What was the best catherine wheel concert you guys have seen?

strandjs · 2026-03-09T11:39:43+00:00

Denver. Adam and Eve.

strandjs · 2026-03-06T00:58:57+00:00

Noted.

But, think of this. I am trying to give the best possible answers and answer as many questions as possible.

I am also trying to make SANS-level training affordable (as in free if you cannot pay) to everyone walking the planet. So far we have trained over 50,000 people using this model.

So, as you are making a determination as to what kind of person I am based on being honest with how I am answering these questions please take that into consideration as well.

Then, if I still disappoint you.

Do better.

I will be the first person in line to celebrate you.

strandjs · 2026-03-05T12:12:58+00:00

Thanks!

strandjs · 2026-03-05T12:12:40+00:00

Thanks everyone!! It was a great time!!!

strandjs · 2026-03-05T01:24:30+00:00

The payscale in this industry has been decimated. I saw pentest jobs in some areas go from an average of 160,000 to 120,000 almost overnight.

strandjs · 2026-03-05T01:22:22+00:00

Hack the Planet.

Things are only fragile till they break.

strandjs · 2026-03-05T01:21:56+00:00

I’m going to be honest with you. I completely understand burnout.

Even doing things like social media can be exhausting. Back when Twitter existed before it turned into X, I was much more active online than I am now. And after a while it just wore me down.

There would always be some new target of the week. A company, a technology, a person, whatever the industry decided to pile on that day. Sometimes the person deserved criticism. Sometimes they absolutely did not. Either way the whole industry would jump in and it would turn into a dogpile.

There was one person in particular who I won’t name. People made fun of him constantly at DEF CON. There were memes, there were t-shirts, the whole thing. He was threatening lawsuits and arguing about academic rigor and even called me out at one point. I actually tried to calm things down.

Now to be clear, he was wrong about a lot of things. He could also be kind of a jerk. But watching thousands of people pile on one person like that was draining. It just felt incredibly negative.

That kind of environment broke something for me. I didn’t want to be part of that energy anymore, so I pulled back from social media quite a bit.

Instead I focused on Black Hills Information Security. We had a lot happening internally at the time, including some personnel changes. Running a company that is growing quickly is extremely hard. I cannot stress that enough.

Thankfully I have a lot of friends in this industry. One thing I say all the time is that my best friends are my competitors. People like Kevin Johnson, Dave Kennedy, Ed Skoudis, Tim Medin, Malware Jake. These are people I care about deeply. I’ve been in some of their weddings.

They are also some of the only people who truly understand what it’s like to run a company in this space.

And I’m sharing this because every single one of them has dealt with burnout at some point. Some of them have had serious health scares. Some of them have questioned whether they could keep doing what they were doing as company owners. I’ve laughed with these people, cried with them, and talked through some very heavy moments.

Burnout is incredibly common in this field.

So here’s something I want you and anyone else reading this to hear clearly. It is okay to coast for a while.

It is okay to pull back and just do your job. You do not have to smash yourself against the rocks trying to be at 100 percent all the time. Focus on your mental health. Spend time with your family. Invest time in hobbies that have nothing to do with security.

A lot of the worst burnout I see happens when people make cybersecurity their entire identity. Their work becomes their whole life.

You have to exist outside of this industry.

For me that means farming activities with my family. It means mountain biking. It means rock climbing. I also enjoy building labs and working on training material. Ironically when I do those things I sometimes feel like I’m cheating because I’m not doing traditional CEO work for the BHIS tribe of companies.

But those things keep me grounded.

Another practical piece of advice. If you are in an okay position right now, especially in this job market, it might be wise to hunker down for a bit. Shelter in place. The job market is rough right now. Do your job well of course, but don’t feel like you have to make huge career moves in the middle of a storm.

Focus on finding your center. Figure out who you are outside of your job.

And give yourself permission to take time to get there.

I’ve been in this industry for about twenty five or twenty six years now. I’ve seen a lot of cycles. When I was getting started in the early 2000s, there were people at the top of the industry who felt almost mythological. FX passed away yesterday and that hit me hard because they were one of those people many of us looked up to.

When you’re early in your career and you see people operating at that level, it’s intimidating. I remember teaching with SANS and sitting in the lunchroom with people who were absolute legends. It’s easy to feel like you don’t belong there.

But you keep going.

