Which malware analysis toolkits and frameworks should you consider including in your workflow? Here's my overview:

The new REMnux MCP server connects AI agents to 200+ malware analysis tools on REMnux. I was surprised at the depth of investigation it delivers. Most of my time went into capturing how I approach the analysis and providing guidance to AI at the right time, so it can think and adapt as it works.

What if the CISO's real job is calibrating the right amount of insecurity? Frame the role around that and you become an enabler, not an obstacle. The acronym still works.

I released a free tool to generate animated, annotated replays of text conversations, so you can embed them in articles, training, and docs. For example, it's a nice way to explain influence tactics of a social engineering scam. See it in action:

How to give AI raw incident notes and get a solid draft of an IR report? Now you can point your AI tool at my MCP server for guidance based on proven writing principles. Your data isn't shared with my server; it only provides guidance.

I released a tool for making your website or docs easily available to AI assistants via an MCP server. This helps ensure people's AI tooling can access the latest details at the right time. For instance, this is how REMnux users now can get info about its malware analysis tools.

While cybersecurity and data privacy leaders have distinct expertise, their goals are aligned. Edy Glozman and I discussed how these functions can support each other based on our collaboration at Axonius: zeltser.com/security-pri...

Here are the key trends that cybersecurity leaders should keep in mind for our work in 2025:

Terrible news today about the loss of Amit Yoran. He was a larger than life figure in cybersecurity and we will be lesser without him. May his family and friends find peace.

Happy birthday to the unusual number of my cybersecurity friends who all have January 1st birthdays on Facebook! 🧐🧐🧐

For those going home to visit family this weekend: • Samsung calls it Auto Motion Plus • LG calls it TruMotion • Sony calls it Motionflow • Roku calls it Action Smoothing • Google TV calls it Motion Enhancement • Vizio calls it Smooth Motion Effect.

Just because you’re good at a job doesn’t mean you’ll necessarily be equally good as the manager of people doing that job.

You can keep up to date on which AI search companies haven’t bent the knee to Amazon pretty easily via their robots.txt:

PyPI adds digital attestations to bolster Python package security. #Python #PyPI #Security

woot woot, we just got @huntress.com up. keep an eye out for new content there! 🥳🎉

I’ve created a Starter Pack around cyber threat intelligence to make it easier to find that community here on Bluesky. Let me know of folks I missed, as I’m sure there are many! go.bsky.app/TxQYHap

Security teams' visibility allows us to help the company lower expenses while also decreasing risk. Reducing costs associated with unneeded user accounts and apps, for example, is another way for security leaders to add value:

I am the greatest Prompt Engineer in the world.

How long until adventurous skiers replace their ski goggles with Apple Vision Pro?

Kvetching about bad business and security practices is therapeutic, so I wrote this: Withholding SSO from customers is bad for business and security. https://zeltser.com/witholding-sso/

We ran an editorial at Scientific American about the overwhelming evidence that school should start later. A teacher got his students to write to us & the school! changed! its! schedule!!! https://www.scientificamerican.com/article/high-school-students-need-more-sleep-and-later-school-start-times/

I’m new here.