We're back and ready to rock at the Black Hat Masterclass in May for a 1-day virtual Insider Threat training and then at #BHUSA in-person with the 2026 editions of both our Hacking Enterprises and Defending Enterprises trainings.

Join us to attack, defend, or both!

https://in.security/events/

CFTs for both @BlackHatEvents #BHUSA and @owasp Global AppSec EU (Vienna) are now open and close in early December!

Thinking of submitting? Check out my blog series for @BounceSecurity "So you want to train at Black Hat (or other conferences)?"

https://www.bouncesecurity.com/blog/2025/01/21/so-you-want-to-train-at-black-hat-introduction

Part Three of the Black Hat USA set on Wednesday morning is now up on #mixcloud

#nerdshow #BHUSA

https://www.mixcloud.com/NerdShow/bla/

The first hour of the #BHUSA set on Wednesday is now up on Mixcloud

https://www.mixcloud.com/NerdShow/black-hat-usa-2025-wednesday-part-1/

Our August Newsletter 🗞️ is now live featuring #CyberCanon Hall of Fame winners, candidates, and cyber author-focused recaps from #BlackHat and #defcon.

Definitely worth taking a peek 👉 https://tinyurl.com/canon-aug25-nl

#CyberSecurityBooks #CyberCanonHoF #HackerSummerCamp #BHUSA

Amazing work by Hayato KIMURA for his #bhusa presentation on hacking #Nostr:

https://crypto-sec-n.github.io/

@blackhatevents

Several people were arrested during an undercover operation targeting child sex predators in Nevada. One of them is Tom Alexandrovich, who turns out to be the Executive Director of the Israel Cyber Directorate. The child predator was released.

I believe the security community must denounce this person and be banned from the conferences, including BlackHat and DefCon.

fr0gger since, unfortunately, you are in the picture with this person (LinkedIn account of him was deleted already), and you have a good reputation within our community, would be super cool if you'd take a lead and get in touch with the BlackHat/DefCon organizers.

Link to news: https://www.msn.com/en-us/tv/news/israeli-official-arrested-in-nevada-child-sex-operation-is-released-and-back-in-israel/ar-AA1KCpah

#BlackHat #BHUSA #BlackHatUSA2025 #Cybersecurity #ThreatIntelligence #DefCon #Israel #DEFCON33 #TomAlexandrovich

🎯 FINAL POST FROM THE FLOOR: #BlackHatUSA 2025 Coverage!

Access Roulette: How to Stop Betting Your Security on Standing Privileges

This wraps up our on-location content from Las Vegas!

Next week we'll reconnect with our main event sponsors— BLACKCLOAK, Dropzone AI, Stellar Cyber, and Akamai Technologies—to bring you their post-event insights and feedback. Of course ThreatLocker's recap was already captured on the floor and published earlier today. Plus, watch for our closing reflection articles from me Marco Ciappelli and Sean Martin, CISSP!

Our final floor conversation comes thanks to our friends at Apono 🙏

Modern enterprises are gambling with security every day. Static permissions, manual approvals, and periodic audits create "privilege creep" that turns every over-privileged account into a potential breach waiting to happen.

At #BlackHat USA 2025, Ofir Stein from #Apono reveals how to break this dangerous cycle.

The stakes keep rising:
• Non-human identities (service accounts, #APIs, #AIagents) retain high-level privileges long after tasks complete
• Organizations discover risks during audits but lack scalable remediation
• #Business teams need rapid access while security teams battle expanding #attacksurfaces

Apono's Zero Standing Privilege model:
• Removes ALL permanent access by default
• Grants access dynamically based on business context
• Automatically revokes permissions when tasks complete
• Works for both human AND non-human identities
• Integrates with existing #identity providers—no rip and replace

Key capabilities:
• Context-based policy management aligned with business objectives
• Continuous discovery of identities, privileges
• Automated remediation of unnecessary privileges
• Real-time anomaly detection feeding #SOC workflows
• Scalable across centralized and decentralized environments

The result?
Engineers gain control over their access (building trust), security teams maintain tight governance, and organizations can finally stop betting their security on standing privileges.

