RedLegg

We’re excited to welcome Donovan Davis to the team as a Security Analyst! Based in Orlando, Florida, Donovan is a cybersecurity professional with a strong focus on Cloud Security, SOC Operations, and Threat Detection. His expertise spans Azure security, Microsoft Sentinel (SIEM), Active Directory, firewalls, vulnerability management, and incident response, bringing valuable technical depth to our security operations. Outside of work, Donovan enjoys exploring new foods and restaurants, watching anime, and traveling. He’s always open to recommendations for places to visit or shows to check out. We’re glad to have Donovan on board and look forward to the impact he’ll make as part of our team!

The full recording of our Nine Pillars of Practical Paranoia workshop is now live on YouTube! If you’ve been following the clips from the session, this is your chance to dive into the complete walkthrough with Chris Young , including every story, lesson, and practical takeaway on how to strengthen your security fundamentals. From patching and access governance to automation and resilience, this workshop breaks down the principles that still matter most today. 📺 Watch the full recording on our YouTube channel: 👉 https://hubs.li/Q03V8zg-0 And make sure to subscribe, more sessions and deep dives are on the way. #CyberSecurity #RedLegg #SecurityWorkshop #InfoSec #NinePillars #DevSecOps #CyberResilience

🔓 During a recent test, one reused password gave us access to multiple accounts, even after the client thought they’d fixed the issue. Password reuse is one of the simplest mistakes attackers exploit. Pen testing helps you catch them before someone else does. 👉 https://hubs.li/Q03RZ2hT0 #CyberSecurity #PenTesting #RedLegg #PasswordSecurity #RiskReduction

Security Bulletin:Oracle Identity Manager Authentication Bypass Vulnerability – OIM (CVE-2025-61757) contains a critical flaw in the REST WebServices component that allows unauthenticated attackers to bypass URI filtering logic and access sensitive functions. CVSS 9.8. This vulnerability is being actively exploited and has been added to CISA’s Known Exploited Vulnerabilities catalog. Administrators should immediately apply Oracle’s October 2025 CPU patch, restrict access to REST WebServices endpoints, and validate that updated versions of OIM are in operation. Firewall segmentation, reverse proxies, and zero-trust access controls are strongly recommended. #ThreatIntel #RedLeggCTI #Oracle #CVE202561757 https://hubs.li/Q03VJljb0

Most breaches don’t come from sophisticated attacks; they come from the basics we skip. As Chris Young explains in The Nine Pillars of Practical Paranoia workshop, “𝗣𝗮𝘁𝗰𝗵 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂 𝗶𝗻𝘀𝘁𝗮𝗹𝗹” remains one of the most overlooked yet powerful defenses. Manual patching doesn’t scale, but automation does, and failing to 𝗽𝗮𝘁𝗰𝗵 𝗶𝘀 𝘀𝘁𝗶𝗹𝗹 𝘁𝗵𝗲 #𝟭 𝗰𝗮𝘂𝘀𝗲 𝗼𝗳 𝗶𝗻𝗰𝗶𝗱𝗲𝗻𝘁𝘀. It’s not about perfection. It’s about consistency. 🔗 Explore how RedLegg strengthens your foundation through Managed Security Services: https://hubs.li/Q03VDpjZ0

Security leaders are rethinking what “good” actually looks like today. During our recent CISO Roundtable, one theme kept surfacing: the gap between what security programs are designed to do… and what really happens in day-to-day operations. Teams have more tools, more telemetry, and more automation than ever, yet exposures still slip through unnoticed. Why? Because the challenges holding organizations back aren’t just technical. They’re strategic, operational, and sometimes cultural. This carousel zooms in on the patterns CISOs are seeing behind the scenes, the friction points, blind spots, and shifts that are reshaping how organizations approach exposure management. 👇 Check out the full breakdown below #CyberSecurity #CISO #CTEM #ExposureManagement #RedLegg

Security Bulletin:Fortinet FortiWeb OS Command Injection Vulnerability – FortiWeb (CVE-2025-58034) allows authenticated attackers to execute unauthorized OS commands through crafted HTTP/HTTPS requests. CVSS 7.2. This vulnerability is confirmed to be actively exploited in the wild, enabling attackers to run system-level commands, alter configurations, and establish persistence on compromised appliances. Admins should upgrade to the fixed FortiWeb firmware versions published in Fortinet’s PSIRT advisory, restrict management access to trusted IPs, audit logs for suspicious requests, and block public access to management interfaces. #ThreatIntel #RedLeggCTI #Fortinet #FortiWeb #CVE202558034 #CyberSecurity #Exploit https://hubs.li/Q03V7K6C0

Compliance ≠ Security. Some organizations weigh whether it’s cheaper to fix a vulnerability… or just pay the fine. That’s a compliance mindset, not a security one. Security-driven orgs take it further: ✔️ They treat compliance as the floor, not the ceiling. ✔️ They proactively test their defenses with real-world attack simulations, not just checklists. ✔️ They align business goals with technical risk to build lasting resilience. 💬 Compliance keeps you out of trouble. Security keeps you in business. See how RedLegg’s manual, expert-led penetration testing helps uncover the gaps compliance might miss: https://hubs.li/Q03TlYxf0 #PenetrationTesting #CyberSecurity #Compliance #SecurityLeadership #RedLegg

𝗥𝗲𝗺𝗶𝗻𝗱𝗲𝗿: 𝗢𝘂𝗿 𝗛𝗜𝗣𝗔𝗔 𝟮𝟬𝟮𝟱 𝘀𝗲𝘀𝘀𝗶𝗼𝗻 𝘀𝘁𝗮𝗿𝘁𝘀 𝘁𝗼𝗱𝗮𝘆 𝗮𝘁 𝟭:𝟬𝟬 𝗣𝗠 𝗖𝗧𝗦. We’ll break down the proposed rule changes and what teams can do now to prepare. Join the discussion 👇 https://lnkd.in/eX-Xpxe4

Even the most established companies can fail when fundamentals are ignored. In this clip from The Nine Pillars of Practical Paranoia workshop, Chris Young breaks down a real-world breach that exposed how outdated systems, poor oversight, and weak governance can multiply risk. No complex exploit. No advanced attacker. Just preventable missteps at every level, from IT to leadership. At RedLegg, we help organizations strengthen visibility, governance, and communication between operations and security, so small mistakes don’t become big headlines. 🔗 Learn more about RedLegg’s Advisory Services: https://hubs.li/Q03TGkQh0 #CyberSecurity #InfoSec #RedLegg #Governance #RiskManagement #SecurityLeadership