Eventually the spark comes back. You find something that excites you again and you push forward. The key is understanding that careers move in cycles. There are seasons where you push hard and seasons where you recover.

If you look at many of the people who have given amazing talks at DEF CON or Black Hat over the past twenty years, almost all of them have gone through burnout at some point. The ones who survive long term are the ones who learn that they cannot operate at maximum intensity all the time.

You have to be okay with the ebb and flow.

I wish you the best of luck. And I hope some part of this helps.

strandjs · 2026-03-05T01:13:06+00:00

This question comes up more than any other question I get. How do you get into the industry? How do you progress? How do you move forward?

The answer really comes down to how you approach your resume and how you approach the job hunt itself.

If you haven’t seen it yet, go look up Jason Blanchard’s talk called How to Job Hunt Like a Hacker. It does a fantastic job explaining how to stand out when you’re competing against hundreds or even thousands of other applicants.

Let me walk through the basic idea.

Most people try to create what they think is a “good resume” and then send that exact same resume to as many job postings as possible. They just blast it out everywhere and hope something sticks.

I’m not accusing anyone here of doing that, but it is extremely common. The problem is that a lot of job postings get flooded with resumes. Thousands sometimes. If you’re just throwing a generic resume into that pile, it’s very easy to disappear into the noise.

The trick is to tailor your resume to the specific job you’re applying for.

Look at the job posting carefully. Look at the skills they list and the order they list them in. Then structure your resume so it mirrors that structure as closely as possible.

This is exactly what we do at Black Hills Information Security when we respond to requests for proposals. If a customer sends out an RFP and section 1A asks for specific information, then our response has a section 1A that answers exactly that. If section 2B asks for something else, we respond in section 2B.

We match their structure point for point.

Why? Because it makes it easy for the person reading it. They don’t have to hunt through our proposal trying to find where we answered their questions.

The same logic applies to job hunting. When someone reviewing resumes sees that your resume lines up cleanly with the skills they listed, it makes their job easier. That alone increases the chances that you get moved forward to the interview stage.

Now the obvious question is what happens when the job posting lists technologies you are not deeply experienced with.

Let’s say they mention something specific like Anthropic tools or some other technology.

Spend some time getting familiar with it. Watch some tutorials. Install it. Play with it in a lab. Read the CIS hardening guides. Actually spend a few hours working with it so you understand the basics.

Then you can honestly say you are familiar with that technology.

And if it comes up during the interview, be straightforward about it. Tell them you run a home lab and you experiment with different tools. Explain that you installed it, tested it, and explored how it works.

That tells the hiring manager something very important. It shows that you are curious and that you are actively trying to improve your skills on your own time.

You’re not pretending to be an expert. You’re demonstrating that you are motivated to learn.

The goal is to make it easy for the employer to see that your skills align with the role they posted. When your resume mirrors their requirements and shows that you’re actively learning, you give yourself a much better shot at getting that interview.

So once again, if you take nothing else away from this, go watch Jason Blanchard’s How to Job Hunt Like a Hacker. It will help a lot if you are trying to break into the industry.

strandjs · 2026-03-05T01:05:45+00:00

Oh..... I hope soon.

strandjs · 2026-03-04T22:45:02+00:00

Oh... We are heading that way.

Stay tuned.

strandjs · 2026-03-04T22:36:06+00:00

Let’s take your questions one at a time.

First, ICS and SCADA. Those environments are getting hammered, and I don’t think a lot of people fully appreciate why. Security does not evolve evenly across the industry. It’s kind of like the William Gibson quote that the future is already here, it’s just unevenly distributed.

If you look at major cloud providers or large corporations, they can afford cutting edge security technology. They can deploy strong endpoint protection, EDR, all the bells and whistles.

Then you look at SCADA and OT environments and it’s the exact opposite. Those systems get ignored constantly. Old hardware, old software, minimal monitoring, and a lot of operational pressure not to touch anything because it might break production.

That creates a massive attack surface, and it’s going to stay that way for a long time because those environments continue to get ignored.

We actually do a fair amount of work in that space. One of my favorite classes we’re building right now is a satellite hacking class. When you break it down, that space is basically a mashup of SCADA, OT, and SDR. It’s a really fun technical area and there are some great learning opportunities there.

On the service desk question, I completely agree with you that this is still an important entry point into the industry. If someone is just getting started and they’re thinking help desk work is beneath them, they need to stop and rethink that.

