Resilient Cyber Newsletter #42
- Chris Hughes from Resilient Cyber <resilientcyber+resilient-cyber@substack.com>
- Hidden Recipient <hidden@emailshot.io>
Resilient Cyber Newsletter #42White Collar Recesssion, Sec-Gemini, CISO Mindmap 2025, MCP and the Future of AI Tooling & CISO Tradecraft
WelcomeWelcome to Issue #42 of the Resilient Cyber Newsletter. It’s been quite a week, with actions around tariffs, market reactions, the continued buzz of MCP for Agentic AI tooling, and pre-RSA hype. That said, let’s get to it!
Interested in sponsoring an issue of Resilient Cyber? This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives Reach out below! Cyber Leadership & Market DynamicsWhite Collar Recession?By now, you’ve seen the headlines about tariffs and the market reactions across major media outlets. Like others, I have been digging into the topic, understanding what the potential implications are for my company, the industry I work in, the broader economy, and, of course, my family. That is why I was really glad I stumbled across Citrini Research’s Substack and this collaboration between them and The Last Bear Standing, economic-focused Substacks, both of which I now subscribe to. In this joint piece between the authors, they discuss the Haves vs. Have Nots: Exploring a Wealth-Effect Driven Slowdown. On one hand some have written off the stock market reaction as not being relevant, and in a recent interview, Treasury Secretary Scott Bessent even quipped the stock market metrics, to some extent, are a “MAG-7 problem, not a MAGA problem.”’ However, as Citrini and Last Bear Standing point out in this article, we may be witnessing a government policy-driven recession due to increasing concentration and wealth, but more notably, the fact that the top 10% of earners now account for half of all spending. They point out that tariffs are likely to have more of an impact on low and middle-income consumers than on high-income households. How this ties into the software industry and potentially cybersecurity is when they begin to discuss the potential for an “AI-Powered Recession”, explaining that the rise of LLMs hangs over white-collar employees like a Sword of Damocles. This means that with the economic impacts now reverberating throughout the economy and the Trump administration being more focused on populist narratives and potentially blue-collar workers, there is a path where organizations increasingly lean into LLMs and AI even if it is just “good enough” for now if it offers cost savings and the ability to trim manual human labor from knowledge workers which of course can be incredibly capital intensive. They cross-link to an article titled “The White-Collar Recession 2025”, showing findings such as:
What this increased exposure to AI ramifications means for Cybersecurity still remains to be seen. While we’re certainly among that community of knowledge workers in the economy, and startups, investors, and industry leaders are rapidly exploring the potential for AI across AppSec, SecOps, GRC, and more, we are not to a point yet where many are willing to entirely outsource decision-making, for example, to AI. Due to its non-deterministic nature, ability to hallucinate and other challenges, AI is still in its infancy in terms of widespread adoption in Cybersecurity, specifically without a human-in-the-loop, to take actions on data and decisions. That said, with the rise of Agentic AI and autonomy for agents, this may change in the future as models improve and organizations’ risk tolerances, potentially adjusting to the new reality both technologically and economically. What we do know is that AI is driving a significant impact on company startup valuations, funding rounds, and investments made within the Cybersecurity ecosystem. Thus, it is clear where the focus is for the future of the cybersecurity ecosystem, which heavily involves the potential of AI. This can be seen in the image below from my friend Mike Privette at Return on Security and his “State of the Cybersecurity Market in 2024”: Tensions and Opportunities for Cyber Founders 🤼 There are many things to consider when founding a cybersecurity company. From what to focus on, the founding team, the type of customers to pursue, and much more. Jason Chan and Ross Haleliuk of Venture in Security put together an awesome article discussing some of those key considerations:
Great read for those looking to make the leap into founding a company and those earlier on the journey. Feinberg Initiates Pentagon’s Implementation of DOGE-Influenced Regulatory ReviewAs I have discussed in past issues, one of the key focus areas for the current Trump administration is decreasing the “regulatory burden,” which includes issuing an Executive Order (EO) with this focus. Deputy Secretary of Defense Stephen Feinburg recently issued a new memorandum directing the Pentagon to implement the EO to pare back Federal agency regulations. This article from Defense Scoop sheds light on what that may impact, including potentially the highly polarizing Cybersecurity Maturity Model Certification (CMMC) compliance program. Some argue the program is key to protecting the DoD and Defense Industrial Base (DIB), while others argue that it will harm small businesses and impose significant costs to the firms that can afford it least among the DIB. AI Raises a Big Question, But Legacy Industries Have Already Answered ItThere are a lot of interesting implications for the software industry when it comes to investment, revenue, and profits due to the rise of AI. This article takes a look at the three predominant business models:
Historically, the most profitable software companies have let customers own their data while providing software tools to facilitate various workflows. With the rise of AI and agents, platforms can innovate faster, create further separation between those who create and maintain data and those who rely on it, and make service companies more efficient and effective. The article states companies now need to decide to either build core platforms or outsource undifferentiated services. NSA & CISA Issue Fast Flux National Security Cyber AdvisoryThis past week, the NSA, CISA, and other international cyber partners issued a Cybersecurity Advisory focused on “Fast Flux,” calling it a national security threat targeting ISPs and Cyber Service Providers. This involves malicious cyber actors using techniques to obfuscate their locations and malicious servers by rapidly changing DNS records and creating resilient, highly available C2 infrastructure to conceal their activities. The advisory highlights single and double “flux” techniques, each aimed at concealing their IP address and location, making activities such as incident response and threat hunting increasingly difficult. How LLMs Finally Solve the “Black Box” Problem for Security ProductsOne of the longstanding challenges in security is that many of the products in the ecosystem are considered “black boxes,” or essentially something that we, as