📺 Watch the video: https://youtu.be/ciBsH84PVQU

🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/access-roulette-how-to-stop-betting-your-security-on-standing-privileges-a-brand-story-with-ofir-stein-cto-and-co-founder-of-apono-a-black-hat-usa-2025-conference-on-location-brand-story-HD5Uq_kf

📖 Read the blog: https://www.itspmagazine.com/their-stories/access-roulette-how-to-stop-betting-your-security-on-standing-privileges-a-brand-story-with-ofir-stein-cto-and-co-founder-of-apono-a-black-hat-usa-2025-conference-on-location-brand-story

➤ Learn more about Apono: https://itspm.ag/apono-1034

✦ Catch more stories from Apono: https://www.itspmagazine.com/directory/apono

🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25

#Cybersecurity #IdentityManagement #ZeroTrust #AccessControl #BlackHatUSA #BHUSA25 #PrivilegeManagement #IAM #SecurityAutomation #NonHumanIdentities

🎯 WRAPPING UP: #BlackHat USA 2025 Coverage Nearly Complete!
With nearly all our on-location content from Las Vegas now published, we're excited to share this recap story.

Stay tuned for the closing reflections (Newsletter Articles and Audio version) from Marco Ciappelli and Sean Martin, CISSP coming soon!

🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to catch those final insights when they drop!

This is an event recap from the expo floor with our friends at ThreatLocker 🙏

#ThreatLocker Unveils Configuration Defense & Achieves #FedRAMP Status at #BlackHat2025

#Zerotrust evolved from theory to practical business solution at Black Hat 2025, as Kieran Human from ThreatLocker revealed game-changing announcements that address real-world security challenges.

The standout:
Defense Against Configuration (#DAC)—a monitoring tool that solves a critical zero trust gap. Organizations invest heavily in security but often leave systems vulnerable through poor configuration management. DAC changes this by:
• Continuously monitoring configurations and alerting to potential issues
• Mapping findings to compliance frameworks including Essential 8
• Providing weekly executive reports to ensure oversight
• Preventing the "overly permissive rules" that compromise security

ThreatLocker's "denied by default, allowed by exception" approach fundamentally differs from traditional EDR solutions. With 10,000+ built-in application profiles and learning mode capabilities, deployment no longer means business disruption.

Major milestone:
FedRAMP certification opens government sector opportunities, answering strong customer demand from highly regulated environments that previously couldn't adopt their zero trust capabilities.

Real impact:
One customer reported preventing THREE breaches after implementing ThreatLocker's solution—proving that properly implemented zero trust delivers measurable security improvements.

The key insight? Security must enable business, not hinder it. ThreatLocker's least privilege implementation focuses on meeting business requirements with minimal necessary permissions—protecting assets without hampering productivity.

📺 Watch the video: https://youtu.be/AN5k5-aBwWc

🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/event-recap-kieran-human-at-black-hat-usa-2025-threatlocker-unveils-configuration-defense-achieves-fedramp-status-more-brand-story-with-threatlocker-from-black-hat-usa-2025

📖 Read the blog: https://www.itspmagazine.com/their-stories/event-recap-kieran-human-at-black-hat-usa-2025-threatlocker-unveils-configuration-defense-achieves-fedramp-status-more

➤ Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974

✦ Catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlocker

🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25

#Cybersecurity #BlackHatUSA #BHUSA25 #Compliance #SecurityAutomation #GovTech

Take a look back at Claroty's presence last week at 🎩 Black Hat USA 2025 in Las Vegas. We had such an awesome time and look forward to next year!

With the right cyber-physical security measures, commitment, budgets and partnerships in place, human safety, business continuity, operational uptime, consumer trust – and life itself – goes uninterrupted.

Are you ready for Life, uninterrupted? https://claroty.com/life-uninterrupted

#LifeUninterrupted #BHUSA #BlackHatUSA #LifeAtClaroty #BlackHat2025 #BlackHat #BlackHatUSA2025 #BHUSA25 #Claroty