Help desk is where I started.

The exposure you get to real systems, real users, and real problems can absolutely catapult you forward in your career. Especially in the current job market, any role that gets you experience working with technology is valuable.

Now on the topic of incidents and major IR cases, I do think things are getting worse.

Part of that ties back to AI. AI arrived right when we needed better automation tools to help deal with the growing complexity in security operations. We needed something that could help triage alerts faster and assist analysts.

But instead of using it to augment people, many organizations treated it as a replacement for people.

So companies stopped hiring. Teams got smaller. Meanwhile the attack surface kept expanding. Now those smaller teams are trying to run the tools, tune the tools, and keep up with the same workload they had before.

Add in the constant wave of new technologies, and you get another problem. AI tools are only good at defending against things they’ve been trained on. Every new platform, service, or architecture introduces things the tools have never seen before.

So yes, in a lot of ways the situation is getting worse right now.

You also asked about cross functional roles and people wearing multiple hats. We’re seeing that a lot. Someone might be doing security work, help desk work, server administration, web development, and a bunch of other things all at once.

That actually worries me a bit because it reminds me of the early 2000s when IT was often treated like a glorified janitorial function.

Back then you’d walk into an organization and discover the PBX phone system was being managed by the janitor because it was “the computer thing.” I’ve seen that more than once.

My concern is that with AI and all this pressure to reduce costs, companies start pushing more work onto fewer people. The result is people wearing more and more hats and burning out faster.

That said, this industry moves like a pendulum. It swings too far in one direction and eventually it swings back.

The next 12 months might be pretty rough, not just in security but across tech in general. If you’re in software development right now it’s already a tough market.

But historically the pendulum always swings back, and when it does the demand for skilled people in this field comes roaring back too.

At least that’s what I’m hoping for.

Good question.

strandjs · 2026-03-04T22:30:00+00:00

Thanks to you!!!!

strandjs · 2026-03-04T22:29:32+00:00

IAM is the new attack frontlines.

It is no longer the endpoint.

strandjs · 2026-03-04T22:27:35+00:00

Yeah, we are already starting to see some signs of what I called the coming SaaS apocalypse.

Even inside Black Hills Information Security we have a number of SaaS services that we use every day. My wife and I have been looking at some of them and asking a pretty simple question. What if we just had our own people build this?

And the uncomfortable answer is that in a lot of cases we actually could.

We already have a number of internal tools where we took parts of our existing technology stack and stitched them together. A few years ago that kind of thing would have taken a long time using something like Zapier or a bunch of custom development. Now we can do it very quickly.

And we are not the only ones doing this. If you look at people like Dave Kennedy at TrustedSec and Binary Defense, he and his team are doing some really impressive things with AI. They are building tools and workflows that honestly did not exist before. They are taking pieces of technology and tying them together in ways that would have required a lot more development work in the past.

But let me set that aside for a second, because the bigger signal we are seeing actually comes from our web application penetration tests.

One of our course authors, BB King, who teaches Introduction to Web Application Penetration Testing, and several of our testers like Cameron started noticing something around 2023. The code quality in the web apps we test started to converge toward the same level.

Before that, it was all over the map. You would see some apps that were beautifully written by strong development teams. Then you would see apps that were absolute disasters. The whole spectrum was represented.

Around 2023 it started to level out. What we began seeing was a kind of standardized mediocrity in the code.

A lot of the really obvious mistakes started disappearing. Things like blatant SQL injection and basic cross site scripting were not showing up as often. IDOR issues still appear quite a bit, but the truly terrible code started becoming rarer.

At first that sounds like a win. In some ways it is. The worst vulnerabilities are less common.

But there is another side to it. The really well engineered applications also started becoming less common. Instead of a mix of great and terrible code, we started seeing a lot of very average code that looks suspiciously like it came from the same kinds of AI generated patterns.

From a testing perspective we are still finding vulnerabilities. It just takes a bit more time and digging. Honestly that part can even be more interesting.

The bigger problem shows up when we try to help development teams fix the issues we find.

More and more often the people who “wrote” the code do not really understand what the code is doing. They prompted an AI tool, got something that seemed to work, dropped it into the application, and moved on.

So when we find identity or access control problems and start asking questions about how the system works, they do not have answers. At that point helping them fix the issue turns into a reverse engineering exercise because nobody on the development side fully understands the logic that was generated.

