We told employees to "be suspicious" of links they needed for work. Now we're adding "be careful with AI" to the awareness curriculum. Teaching when to escalate works better than teaching what to fear. https://zeltser.com/ai-influence-awareness-training

When designing security products, how to best accommodate human and AI user personas? Now's the time for product builders to adjust their approach: https://zeltser.com/designing-for-humans-and-ai

When an AI tool recommends an action and an employee carries it out, audit logs capture a legitimate human decision. The AI's role disappears. Addressing that blind spot takes more than awareness training. https://zeltser.com/ai-influence-awareness-training

A security product becomes harder to displace when each persona finds value in their own view, from SOC analysts to execs to AI agents. Designing for all of them is a stronger advantage than a longer feature list. https://zeltser.com/designing-for-humans-and-ai

We invest hours analyzing a security risk, and that effort makes us overvalue the recommendation. An executive who hasn't shared that analysis weighs the same risk differently, and they might be right. https://zeltser.com/rejected-security-recommendations

Are we winning the fight against cyber attackers? It's the wrong question. Framing the attacker-defender dynamic as a war fuels hype and leads to the wrong investments.

We scope security assessments along organizational lines, but attackers don't stop where one team's budget ends. Following attack logic instead of org charts closes the gaps.

Love them or hate them, SOC 2 reports have become table stakes for SaaS deals. But the framework leaves the vendor in control of the system boundary and auditor selection, which means the reports vary drastically in rigor.

Is a security product company building a true platform or a suite? The distinction clarifies where to invest, how to measure progress, and what competitive advantage to pursue. Here's my guidance for deciding which approach is best, including a look at CrowdStrike, Okta, and Palo Alto Networks.

Who'll win this year's RSAC Innovation Sandbox? I used my custom AI framework to score each finalist's market readiness across 8 dimensions and built detailed profiles. 4 companies clustered clearly ahead. See if you agree:

My guide for endpoint security startups is out now. The path between competing against entrenched platforms and becoming a feature they bundle is narrow. I got to know this space at Minerva Labs (now part of Rapid7), but much has changed since then.

My new guide on building security products for SMBs. The go-to-market has shifted heavily toward MSPs and VARs, channel concentration creates real dependency risk, and AI readiness among MSPs is lower than the hype suggests.

I published a 4-point approach for succeeding as a CISO, based on my experiences building and leading a security program at a high-growth company. It shows how to focus on the defender's advantage and escape the unending cycle of reacting to vulnerabilities and responding to attackers' advances:

Good tech alone doesn't make a successful security product. I created a guide covering the strategic questions founders and product managers should answer early, drawing on my experience as both a CISO and a product manager.

Security leaders are often trapped in endless assessments and opinion-giving without driving actual change. Staying busy with spreadsheets, dashboards, and emails doesn't move the organization forward. Here's how we can break out of the "Chief Opinion Officer" mode:

REMnux v8 brings AI integration to the Linux malware analysis toolkit 📖 Read more: www.helpnetsecurity.com/2026/02/17/r... #cybersecurity #cybersecuritynews #Linux #malwareanalysis #opensource @lennyzeltser.com

Which malware analysis toolkits and frameworks should you consider including in your workflow? Here's my overview:

The new REMnux MCP server connects AI agents to 200+ malware analysis tools on REMnux. I was surprised at the depth of investigation it delivers. Most of my time went into capturing how I approach the analysis and providing guidance to AI at the right time, so it can think and adapt as it works.

What if the CISO's real job is calibrating the right amount of insecurity? Frame the role around that and you become an enabler, not an obstacle. The acronym still works.

I released a free tool to generate animated, annotated replays of text conversations, so you can embed them in articles, training, and docs. For example, it's a nice way to explain influence tactics of a social engineering scam. See it in action:

How to give AI raw incident notes and get a solid draft of an IR report? Now you can point your AI tool at my MCP server for guidance based on proven writing principles. Your data isn't shared with my server; it only provides guidance.

I released a tool for making your website or docs easily available to AI assistants via an MCP server. This helps ensure people's AI tooling can access the latest details at the right time. For instance, this is how REMnux users now can get info about its malware analysis tools.

While cybersecurity and data privacy leaders have distinct expertise, their goals are aligned. Edy Glozman and I discussed how these functions can support each other based on our collaboration at Axonius: zeltser.com/security-pri...

Here are the key trends that cybersecurity leaders should keep in mind for our work in 2025:

Terrible news today about the loss of Amit Yoran. He was a larger than life figure in cybersecurity and we will be lesser without him. May his family and friends find peace.

Happy birthday to the unusual number of my cybersecurity friends who all have January 1st birthdays on Facebook! 🧐🧐🧐

For those going home to visit family this weekend: • Samsung calls it Auto Motion Plus • LG calls it TruMotion • Sony calls it Motionflow • Roku calls it Action Smoothing • Google TV calls it Motion Enhancement • Vizio calls it Smooth Motion Effect.

Just because you’re good at a job doesn’t mean you’ll necessarily be equally good as the manager of people doing that job.

You can keep up to date on which AI search companies haven’t bent the knee to Amazon pretty easily via their robots.txt:

PyPI adds digital attestations to bolster Python package security. #Python #PyPI #Security

woot woot, we just got @huntress.com up. keep an eye out for new content there! 🥳🎉

I’ve created a Starter Pack around cyber threat intelligence to make it easier to find that community here on Bluesky. Let me know of folks I missed, as I’m sure there are many! go.bsky.app/TxQYHap

Security teams' visibility allows us to help the company lower expenses while also decreasing risk. Reducing costs associated with unneeded user accounts and apps, for example, is another way for security leaders to add value:

I am the greatest Prompt Engineer in the world.

How long until adventurous skiers replace their ski goggles with Apple Vision Pro?

Kvetching about bad business and security practices is therapeutic, so I wrote this: Withholding SSO from customers is bad for business and security. https://zeltser.com/witholding-sso/

We ran an editorial at Scientific American about the overwhelming evidence that school should start later. A teacher got his students to write to us & the school! changed! its! schedule!!! https://www.scientificamerican.com/article/high-school-students-need-more-sleep-and-later-school-start-times/

I’m new here.