Lenny Zeltser

@[email protected]
3.4K Followers
268 Following
202 Posts

Builder of security products and programs. Teacher of those who run them.

I'm a cybersecurity executive with deep technical roots, product management experience, and a business mindset. I've built security products and programs from early stage to enterprise scale. I'm also a Faculty Fellow at SANS Institute and the creator of REMnux, a popular Linux toolkit for malware analysis. I share perspectives on security leadership and technology at zeltser.com.

#CISO #CyberSecurity #malware #infosec #fedi22 #searchable

Abouthttps://zeltser.com/about
Bloghttps://zeltser.com/writing
Linkedinhttps://www.linkedin.com/in/lennyzeltser/
Twitterhttps://x.com/lennyzeltser
Lenny Zeltser2d ago

We adapted security governance to SaaS adoption and DevOps velocity. Vibe coding by non-developers is the next comparable shift, and those transitions give us a starting approach, even though the timeline is shorter.

https://zeltser.com/security-governance-vibe-coding

#cybersecurity #infosec #securityleadership #AI

Security Governance at the Speed of Vibe Coding

Employees who've never written code now build production apps using AI, without security review, dependency scanning, or enterprise oversight. The SaaS and DevOps transitions give security teams a starting governance approach for this.

Lenny Zeltser
Lenny Zeltser2d ago
If we implement security measures but our stakeholders don’t feel more secure, have we succeeded? https://zeltser.com/importance-of-feeling-secure
The Importance of Feeling Secure

Security teams that focus only on being secure, without making protections visible, risk losing stakeholder confidence. Nobody trusts what they can't see, whether that's automated defenses, AI-driven tools, or competent but quiet leadership.

Lenny Zeltser
Lenny Zeltser3d ago

Are we winning the fight against cyber attackers? It's the wrong question. Framing the attacker-defender dynamic as a war fuels hype and leads to the wrong investments.

https://zeltser.com/participating-in-the-eternal-cycle-of-cybersecurity

#cybersecurity #infosec

The Eternal Cycle of Cybersecurity

The fight between cyber attackers and defenders resembles an ecological cycle between predator and prey—the goal is equilibrium, not victory. Being complacent is risky because maintaining balance requires constant effort, but defining success as "winning" leads to the wrong investments.

Lenny Zeltser
Lenny Zeltser4d ago

We scope security assessments along organizational lines, but attackers don't stop where one team's budget ends. Gaps open at the boundaries, and AI agents that interpret scope literally make this worse. Following attack logic instead of org charts closes those gaps.

Learn what that involves: https://zeltser.com/security-assessment-scope

#cybersecurity #leadership #pentesting #infosec

Scope Security Assessments for Attack Paths, Not Org Charts

When assessment scope follows organizational lines, gaps open where team boundaries meet and real attackers don't stop. Pulling adjacent teams into the scoping conversation and following attack logic closes those gaps.

Lenny Zeltser
Lenny ZeltserMar 19

Love them or hate them, SOC 2 reports have become table stakes for SaaS deals. But the framework leaves the vendor in control of the system boundary and auditor selection, which means the reports vary drastically in rigor.

I wrote about what that structural gap means for vendors trying to build credible programs and buyers trying to evaluate them:

https://zeltser.com/soc2-checkbox-reality/

#cybersecurity #infosec #SOC2 #riskmanagement #TPRM

Understand the Reality of the SOC 2 Checkbox

SOC 2 standardized security reporting, but it left the vendor in control of the system boundary and auditor selection. Understanding that structural gap helps vendors and buyers get the most value from the framework.

Lenny Zeltser
Lenny ZeltserMar 18

Is a security product company building a true platform or a suite? The distinction clarifies where to invest, how to measure progress, and what competitive advantage to pursue. Here's my guidance for deciding which approach is best, including a look at CrowdStrike, Okta, and Palo Alto Networks.

https://zeltser.com/what-platform-means-cybersecurity

#cybersecurity #productmanagement #infosec #saas

Most Cybersecurity Products Aren't Platforms and It's OK

The test for a genuine platform is whether each new addition makes everything else more valuable, not just whether products share a brand or console. Recognizing which dynamic the architecture supports determines where to invest and what competitive advantage to pursue.

Lenny Zeltser
Lenny ZeltserMar 16

Who'll win this year's RSAC Innovation Sandbox? I scored each finalist's market readiness across 8 dimensions and built detailed profiles using my custom AI framework, so you can see where they stand.

4 companies clustered ahead of the rest. See if you agree:
https://zeltser.com/media/rsac-2026-sandbox

You can use the this approach on your own product strategy with the help of your AI agent and my MCP server:
https://zeltser.com/security-product-strategy-with-ai

#RSAC #RSAC2026 #infosec #cybersecurity #startups #productmanagement

RSAC 2026 Innovation Sandbox: Finalist Analysis - Lenny Zeltser

Transforming security ideas into business outcomes.

Lenny Zeltser
Lenny ZeltserMar 12

My guide for endpoint security startups is out now.

The path between competing against entrenched platforms and becoming a feature they bundle is narrow. The guide walks through the questions that founders, buyers, and investors should answer to tell the difference.

I got to know this space when leading product at Minerva Labs (now part of Rapid7), but much has changed since then.

https://zeltser.com/endpoint-security-startup-questions

#cybersecurity #infosec #startups #productmanagement #endpoint

Competing in Endpoint Security: A Guide for Startups

There are areas where endpoint security startups can build viable, useful products, but those openings shift as adjacent categories converge and incumbents absorb new capabilities. Founders, buyers, and investors need to distinguish a viable product strategy from a feature waiting to be bundled.

Lenny Zeltser
Lenny ZeltserMar 10

My new guidance on building security products for SMBs. I first tackled this market about a decade ago at NCR, but much has changed since, especially the role of MSPs and VARs for go-to-market strategies. A few findings as I revisited this space:

1. Channel concentration is a real risk. SentinelOne disclosed one partner accounting for 20% of total revenue, with a second reaching 10%.

2. Cyber insurance and customer compliance are buying triggers. Some SMBs arrive with a controls checklist from their insurer or customers.

3. AI readiness among MSPs dropped from 90% claimed in 2024 to under 50% for actual deployment in 2025.

4. The top three RMM/PSA platforms hold over 60% of the market, and Kaseya is bundling security into the subscription.

Details at https://zeltser.com/smb-security-product-strategy

#cybersecurity #infosec #productmanagement

Building Security Products for SMBs

Building security products for SMBs differs from enterprise markets in distribution, pricing, and product design. Vendors who merely repackage enterprise solutions at a lower price point struggle, while those who design around the segment's constraints find a large and growing market.

Lenny Zeltser
Lenny ZeltserMar 9

I published a 4-point approach for succeeding as a CISO, based on my experiences building and leading a security program at a high-growth company.

It shows how to focus on the defender's advantage and escape the unending cycle of reacting to vulnerabilities, investigating incidents, and responding to attackers' advances.

https://zeltser.com/ciso-leadership-lessons

#cybersecurity #infosec #CISO #leadership dership

What Being a CISO Taught Me About Security Leadership

A four-point framework to succeeding as a CISO, based on my experiences of building and leading a security program at a high-growth company. It shows how to focus on the defender's advantage and escape the unending cycle of reacting to vulnerabilities, investigating incidents, and responding to attackers' advances.

Lenny Zeltser