customers, have little visibility and understanding of under the hood. Harry Wetherald writes an interesting piece on the role that LLMs can potentially play in solving this problem related to security Products. Harry makes the case that a single call to an LLM definitely lacks full clarity since LLMs are probabilistic by nature and non-deterministic, but when we shift toward agents. This will involve tens of calls to LLMs coupled with chain-of-thought reasoning, the ability to follow the logic of why actions were taken, and the context based on the data involved coupled with the prompts fed to the LLMs. I understand Harry's perspective and somewhat agree with it. However, I think it will get challenging when agents across large enterprise environments quickly outnumber us and organizations struggle to understand what agents are active in the enterprise and what systems and data they’re interacting with, let alone why they carry out the actions they have. This is why I suspect we will see some security vendors capitalize on the rise of Agentic AI with products focused on governance, visibility, and securing the agents and their interactions. AIGoogle Announces Sec-Gemini v1We’ve heard a ton about LLMs and use cases for increased development productivity and AI-driven development. We know attackers leverage AI to be more effective at everything from reconnaissance to exploitation. Why SOCs are Turning to AI AgentsSecOps and the SOC continue to be primary areas where the industry hopes for the potential of AI, LLMs, and Agents. In this piece, Filipstojkovski breaks down why the SOC is looking to turn to AI agents. Steps AI agents can and will help with include:
He also discusses the different types of agents and their role in modernizing the SOC with AI. While there is a lot of promise for AI agents in the SOC, there are also plenty of of challenges ahead too, which Filip lays out, such as:
How to Use GenAI in Cybersecurity OperationsThe exploration of GenAI and LLMs for Cyber continues to unfold across countless cyber niches, such as GRC, AppSec, SecOps, and more. This concise piece from Rafeeq Rehman summarizes some key areas in which GenAI can help in cyber operations. CISO MindMap 2025: What do InfoSec Professionals Really Do?Regarding Refeeq, I meant to share his latest version of the CISO Mindmap. I’ve been able to help contribute to it in the past, along with many other security leaders I highly respect. Trying to concisely capture what CISOs do is no easy task, especially as their responsibilities continue to grow without an end in sight. The mindmap below attempts to do that, covering various key areas, responsibilities, and tasks within those domains. Refeeq’s blog, which discusses the mindmap, walks through key areas seeing growth, such as the need to secure GenAI due to the rapid enterprise adoption we have seen in this area. It also makes some fundamental recommendations to get started, such as standards and governance, inventory, responsible use, and more. GenAI Security 🤖Like everyone else, I’m upskilling in AI security. That’s why I’m really enjoying this awesome new book from Ken Huang, CISSP. As I’ve mentioned before, Ken is one of the leading industry voices on AI security. This book covers excellent topics such as:
It’s definitely worth checking out. Its interesting blend of theory and practice appeals to audiences from both the academic and practitioner communities. MCP and the Future of AI ToolingBy now, it is clear that the Model Context Protocol (MCP) is seeing rapid adoption. Organizations are very excited about Agentic AI and its ability to enable agent-based workflows, leverage tools, and perform autonomous tasks with data and services. They also provided a MCP Market Map: AppSec, Vulnerability Management, and Software Supply ChainCISO Tradecraft - Vulnerability Management, Software Supply Chain and ComplianceI’ve been a longtime listener and fan of the show CISO Tradecraft. If you haven’t checked it out and don’t subscribe, you should! That is why I was excited to join the team and G Mark Hardy for an episode myself. We dove into:
I really enjoyed this wide ranging discussion and hope you do too! Runtime Cloud Security in 2025Cloud Application Detection & Response (CDR) continues to become a growing market category when it comes to the cloud security space. I’ve previously written articles on this topic, such as:
However, this latest piece from James Berthoty of Latio Tech dives deep into the CDR topic, discussing how it addresses the gaps of the current Cloud Native Application Protection Platforms (CNAPP), specifically around applications. In typical James fashion, he put together some great visualizations to go along with the article. For example, below he demonstrates the evolution of these platforms, and how Cloud Application Detection and Response (CADR) addresses areas typically not deeply addressed by CNAPP’s, most notable the application layer. The biggest distinction among CADR tools is that they are purpose-built to address runtime threats to cloud applications. I dove into this in my own interview with Miggo’s founder Daniel Shechter. To make his point, James lays out the MoveIT incident, demonstrating how traditional tools wouldn’t have caught it, but ADR tooling, specifically with eBPF could do so given they could catch both a SQL injection and process creation via a payload. James uses several other example incidents showing a common pattern of:
He states no legacy existing solutions that are siloed can catch this sort of activity and is precisely why we need CADR. In his “Runtime Security Map” you can see some of the vendors orienting around this CADR solution, with some heavily on the cloud focus, others more on the container side, and lastly, some most focused on apps. He closes out with some discussions of what vendors to watch and the fact that CSPM and CNAPP vendors simply don’t have the context and visibility into the application and network/process layers to provide the needed data. This is why we are seeing the rise of CADR vendors. Resilient Cyber w/ Jit - Agentic AI for AppSec is HereIn this episode, we sat down with David Melamed and Shai Horovitz of the Jit team. We discussed Agentic AI for AppSec and how security teams use it to get real work done. We covered a lot of key topics, including:
If you prefer, you can listen below on other platforms: Please be sure to subscribe as well! Oracle Confirms Cloud HackThe majority of cloud security incidents are tied to customers and activities such as misconfigurations. We don't often hear about breaches of hyper-scale CSPs. Oracle originally denied the incident and said there was no breach of Oracle Cloud. However, they now seem to be publicly confirming that their environment and systems were indeed impacted, raising many concerns and questions from customers running workloads on Oracle Cloud. Invite your friends and earn rewardsIf you enjoy Resilient Cyber, share it with your friends and earn rewards when they subscribe. |