Olivia
Online
SANS Institute
@SANSInstitute
SANS is the most trusted and by far the largest source for information & cyber security training, certification and research in the world.
Worldwide
Joined February 2009
412 Following
192.9K Followers
42.5K Posts
Β Pinned Tweet
The threats are evolving. So is our leadership.
James Lyne is now CEO of @SANSInstitute. The next chapter starts now. π
Watch the full announcement β https://t.co/BoBJk2yeJx
#SANSInstitute #Cybersecurity
β³ Don't wait for the Fall.
@SANS_EDU graduate certificate programs accept applications monthly. Explore your options: https://t.co/9YDFNhWT1L
Anthropic mapped a six-step workflow for AI-assisted vulnerability discovery. The skill gap it exposes is worth understanding for pentesters. 1,596 vulnerabilities disclosed. 97 patched. https://t.co/50z4fG6Uvf
Blocking AI doesn't make it go away. It makes it invisible. You can't govern what you can't see. Our newest eBook shows the way out. π
Stop blocking. Start governing. The SANS AI Security Maturity Modelβ’ eBook shows you how:
https://t.co/MN8rYWx7Fn
#AIGovernance #InfoSec
Who to follow
ISC2
@ISC2
An international nonprofit membership association focused on inspiring a safe and secure cyber world. Become an ISC2 Candidate today!
CISA Cyber
@CISACyber
Part of @CISAgov, we respond to major incidents, analyze threats, and exchange critical cybersecurity information with partners around the world.
SANS Offensive Operations
@SANSOffensive
More Offensive Than Ever
#PenTest | #PurpleTeam | #RedTeam | #ExploitDev
Training, Certification, and Research
π£ Maryland just opened three new paths into cybersecurity.
Free, grant-funded training across Core Cybersecurity, ICS/OT Security, and AI Security tracks. Applications close June 30.
π° Read the full announcement: https://t.co/0Jo1OblAtl
Compliance is redefining todayβs #CyberWorkforce.
#NIS2, #CMMC, and #DORA are driving new expectations for roles, skills, and accountability.
That shift is already impacting how teams hire and train.
Explore the data: https://t.co/PUyqFZLW9B
#WorkforceDevelopment
Your expertise matters β contribute to SANS Research by taking one of these surveys:
1οΈβ£ Share your real-world cloud security challenges and help shape practical, community-driven security strategies. Take the survey π https://t.co/tbIPhzzl2Z
2οΈβ£ Share your ICS/OT insights and help strengthen critical infrastructure defense globally. Take the survey π https://t.co/XNcshDGKZa
3οΈβ£ Share your insights on exposure discovery, prioritization, remediation, and automation. Take the survey π https://t.co/sBBBeKXXJ7
#CloudSecuritySurvey #ICSSecuritySurvey #ExposureManagementSurvey #SANSResearch
@smoothens29 @SANS_EDU Your best bet is to email [email protected] to reach out to the Admissions team.
π The 2026 @SANS_EDU Research Review Journal is officially live.
Explore peer-reviewed findings from the next generation of cyber leaders: https://t.co/PtDduv1EfF
SANS Fellow Frank Kim (@fykim) spent a day in a room of CISOs where it became undeniable: the vulnerability playbook that has worked for 20 years is breaking. That conversation continues in NYC and DC this week. CISO-only sessions.
His full account here: https://t.co/DlpN2KQbdp
Security research and criminal hacking look identical on paper. Katie Moussouri on why that's still a problem for researchers.
Full episode out now ποΈ https://t.co/PkbrAz70jx
Catch up on previous episodes now: https://t.co/0mEK42uMB6
How organizations build cyber talent is changing. On June 24, leaders from SANS and Microsoft will walk through finding from the 2026 Cybersecurity Workforce Research Report by SANS | GIAC live.
Register: https://t.co/Oe1TPKw6qu
#WorkforceDevelopment #CyberWorkforce
The executive order signed Tuesday asks AI developers to give the federal government up to 30 days with a frontier model before anyone else gets it. The draft floated 90. Security people wanted as much warning as they could get. The labs wanted less. At 30 days, nobody got what they asked for, which is usually how you know a compromise is real. (Both sides are now sufficiently disappointed. On schedule.)
30 days isn't a fix, though. It's a hurricane warning. You board the windows, you move the boat, and the storm still makes landfall.
The buffer buys preparation, not prevention, and it only counts if you do something with it.
The part nobody's arguing about: access to these capabilities is not equal, and it won't be.
JPMorgan and Amazon will be fine. The order names rural hospitals, community banks, and local utilities as a concern, then leaves them a discretionary "where appropriate" while early access goes to trusted partners selected with the government. The hospital in Springfield sits at the back of that line.
And closing your source code doesn't save you. Source code analysis is where Mythos is focused right now, which is why open source gets scanned first, but it does black box exploitation just as well.
Nation-state teams have broken Microsoft, Apple, and Google for years without ever seeing their source. The vulnerabilities get found either way. (Adversaries don't wait for their tier assignment.)
Under all of it is the oldest question in cyber defense: what is the government actually responsible for? The critical infrastructure everyone is worried about sits in private hands. The military can't defend a bank's network. The FBI takes the report after the breach. CISA runs real threat intelligence and coordination, but it doesn't have the authority to operate inside a private company and defend it.
When Volt Typhoon and Salt Typhoon hit American infrastructure, they hit private companies, because that's where the front line is. (I came up through the military side. That gap still bothers me.)
