On-Prem to the Cloud ⚫ Project and Program Level Governance ⚫  Leveraging Artificial Intelligence to Enabled Decision Support

Yes, state and federal governments continue to prioritize security, but what about the 33M small and medium businesses nationwide? On this episode, we are joined by our friend Charles Rush, CEO and Founder of Rush IT LLC and Mentor with Blacks in Cybersecurity. Charles has been in Information Technology and Cybersecurity for more than 20 years with deep experience in networking (security) engineering, Continuous Diagnostic and Mitigation (CDM), and vulnerability management. During this episode, we discuss recent events as well as: ⚫ The State of Vulnerability Management ⚫ The Threat Landscape & Its Impact on SMBs ⚫ The State of Cybersecurity in 2024 ⚫ Mentorship & Giving Back