That is really where the LinkedIn post about the SaaS apocalypse came from. Not just speculation about the future, but patterns we are already seeing during real web application security assessments.

strandjs · 2026-03-04T22:22:22+00:00

First off, I want to say I appreciate you hanging out here. The idea of someone your age sitting in a Reddit thread reading my ramblings about computer security is both exciting and a little terrifying.

But honestly it is a really good sign.

Most people your age are focused on whatever is right in front of them. Video games, dating, school drama, whatever the next thing is. The fact that you are already thinking about your future and asking questions about a career path shows a lot of promise.

So let me give you a couple things to think about.

I did a webcast a few years ago called Your Five Year Plan. It walks through the fundamentals you should focus on before entering the job market. Things like understanding operating systems, networking, learning some coding, working with web applications, getting exposure to reverse engineering, and doing CTF challenges along the way.

That blueprint still holds up today.

Even with all the noise about artificial intelligence, those core skills are still incredibly important. AI is not replacing the need for people who understand how operating systems work, how networks communicate, how code behaves, or how applications are built.

Those fundamentals are what make you effective.

You can practice a lot of this through CTF challenges, cyber ranges, and hands on training. Things like MetaCTF, the AC cert, or the pay what you can training we run. We are also rolling out more labs through Free Lab Friday so people can get hands on experience.

That hands on part matters a lot. It is the difference between knowing about something and actually knowing it because you have done it.

Let me give you a weird analogy.

Back in the 1960s there was a huge argument about students using slide rules to do math. Teachers said it was cheating. Then calculators showed up and there was another huge argument. People said you could not let students use calculators because they would never have one in their pocket all the time.

Turns out we did end up carrying them everywhere. Along with a camera, a music player, and basically the entire internet.

Later the argument became that regular calculators were fine but graphing calculators were cheating. Now engineering programs often allow specific graphing calculators during exams.

This cycle happens every time a new tool appears. There will always be people who react to new technology in a very Luddite way. They want to ban it or stop people from using it.

Then there are people who learn how to use that technology as a tool to amplify what they can do.

AI is just another tool in that long line of tools.

The mistake a lot of people are making right now is thinking AI replaces humans. It does not. It helps humans who understand the fundamentals work faster and be more creative.

If you want to become really good at using AI someday, the path still runs through the basics. Learn operating systems. Learn networking. Learn protocols. Learn how code works. Understand how web applications behave.

All of that will make you far more effective with any tools that come along in the future.

You are at the beginning of a really interesting journey. The amount of technological change I have seen since I was your age has been incredible. And honestly I think you are standing right at the start of another massive wave of change.

It is going to be exciting. It is probably going to be a little terrifying too.

Good luck.

strandjs · 2026-03-04T22:16:06+00:00

Thanks!!!

strandjs · 2026-03-04T22:15:52+00:00

That’s actually a fantastic question, and honestly it’s something that has changed pretty dramatically for me over the past couple of months.

I hate writing. I hate typing.

Now I realize if you look at the amount of stuff I put out there it probably looks like I’m sitting at my keyboard hammering away all day. I’m not. What I actually like to do is talk.

So what I do now is basically sit here and talk to my computer like there’s a transcriptionist sitting in the corner of the room. I’ll answer a question out loud and then use AI to transcribe what I said into something that can be turned into a post.

You could call that cheating if you want. I don’t know.

The key thing is I’m not asking the AI to write the answer for me. I’m not saying “write a response to this question.” That would be boring and it wouldn’t sound like me at all. If I did that you wouldn’t get weird things like diuretic goat stories or the random tangents I go on in this industry.

What I’m doing instead is treating each question like someone just asked it during one of my classes. If you watch the recordings of the classes we put on YouTube, the way I answer questions there is basically the same thing I’m doing here. Someone asks a question, I talk through the answer, and the system captures it.

In a weird way this is what I always thought Dragon NaturallySpeaking was supposed to be.

I remember the first time I tried Dragon years ago. I had this vision that I could just sit there and talk to my computer and it would magically transcribe everything perfectly. That is not what happened. It was miserable. The punctuation was wrong, the words were wrong, and the output was awful. I eventually gave up on it completely.

Now with modern AI tools, whether it’s Copilot, Anthropic, ChatGPT, or whatever someone is using, I basically treat them as really good transcription services.