The order doesn't solve any of this. It documents the threat and starts the argument, and the risk now is that people read "signed" as "handled."
The work is what the community builds during the buffer, which is why @gadievron, @rmogull, and I, with @cloudsa, @SANSInstitute, and [un]prompted, are running closed-door CISO sessions in DC (https://t.co/wkKcPfx2Yf), New York (https://t.co/LwXXhuyfsW), and San Francisco. The people in the fight, writing the playbook before the vendors write it for us. If you're a senior security leader, you should apply to attend.
Read the Mythos-ready security program paper: https://t.co/pppV1gi4Vc
CISOs: do you actually know where your organization sits in that access structure? If not, that's worth finding out this week.
![robtlee's tweet photo. The executive order signed Tuesday asks AI developers to give the federal government up to 30 days with a frontier model before anyone else gets it. The draft floated 90. Security people wanted as much warning as they could get. The labs wanted less. At 30 days, nobody got what they asked for, which is usually how you know a compromise is real. (Both sides are now sufficiently disappointed. On schedule.)
30 days isn't a fix, though. It's a hurricane warning. You board the windows, you move the boat, and the storm still makes landfall.
The buffer buys preparation, not prevention, and it only counts if you do something with it.
The part nobody's arguing about: access to these capabilities is not equal, and it won't be.
JPMorgan and Amazon will be fine. The order names rural hospitals, community banks, and local utilities as a concern, then leaves them a discretionary "where appropriate" while early access goes to trusted partners selected with the government. The hospital in Springfield sits at the back of that line.
And closing your source code doesn't save you. Source code analysis is where Mythos is focused right now, which is why open source gets scanned first, but it does black box exploitation just as well.
Nation-state teams have broken Microsoft, Apple, and Google for years without ever seeing their source. The vulnerabilities get found either way. (Adversaries don't wait for their tier assignment.)
Under all of it is the oldest question in cyber defense: what is the government actually responsible for? The critical infrastructure everyone is worried about sits in private hands. The military can't defend a bank's network. The FBI takes the report after the breach. CISA runs real threat intelligence and coordination, but it doesn't have the authority to operate inside a private company and defend it.
When Volt Typhoon and Salt Typhoon hit American infrastructure, they hit private companies, because that's where the front line is. (I came up through the military side. That gap still bothers me.)
The order doesn't solve any of this. It documents the threat and starts the argument, and the risk now is that people read "signed" as "handled."
The work is what the community builds during the buffer, which is why @gadievron, @rmogull, and I, with @cloudsa, @SANSInstitute, and [un]prompted, are running closed-door CISO sessions in DC (https://t.co/wkKcPfx2Yf), New York (https://t.co/LwXXhuyfsW), and San Francisco. The people in the fight, writing the playbook before the vendors write it for us. If you're a senior security leader, you should apply to attend.
Read the Mythos-ready security program paper: https://t.co/pppV1gi4Vc
CISOs: do you actually know where your organization sits in that access structure? If not, that's worth finding out this week.](https://pbs.twimg.com/media/HJ5GRkWasAAU7ws.jpg)
"Bug bounties are actually a terrible idea for most organisations."
Katie Moussouri with a take that will ruffle some feathers.
Coming Friday ποΈ
Catch up on previous episodes now: https://t.co/0mEK42uMB6
60% of CISOs say the skills gap is their top workforce challenge in 2026. SANS Field CISO Chris Cochran: "Closing the gap comes down to one word: intention." His take plus 5 more critical gaps in @CSOonline. https://t.co/giRfmOCX9J
Cybersecurity has an apprenticeship problem, and AI is making it harder to solve. @robtlee explains. @BnkInfoSecurity
https://t.co/VdhXy8AJzj
Don't miss these upcoming SANS webcasts:
1οΈβ£ Learn key global SOC trends from a decade of survey data β alert fatigue, staffing gaps, and budget priorities.
Register: https://t.co/bSQP9509t9
2οΈβ£ See live, expert-led demos of cutting-edge cybersecurity solutions tackling today's most critical threats.
Register: https://t.co/caAXQoQhEz
3οΈβ£ ICS threats are targeting critical infrastructure now. Live demos, real attack case studies, and proven OT/ICS defenses β free, one day.
Register: https://t.co/s8GNcC6LFz
Most organizations discover gaps in their AI security program when something goes wrong, not during a structured assessment. The SANS AI Security Maturity Modelβ’ eBook gives you the scoring methodology to get ahead of that. π
Download free: https://t.co/AotZ3CCue9
#AIGovernance #AI #SecurityLeadership
#FBI warns U.S. law firms the Silent Ransom Group is posing as IT support in person. SANS' @lspitznerweighs in.
Link to @CSOonline article here: https://t.co/4ONnoENFXZ
π¨ Applications are OPEN. SANS Cyber Workforce Academy Maryland now has three scholarship-funded pathways: AI Accelerator, Cybersecurity Core, and ICS Security.
Maryland residents only. Apps close June 30.
π Apply: https://t.co/Vd5IjT0xhe
Last Seen Users on Sotwe
ger
Seen from Turkey
macha_ciss
Seen from Indonesia
Maggie Haberman
Seen from United States
Rahmat efendi
Seen from Indonesia
Baddies Arts
Seen from Turkey
NGINTIP KAMAR MANDI , NGINTIP KOLAM RENANG
Seen from Indonesia
Bapake0
BBYSTARπ
Seen from United Kingdom
Flint Fkeen
Seen from Germany
roro π€π
Seen from Saudi Arabia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers