TechNadu

Teresa Chen has joined Proofpoint as Senior Director of Product Marketing, leading Alliances, Platform and Vertical Marketing. Full Details: https://lnkd.in/g23RzJZ2 She brings a deep product marketing background that runs through some of the most recognizable names in enterprise tech - VMware, Broadcom, Omnissa, and MobileIron. She's built content strategies, led platform narratives, shaped C-level keynote messaging, and run co-marketing programs with alliance partners across complex, multi-product environments. That's exactly the cross-functional scope her new role demands. The move back into cyber is a deliberate one, and Proofpoint is a meaningful landing spot - connecting partner ecosystem, platform story, and industry solutions at a company that sits at the center of enterprise email and information security. She's already looking to build the team around her, with an Alliances Marketing Director role open. If that's you, her DM is the right place to start. Welcome back to cyber, Teresa - the timing and the fit both look right. #CyberSecJobMoves #TechNadu #ProductMarketing #CyberSecurity #AlliancesMarketing

Bhaskar Chaturvedi has been promoted to Associate Director of Data & AI at Accenture Australia. Full Details: https://lnkd.in/g23RzJZ2 Over eight years inside the same organisation, he's moved from Senior Technical Architect to Enterprise Data Architect and now into this leadership role - a progression built on consistent delivery across cloud data warehousing, big data architecture, and enterprise-scale analytics. Before Accenture, he led the BI and Integration practice at SaasFocus and spent nearly a decade at GlobalLogic mentoring teams of 40+ across Vertica, Hadoop, and data warehouse migrations. This is a career built from the ground up in data engineering, not pivoted into it. The Data & AI space moving fast is an understatement right now - and having someone with this depth of architectural experience helping shape that direction at an enterprise consultancy matters. He gives a warm shoutout to Daniel Biegler and Stacy Pence for their guidance and trust throughout the journey - the kind of leadership that makes promotions like this possible. Well earned across two decades of the craft, Bhaskar - congratulations. #CyberSecJobMoves #TechNadu #DataAndAI #CloudArchitecture #AccentureAustralia

Patrick Johnson has joined Kentik as Strategic Client Executive. Full Details: https://lnkd.in/g23RzJZ2 He comes in with a clear point of view on where enterprise operations are heading - and it's not a rehearsed pitch. The concept of Zero Touch Visibility, which he's been developing with his team, captures something real: critical operational context that automatically reaches the people and systems that need it, rather than being trapped inside tools while teams scramble to correlate data manually after the fact. Network intelligence as operational truth is a compelling frame, and Kentik is well positioned to deliver on it. The inspiration for the phrase came from a familiar name in the industry - his longtime friend John Kindervag, whose Zero Trust framework reshaped how security is architected and communicated. That's a meaningful nod, and a high bar to borrow from. It's Patrick himself who shared this update - a bit late by his own admission, but the thinking behind it makes it worth the wait. Good to be back on the bike, Patrick - the direction you're describing does feel inevitable. #CyberSecJobMoves #TechNadu #NetworkSecurity #ZeroTouchVisibility #CloudOperations

Graham Collier MBA, CISM has joined the Bermuda Monetary Authority as Chief Technology Officer, effective May 15th. Full Article: https://lnkd.in/gk5Dde4J He brings over 17 years across financial technology, cloud platforms, cybersecurity, and digital transformation - most recently as Global Head of SaaS Operations at FlexTrade in London, where he managed large-scale technical infrastructure across international markets. Leading global teams across 40 regions and advising C-suite on digital transformation and risk is a specific kind of experience that regulatory bodies increasingly need as their own technology mandates grow more complex. The BMA is a serious institution - overseeing one of the world's most significant insurance and reinsurance markets - and the technology mandate here is substantive. Enhancing AI capabilities, strengthening cybersecurity frameworks, and leading the next phase of digital transformation for a financial regulator requires someone who understands both the technical depth and the governance weight of that environment. His certifications across AI, security management, and digital business transformation round out a profile built for exactly this. Regulatory technology leadership at this level doesn't get enough attention. Welcome to the role, Graham. #CyberSecJobMoves #TechNadu #CyberSecurity #FinTech #DigitalTransformation

