Practive Security

Do you have a practical strategy for engaging social media in an intentional way that ensures your safety, security, and privacy? Do you know what the threats are and how to avoid them? Do you need help teaching others so they can start off right or fix what may be wrong? We have published several articles that address Social Media specifically. There are two we would like to draw your attention to: A Practive Guide to the Socials Finding the Real and True Online Our guide is a very practical review of the nature, dangers, and potential values of Social Media. We cover what it is, how to get started, what to watch out for, and how to practice social media use day-to-day, and more! In our guide to finding the real and true, we tackle the issues of deepfakes, engagement farming, clickbait, fake news and more. As always, these have philosophy woven throughout, but contain essential knowledge and practical tips as well. Please let us know how these help you, and if you have any thought for improvement. https://t.co/xmrhjYUOXO https://t.co/Jd8RC6b0d9

There is a strong narrative within the larger AI story when it comes to the Cyber Security implications of our ever advancing technology. The narrative is that the adversary is weaponizing AI to gain an unfair advantage. The claim is that they are rapidly accelerating past our ability to defend against them, which means we must adopt AI faster than they can. But is it true? Is that really what is happening? Is the adversary actually adopting AI to gain some unfair advantage? We address this in multiple angles across multiple articles and presentations. We have written about the general state of the weaponization of AI, we have written of specific tactics and attacks that leverage AI, we have written about impersonation scams using AI, and we have shared multiple videos describing the true nature of vulnerabilities, exploits, and how adversaries conduct successful attacks. Learn all about this and more by signing up at https://t.co/5OrTrrg1bv or head over to our Substack page and search for articles tagged with AI.

The latest in our Business Essentials / Pro series on the pillars of Cyber Security is now available: https://t.co/OmwCovVgwu In this article we review the fundamental mission of Cyber Security and example why the vast majority of Security teams get this wrong. We pull together several stories of the right and wrong way to understand mission and provide for you a reminder of the foundation upon which your security program should be built. Your mission is the mission of the company you serve. #CISO #InfoSec #CyberSecurity

As we reported in our video presentation title, "the AI Revolution" and in our article of a similar name, the economic transfer of wealth and power of recent years is stunning. Consider this, according to https://t.co/1J5VJ5B6cs In January of 2023, the largest company was Apple with a market cap of $2.0 T. The top 10 companies combined totaled a value of about $10 T. They represented a mix of tech, energy, retail, and finance. Today, NVIDIA's capitalization is at $5.2 T and the top 10 companies total over $27 T in combined worth. That's more than 2x the value of the top 10 companies just 3 years ago. Today's top 10 are 100% about AI. All that money came from somewhere - it was a transfer from many smaller companies into these few on top. In 2023, NVIDIA was worth $367 B and ranked #17 on the top companies list. Today, they are worth more than 2x what Apple was worth just 3 year years ago. What a difference a Revolution makes. #Bubble #AI #Vacuum

New article coming soon for our Business Essentials / Pro customers: Pillars of Cyber Security - The Mission. Spoiler alert: what most CISOs and information security professionals get wrong is that they think their mission is security. It's not, and that's where we fail. That's why most CISOs are treated as second-class executives and struggle for budget and relevance. If security is your mission, then you are working at a company for the sake of another; not unlike having an affair. We need to fix our mission if we want any form of respect and partnership with the businesses we serve. Article coming soon. #CISO #InfoSec #CyberSecurity

This summer, we plan to transform all of our written articles into video presentations to make them easier to use as an educational resource. For now, everything we have is available today to read, and most have podcast versions, and some have instructional videos to go along with them. Sign up now. Use the summer to get your kids protected!

Parents - listen up. If your kids have access to the Internet, then they are at great risk. Have you prepared them? Do they know about cyber crime, predators, manipulators? Do they know how to spot radicalization? Do they know how to protect their privacy and why? Are they practicing safety today in order to protect their accounts, finances, and identity tomorrow? According to Pew Research, 95% of US teens have on-demand access to the Internet, mostly via smartphones, and 50% report they are online constantly. So, they are engaged. And they are under attack. I've spent 25 years protecting some of the largest organizations in the world against the most sophisticated adversaries, as well as against common criminals. No one is protecting your kids. Security is up to us individually. Let us help you. At https://t.co/BG7fOzJn3t our Essentials Members have access to a library of articles, podcasts, and presentations that address all the risks of the online world and how to counter them. Cyber crime. Radicalization. Predators. Fraud. Coercion. Manipulation. Privacy. Theft. We have you covered. Please use us as a resource. You can read our material as a parent and teach your kids, or you can have your kids learn directly from us. Join today and use discount code ONEADAY for 20% off your first month. Just $15 a month from then on.

This matches the template of extortion attacks. Yours is a unique scenario we haven't seen before, but the template is clear. This was probably an attempt to get you to say something that the person was going to use against you - probably threatening public disclosure, or otherwise simply doing that as form of activism. But the template is actually one used in many different scams: 1. Unsolicited contact 2. Impersonation (in this case AI bot as an interested reader) 3. Presentation of a false claim 4. Provocation to respond in defense Next would have been some escalation or attempt to create urgency. I'll bet they trained the bot to continue to progress the conversation forward until you gave up something they could weaponize via extortion. Good on you for identifying the AI bot and refusing to continue.

