Nicholas DiCola

3 days ago

Same attacker. Same month. Two casinos. Caesars paid ~$15M. Operations continued. MGM didn't. $100M loss. 10 days of disruption. The attacker's goal was never the data. It was the downtime. If lateral movement is limited, the ransom calculus changes completely.

0

2

0

1

769

8 days ago

IBM X-Force: 56% of ~40,000 tracked vulns last year required no authentication to exploit. That's not an identity problem. It's a network problem. If you can't reach a port, you can't exploit what's on it. Network segmentation is non-negotiable. https://t.co/cbVw39CcF9

0

3

0

54

PhD Cybersecurity, Principal PM Manager at MS Defender for Cloud Team, Published Author (34 books and counting), Speaker, University Professor. Tweets r my own!

10 days ago

The Gentlemen RaaS: 332 victims in 5 months. Entry point – exposed Fortinet and Cisco edge devices. Patch the perimeter. But the real question is what they reach once they're through it. If the internal network is flat, initial access is all it takes. https://t.co/rDTgNL3ifd

0

79

Who to follow

Yuri Diogenes

@yuridiogenes

Heike Ritter

@HeikeRitter

PM at Microsoft 🦄 Microsoft Security • dog mom 🐾🐾 https://t.co/mqoNvzMXyg

Mark Simos

@MarkSimos

Lead Cybersecurity Architect • Executive and Board Advisor • Keynote Speaker • Professional Storyteller https://t.co/UW4j471MsT

25 days ago

WEF: 99% of highly resilient orgs have active board involvement in cybersecurity. At low-resilience orgs, engagement is largely absent. Priorities come from the top. If your board isn't asking what happens when an attacker gets in – start there. https://t.co/sIVMKjuht0

0

51

30 days ago

We just published a resilience guide built for security leaders who are done with reactive strategies. Containment-first architecture. Measurable blast radius. Business continuity by design. https://t.co/eR8CkMqTTn

0

55

about 1 month ago

Jedis take time off to enjoy Star Wars Day! Happy May the 4th!

0

1

0

45

about 1 month ago

Organizations say "when" a cyber event happens. Not "if." The difference between a contained incident and a business outage isn't detection speed. It's whether lateral movement was limited before the attack. Resilience is an architecture decision. #CyberResilience #ZeroTrust

0

1

0

41

MasterSecJedi retweeted

about 1 month ago

CISA just flagged a vulnerability in Grassmarlin — a retired NSA tool used to map OT and ICS networks. No patch exists. It's a reminder that OT security debt doesn't age out. It compounds. 🚧 Our CEO Benny Lakunishok talked to SDxCentral about why this matters beyond one tool — and why energy, water, transport, and manufacturing can't afford to ignore it. The attack surface isn't just growing. In OT, it's been quietly accumulating for years. Full article 👇 https://t.co/XuCUWE8s6C

0

1

0

90

about 1 month ago

Zero Trust has four pillars: network, identity, application, data. Most orgs haven't finished the first two. Network closes broad exposure. Identity controls what's permitted on top. Not separate problems. One foundation. #ZeroTrust #Microsegmentation

1

2

0

26

about 1 month ago

AI is great at things it was trained on at scale. Security still needs more time and specialized data. Where it works now: SOC playbooks, structured triage. Where it needs work: autonomous detection, nuanced judgment. Be honest about the boundary. #AI #CyberSecurity

0

1

0

53

about 1 month ago

AI segmentation starts at the network layer – not authentication. If the network is open, API keys get stolen, agents get bypassed. Close the network first. Then layer identity. In that order. Most teams have it backwards. https://t.co/NDJRdvHmig #ZeroTrust #AISegmentation

0

70

about 2 months ago

@disneytipsguy I concur

0

1

0

29

about 2 months ago

5 stats. One conclusion. → 27s attacker breakout time → 60%+ of your network gone in under 1 hour → 241 days to contain a breach → 70% of alerts don't stop lateral movement → 86% of incidents still disrupt ops Stop the spread.

0

1

0

49

about 2 months ago

Final byte. 27 sec breakout. 60% down in an hour. 241 days to recover. 70% of alerts don't help. Despite bigger budgets every year – 86% of incidents still disrupt operations. More spend isn't the answer. Stopping lateral movement is. #ZeroTrust #Microsegmentation

0

49

MasterSecJedi retweeted

2 months ago

We analyzed 3.4 trillion activities across 400 enterprise environments. Here's what we found: One compromised system can reach 85% of your environment in a single hop. 71% of threat activity flows through just 4 protocols you can't disable: SMB, RDP, WinRM, RPC. Attackers don't need sophistication. They use the same trusted paths your IT team uses every day. The breach isn't the failure. The blast radius is. 📍How to secure the 4 protocols driving enterprise risk in 2026: https://t.co/uN6JYbNAwk 📖 Full threat analysis: https://t.co/AukvyQ0jhK

0

2

1

83

2 months ago

Byte #4. Only 30% of security alerts correlate to real lateral movement threat path elimination. 70% of the time your team is chasing noise that doesn't stop the attacker from spreading. Busy and protected are not the same thing. #ZeroTrust #SOC

0

38

MasterSecJedi retweeted

2 months ago

Visibility 🤝 Control Zero Networks is now a part of the Microsoft Sentinel connector ecosystem, enabling security teams to bring segmentation audit telemetry into Sentinel. The integration supports: - Compliance monitoring - Investigation of suspicious changes - Faster detection of attempts to bypass lateral-movement controls Learn more about the connector: https://t.co/FvFtc2teTy

0

1

99

2 months ago

Byte #3. 181 days to find a breach. 60 to contain it. 241 days total. Meanwhile last week – attackers hit 60% of your network in under an hour. They're done in 60 minutes. You're cleaning up for 8 months. Detection alone can't fix that math. #ZeroTrust #CyberSecurity

0

54

MasterSecJedi retweeted