Mike Massing has joined Quantum Secure Encryption Corp as Chief Technology Officer, effective June 1st. Full Article: https://lnkd.in/gk5Dde4J Thirty years in cybersecurity and cryptography is a long runway, and his covers serious ground - founding SecureCom Networks, which was later acquired by SonicWall, scaling the Unified Threat Management business unit at Dell SonicWall to roughly $400M in annual sales, and more recently leading zero-knowledge authentication and secure digital asset systems at TokenX Labs and LifeSite. Eight issued patents in cryptography, networking, and cybersecurity. Work on advanced computing systems tied to NASA's SETI initiatives. This is a genuinely deep technical profile. The timing of the appointment matters. Post-quantum cryptography has moved from theoretical concern to urgent enterprise priority, and QSE is building the infrastructure - migration readiness, entropy systems, identity platforms, decentralized encrypted storage - that organizations will need as that transition accelerates. Putting someone with this specific combination of cryptography depth and enterprise scaling experience in the CTO seat is the right call for this stage. The quantum threat isn't coming. For many organizations, it's already a planning reality. Welcome to the front lines of that work, Michael. #CyberSecJobMoves #TechNadu #PostQuantum #Cryptography #CyberSecurity

Jonathan Berger has joined SonicWall as SVP of Global Channels and Alliances. Full Details: https://lnkd.in/gk5Dde4J The hire has an interesting dynamic - he's coming from BlueAlly, one of SonicWall's largest strategic partners, where he spent nearly six years on the marketing and partner side of the relationship. That's a specific kind of credibility that's hard to manufacture. He hasn't just studied the channel from the vendor side; he's operated inside it, made the business decisions that partners face daily, and experienced firsthand which vendor programs actually move the needle and which ones don't. SonicWall is leaning hard into a platform-centric, channel-first strategy at a moment when partner-driven cybersecurity spending is accelerating fast. Getting someone in the channel chief seat who genuinely understands the MSP and MSSP business from the inside is a logical move. He's not coming in to learn the channel. That's the whole point. Welcome to the other side of the table, Jonathan - this perspective is rare and the timing is right. #CyberSecJobMoves #TechNadu #ChannelSales #CyberSecurity #MSSPGrowth

Nicholas McKenzie, CIO & CISO at Bugcrowd, explains how enterprise security leaders are rethinking bug bounty, researcher trust, and vulnerability management. He says that CISOs are deeply concerned about trust, scope creep, and legal exposure when external researchers test live systems Bug bounty is an amplifier. It amplifies your ability to find vulnerabilities and any dysfunction in your remediation process. 🔶 AI-assisted “slop” submissions are an operational burden, making strong triage capabilities more important than ever. 🔶 Critical bug bounty findings should trigger incident response processes because they represent validated exposures. 🔶 Mature organizations are treating bug bounty, red teaming, and penetration testing as complementary rather than competing approaches. McKenzie warns that poor vulnerability reports slow remediation and create unnecessary guesswork. Read on to discover what McKenzie compares to a sprint, what he calls a marathon, and why mature security programs need both: https://lnkd.in/gw4DhbeD #CyberSecurity #BugBounty #CISO #VulnerabilityManagement #ThreatIntelligence #SecurityLeadership #Bugcrowd #AISlop #IncidentResponse