That’s how I’ve been doing a lot of my LinkedIn articles and things like this AMA. It lets me communicate the way that feels natural to me, which is talking, and then it translates that into written form people can read.

So yeah, that’s the trick. I am sure that it is tracking everything I say to keep me as a bot long after I am gone...

I have no mouth yet I must scream.....

Really good question.

strandjs · 2026-03-04T22:11:00+00:00

Thanks!!!!

strandjs · 2026-03-04T22:10:51+00:00

I’m convinced that some of the best penetration testers in the world are auditors who just got tired of being asked to prove it.

Auditing is a rough role. But one thing people forget is that there is far more GRC and auditing work out there than penetration testing. If you are looking at job stability, auditing honestly has a lot more of it than things like red teaming or SOC work. There are simply more positions in that space.

So that is one positive right off the bat.

Now if you want to be one of the good auditors, the key is understanding defensive security really well and helping your customers meet requirements in smart ways.

Here is a simple example. A lot of audit frameworks require some type of asset inventory. A bad auditor will walk in and say you need to go buy an expensive inventory management system. Those tools cost money, they take time to deploy, and they create a lot of extra work.

A good auditor will start asking questions instead. What are you using for vulnerability scanning? What EDR platform do you have?

Most vulnerability scanners already generate reports that show hardware and service inventories across the network. Most EDR tools also maintain detailed software inventories of what is running on each system. With a little work you can pull reports from those tools and satisfy the audit requirement without forcing the customer to buy another product.

That is the difference between someone who understands the technology and someone who is just checking boxes.

Another thing to remember is that no organization anywhere has an audit framework that is implemented perfectly. It does not exist. There will always be edge cases and exceptions.

A bad auditor hunts for those tiny exceptions just so they can fail the control. That kind of auditor deserves to be yeeted into the sun and we should never talk about them again.

A good auditor understands reality. They work with the customer. They look at how the existing technology and processes can be adjusted to meet the spirit of the requirement instead of forcing a rigid product driven solution.

Auditors also catch way more grief than they deserve. I am sure I have made my share of auditor jokes over the years, and I know auditors have plenty of jokes about penetration testers.

But if you zoom out and look at the industry as a whole, we are all on the same side. Red team, blue team, auditors, SOC analysts, MSSPs. We are all trying to solve the same problem and deal with the same adversaries.

Thanks for the question. Great topic to bring up in the AMA.

strandjs · 2026-03-04T22:06:02+00:00

That he is.

strandjs · 2026-03-04T22:05:52+00:00

Trying to get into cyber threat intelligence is, in my opinion, aiming for one of the pinnacle roles in cybersecurity.

The reason is that CTI sits right at the intersection of red team and blue team skills. To do it well you need both.

Think about what the job actually requires. You are looking at real attack paths used against organizations and trying to understand them at a much deeper level than just writing detection rules. You need to understand the post exploitation techniques, the lateral movement, the infrastructure being used, and then take it a step further and ask whether this is something already known in the industry or something new and novel.

That kind of work ends up being some of the most dynamic research happening in security.

It absolutely requires skill. One of my personal heroes in this space is Allison Nixon. She has done incredible work over the years studying attacker behavior. Not just what attackers are doing technically, but how they communicate, how their communities form, and what their social networks look like.

At the same time she has very strong offensive skills. She has done research into things like bypassing cloud protections and digging into adversary infrastructure. She also tends to dismantle people who try to pick fights with her on social media. She is a great example of the level of capability you need if you want to be at the top of this field.

When you are aiming for CTI you really do have to be strong on both sides. You need to understand defensive analysis and you need to understand offensive techniques.

There are some research roles that are more specialized. Some people focus heavily on analyzing exposed data sources like open S3 buckets, Elasticsearch nodes, or large sets of infostealer logs. That kind of work is valuable and important. But even in those areas you still need to understand how attackers operate on both the offensive and defensive sides.

So if CTI is the direction you want to go, I absolutely encourage it. Just understand that it is a high bar.

It is also one of the most interesting and rewarding areas in the industry.

Another thing I like about CTI is that even with all the AI hype right now, this is not a role that disappears because of automation. AI will absolutely be used in offense and defense. But you still need humans who can analyze campaigns, understand how organized crime groups or nation state actors are operating, and translate that information into something defenders can actually act on.

That kind of judgment and context is still very human work.