New FAQ recently added for our Essentials Members. It's titled "preventing your social media from being hacked." We've all seen it - when the account you follow or that of your friend suddenly starts posting...odd...content, or when you receive a vague DM from a friend via a social media platform who never contacts you that way. These are the tell-tale signs of what we call account takeover. It's not exactly hacking as we tend to think about it, but it is a technique used by hackers of all types. You can protect yourself from this happening to you. It may be a little inconvenient, but its not difficult to do. https://t.co/4UTwmW3iNK

Concerns of AI integration in Web Browsers seems to have people considering alternatives. We have you covered. Our Essentials Members have access to our "101" page containing dedicated articles that describe the nature of threats that materialize via the Web Browser, and we also have practical guides for choosing, configuring, and how to safely use web browsers. What do we recommend? What do we use? What should you never use? We answer all this - and why it matters. Sign up today to get access: https://t.co/nSMZN5jlBD

We live in an inverted hierarchy of values: According to the 2025 Mott Poll, parents surveyed said online influence and other effects of Internet and device use are their top health concerns for their kids. Yet according to Pew Research, 90% of US teens have on-demand access to the Internet via smartphones or tablets and 50% said they are online "constantly." So it seems the health and wellness of their children is NOT the priority of the majority of parents. It seems the priority is making sure their kids fit in with the systems and patterns of this world - the very things that are destroying their children's souls before their very eyes.

It's true. Look at the best practice frameworks of today - the best strategic guidance our industry has to offer - it's fundamentally the same list of things we learned in the early 2000s. We have this solved. You don't need more stuff. You need to do what needs to be done. The problem is we approach company leadership the wrong way - with the wrong mission, the wrong message, and the wrong requests...so we aren't considered participants in the ethos of the companies we serve. Instead we're treated as bolt-on components. The solution isn't in AI or chasing the break out time or metrics or dashboards - the solution is being part of the company you serve. Cyber Security is your contribution to product sales, service delivery, manufacturing etc. We aren't supposed to be a static one-size-fits-all industry. We're supposed to be contributors to the organizations we serve with Cyber Security what we practice. We're supposed to be here to serve, protect, and defend. Get that mission right, and the friction goes away, your budgets shrink, and the true problems you need to solve come into focus.

Want to learn a deep Cyber Security industry secret? Here it is: we, the defenders, have the advantage. We always have and always will. Breaches happen because we allow them to, and we know how to prevent them. Take a look at all the breach reports and summary stats from the last few years. Breaches are almost always attributed to a failure to do or practice what we already know we should. Exposed vulnerability, excessive permissions, no MFA, open repo, systems weren't segmented, data wasn't encrypted. Take a look at the MITRE ATT&CK framework - strategically it hasn't changed much in 2 decades. Look at the kill chain. No change. The adversary isn't nearly as sophisticated or advanced as we think. That's a big myth used to sell stuff you don't need. Look at the adoption of AI by the adversary - we ready through all the reports from 2025 and the summaries of AI-powered attacks. There was almost nothing novel about them; no significant improvement for the adversary - just some incremental speed gains through orchestration and automation for attacks that are already 99% automated. The truth is, we solved the Cyber Security problem decades ago. We know what to do. We choose what we deploy. We choose the terms of exposure and we define the methods of engagement. We decide how to build our networks, write our code, managed our systems, govern access...and the adversary is always waiting for us to expose something they can take advantage of. Defense is a choice. It's not an unsolvable problem, and the adversary does not have the advantage. We do. Choose wisely. #InfoSec #CyberSecurity #CISC

New FAQ answered for our Essentials Customers - "Help, I've Been Hacked." This is a very brief answer to a few related questions, "what do I do to prevent my account from being hacked," "how are people's social media accounts hacked," "what is the best way to secure my online accounts?" https://t.co/4UTwmW3iNK

Hey. Pssst. You. Yeah, you. Listen up. Why are you here reading this when you could be reading in-depth analysis and learning strategically important things about online safety & security over at https://t.co/na9691MAeH or on our Substack page? Don’t like reading? Well that’s ok, we have most presentations in audio or video format. Ok, now off you go. Go sign up. Just $5 a month to support our work, $10 to unlock all our Substacks, and $15 for our Essentials membership on our website. Oh, and if you really want to geek out, we have a pro subscription too. Boom. I know, I know…it’s so incredibly cheap, you’re probably wondering, “can it really be any good?” Well, it’s such a great deal you can sign up today and check us out for a month for just $15. Just $15 for a whole month!! But alas, I know what you are going to say: “I don’t need that stuff, I know what I’m doing.” Ok. Cool. Well, just to be sure I haven’t missed anything, why don’t you take our Personal Security Assessment and then you’ll know if I know all the stuff that you know. Then come tell me what I got wrong. Mkay? Mkay. Off with ya now - head on over to PractiveSecurity and hit the sign-up link to pick your cup of tea. One more thing. If you’ve got some extra time, our Digital Health seminar for parents is more loaded than a California style carne asada burrito. Oh, and tell your friends. All. Of. Them. Then tell your boss about our professional services. Thanks. You rock.