What happens when a security researcher starts publishing Windows zero-days with working exploit code before patches exist? That's the debate Microsoft is now confronting after a months-long campaign of uncoordinated vulnerability disclosures that has already led to multiple exploited flaws and a public war of words between the company and a pseudonymous researcher. Microsoft's response was unusually direct: releasing proof-of-concept code for unpatched vulnerabilities is "never justifiable" and creates real-world risk for customers. The company also emphasized that its Digital Crimes Unit continues pursuing threat actors and those who enable cybercrime. The backdrop makes the story even more complicated. Three of the six vulnerabilities released so far were reportedly exploited in real-world attacks and have been added to Cybersecurity and Infrastructure Security Agency CISA's Known Exploited Vulnerabilities catalog. Meanwhile, the researcher behind the disclosures claims disputes over bug bounty payments, account actions, and attribution helped fuel the conflict. The incident has also reignited a broader conversation across the security industry. Over the years, several researchers and security firms have publicly criticized major vendors, including Microsoft, over disclosure processes, patch timelines, communication, and researcher recognition. At its core, this isn't just a story about one researcher or one vendor. It's about a question the cybersecurity community continues to wrestle with: when trust breaks down between researchers and software providers, who ultimately pays the price? Where do you stand on the balance between coordinated disclosure and public pressure when critical vulnerabilities are involved? Source: https://lnkd.in/egizD_wi #CyberSecurity #Microsoft #ZeroDay #VulnerabilityDisclosure #InfoSec

The most damaging cyberattacks this week weren't necessarily the ones that succeeded. Some of them failed to get paid... and the data still ended up online. https://lnkd.in/gPyGrcKx This week's cybersecurity roundup highlights a trend security teams know all too well: attackers are increasingly targeting the systems, services, and brands people already trust. A malicious supply chain campaign called TrapDoor poisoned packages across npm, PyPI, and Crates.io, targeting developers and stealing everything from SSH keys to crypto wallet data. At the same time, threat actors abused Adobe infrastructure in a LinkedIn-themed phishing campaign, while another group disguised credential-stealing malware as a legitimate Fortinet security update. Meanwhile, law enforcement scored several wins. Dutch authorities seized more than 800 servers tied to suspected cyberattack infrastructure and arrested a suspect linked to the AFC Ajax data breach. A joint Latvia-Ukraine investigation also dismantled a scam call center that preyed on victims who had already lost money to previous fraud schemes. We also saw major exposures involving 7-Eleven franchise records, Ameriprise Financial, prison communications provider Pay Tel Communications, Inc., and government registry data in Lithuania. One theme connects nearly every story: trust is becoming an attack surface. Whether it's software repositories, security updates, cloud storage, marketing platforms, or identity verification systems, criminals are increasingly hiding behind tools users are taught to trust. Which story stood out most to you this week, and what does it say about where defenders should focus next? #Cybersecurity #ThreatIntelligence #DataBreach #Ransomware #InfoSec

The next phishing page you encounter might not be trying to trick you directly. It might be trying to trick your AI assistant first. New research dubbed "ChatGPhish: The Page Is the Payload" explores how attacker-controlled content embedded in web pages can potentially influence ChatGPT page summaries and appear inside a trusted AI interface. The concept is simple but concerning: a user visits a webpage, asks ChatGPT to summarize it, and attacker-injected content can end up rendered within the assistant's response. Researchers demonstrated scenarios involving phishing links, fake security alerts, QR code-based attacks, and remote image fetching that could potentially expose telemetry such as IP addresses and user-agent information. What makes this especially interesting is the shift in delivery method. Traditional phishing often relies on emails, attachments, or direct messages. In this case, the browser itself becomes the delivery surface. Documentation pages, GitHub repositories, blogs, help articles, and other everyday browsing destinations could theoretically become part of the attack chain if AI-assisted summarization workflows are involved. The researchers argue that the larger challenge isn't just prompt injection. It's the trust users place in AI-generated output when external content is blended into responses without clear separation. As AI assistants become more deeply integrated into browsing and research workflows, where should the line be drawn between retrieved content and trusted assistant output? Have you started adjusting your security assumptions around AI-powered browsing and summarization features? Credit Permiso Security Source: https://lnkd.in/e2PRnRQy #Cybersecurity #AI #PromptInjection #Phishing #SecurityResearch