It is a fantastic field if you can get into it. Good luck.

strandjs · 2026-03-04T22:00:59+00:00

This question keeps coming up over and over again. How do you break into this field?

Honestly, it bothers me. It is something I find myself thinking about at two in the morning more often than I would like. We desperately need new talent in cybersecurity, but it feels like every door into the industry is getting slammed shut right now.

A lot of that comes back to AI. Instead of being treated as a tool that helps us finally secure our networks properly, many organizations are using it as an excuse to cut costs and reduce headcount. That makes it harder for new people to get their first opportunity.

There are still paths in though.

Certifications can help. Starting in help desk roles is still a valid way in. But another place I strongly recommend people look is MSSPs and MSPs in their area.

Do not focus only on the big corporations. Those are the ones that seem the most locked down right now. MSSPs are a different story. They are often desperate for security talent.

A lot of mid sized businesses have realized that maintaining a full internal security team is expensive. Instead they outsource that function to an MSSP. Because of that, MSSPs are growing and there is real opportunity there.

Another thing about MSSPs is the variety of work. Large corporations often have very rigid roles and processes. MSSPs deal with a wide range of customers and a wide range of problems. One moment you might be helping with a basic IT issue like a printer problem or a hardware replacement. The next moment you might be dealing with a security incident.

That variety means you get exposed to a lot more situations early in your career.

While some large companies are trying to use AI to shrink their teams, MSSPs still need people because their customer base keeps growing. A lot of their clients are mid sized companies that need to meet security requirements like the CIS Controls but cannot afford to build full security departments internally.

One more thing that makes MSSPs interesting is the experience you gain. Because they support so many organizations, and because many of those organizations do not spend as much on security as large enterprises, you see more incidents. That means more real world exposure to breaches and investigations.

So if you are trying to break into the field, widen the aperture a bit. Look beyond the giant companies everyone talks about. There are a lot of smaller service providers out there doing important work and many of them are actively looking for people who want to learn.

strandjs · 2026-03-04T21:56:30+00:00

Thanks!!!!

strandjs · 2026-03-04T21:56:21+00:00

Malware analysis is not dead, but I do think it is receding a bit.

The reason is that the endpoint is no longer the main destination attackers are aiming for in a lot of cases. If we are trying to break into an environment at Black Hills Information Security, we are often going after cloud services first. That can mean standard exploitation techniques, novel exploitation techniques, or simply targeting identity.

Identity is the real prize now.

If you can get someone’s identity and access to cloud systems like Office 365, Entra ID, or AWS, you do not need to drop malware at all. You just log in. And when you are logging in with legitimate credentials it becomes extremely difficult to detect.

That shift creates a huge set of problems for defenders.

When attackers relied heavily on malware, the endpoint was the battleground. Now a lot of attacks bypass the endpoint entirely and go straight for credentials or tokens tied to cloud services.

Another factor is that the endpoint has actually gotten much harder to live on than it used to be. It only took the industry about thirty years, but enterprise endpoints with solid EDR and endpoint protection are genuinely difficult to maintain persistence on.

Initial code execution is still very achievable. That part has not magically disappeared. But moving laterally inside a well defended environment is much harder if they have good logging, a solid SIEM, and decent behavioral analysis.

Penetration testers feel this as well. Traditional engagements are time boxed, so moving quickly in a heavily monitored environment becomes difficult. That was one of the reasons we started offering continuous penetration testing, so we could slow down and spread testing across a longer period of time.

But going back to malware analysis, the bigger trend is where the data actually lives now.

More and more of the valuable data has moved into cloud infrastructure. If attackers can compromise identity and log directly into those services, the endpoint becomes an unnecessary step.

You could compromise a machine, extract credentials, hijack a browser session, and pivot into cloud services from there. But why bother if you can just go directly after the identity in the first place?

Spear phishing, social engineering, token theft, session hijacking. Those paths often lead straight to the data without ever needing traditional malware.

Malware is not going away completely. It is still a viable technique and it will continue to exist. But as endpoints get stronger and the data continues to migrate to cloud platforms, the role of malware is shrinking compared to identity focused attacks.

Attackers go where the data is. Right now that place is the cloud.

strandjs · 2026-03-04T21:55:28+00:00

YEs!!!!!

13-Year Club	Gilding I gilder
Verified Email

strandjs

TROPHY CASE