Institute for Security and Technology
@istorg.bsky.social
We are the 501(c)(3) critical action think tank that unites technology and policy leaders to create solutions to emerging security challenges.
https://securityandtechnology.org/
https://securityandtechnology.org/
Pinned
As tech evolves across the world, so do #cyber threats. This #CybersecurityAwarenessMonth, IST will share practical resources, novel research & critical insights to help individuals, orgs & communities strengthen their #cybersecurity practices. The NCA’s #Core4 highlights tips to #StaySafeOnline.
In 2025, the Atlas Award for U.S. Domestic Policy Impact went to Lauren Zabierek, Jack Cable & Bob Lord, alongside Jim Richberg & Taylor Roberts, for making #SecurebyDesign a reality while at CISA. Nominations for the third annual Cyber Policy Awards™ are open to the cyber community!
🏆 Learn more:
🏆 Learn more:
Cyber Policy Awards Nominations
Please click the link to complete this form.
form.jotform.com
November 21, 2025 at 9:58 PM
In 2025, the Atlas Award for U.S. Domestic Policy Impact went to Lauren Zabierek, Jack Cable & Bob Lord, alongside Jim Richberg & Taylor Roberts, for making #SecurebyDesign a reality while at CISA. Nominations for the third annual Cyber Policy Awards™ are open to the cyber community!
🏆 Learn more:
🏆 Learn more:
IST Adjunct @brysonbort.bsky.social was honored as a @washingtonian.com 2025 Tech Titan last month! As co-founder of ICS Village, Scythe CEO, IST Adjunct & @hacktheplant.bsky.social host Bryson is dedicated to promoting lifeline infrastructure security. Congrats Bryson!
🛡️ Learn more: bit.ly/43CWKkR
🛡️ Learn more: bit.ly/43CWKkR
November 19, 2025 at 5:49 PM
IST Adjunct @brysonbort.bsky.social was honored as a @washingtonian.com 2025 Tech Titan last month! As co-founder of ICS Village, Scythe CEO, IST Adjunct & @hacktheplant.bsky.social host Bryson is dedicated to promoting lifeline infrastructure security. Congrats Bryson!
🛡️ Learn more: bit.ly/43CWKkR
🛡️ Learn more: bit.ly/43CWKkR
IST's Brandon Cortino spent the last year as a fellow in the @csis.org FACE cohort, which aims to train the next generation of arms control negotiators. For the #NatSpecs blog, Brandon shares lessons learned from his study of the 2002 Moscow Treaty signed by Presidents Bush and Putin.
🌐 Read more:
🌐 Read more:
Negotiating Stability: Reflections on CSIS’ Future Arms Control Experts (FACE) Program
IST Senior Associate for Nuclear Policy Brandon Cortino spent the last year as a fellow in the Center for Strategic and International Studies FACE cohort, which aims to train the next generation of ar...
securityandtechnology.org
November 18, 2025 at 8:19 PM
The original Blueprint for Ransomware Defense aligned its curated subset of CIS Security Controls to NIST's Cybersecurity Framework 1.0. IST’s Michael Klein spoke to Inside Cybersecurity on remapping the Blueprint to CSF 2.0 and a new core function: Govern.
🛡️ Learn more: bit.ly/3LJJ55r
🛡️ Learn more: bit.ly/3LJJ55r
November 18, 2025 at 5:47 PM
The original Blueprint for Ransomware Defense aligned its curated subset of CIS Security Controls to NIST's Cybersecurity Framework 1.0. IST’s Michael Klein spoke to Inside Cybersecurity on remapping the Blueprint to CSF 2.0 and a new core function: Govern.
🛡️ Learn more: bit.ly/3LJJ55r
🛡️ Learn more: bit.ly/3LJJ55r
IST hosted international security expert & author Ankit Panda for a fireside chat with IST CEO Philip Reiner to discuss his latest book on the nuclear age and the need for political & technical solutions for emerging tech. IST’s Catherine Murphy recaps the event for the #NatSpecs blog.
🛡️ Learn more:
🛡️ Learn more:
The New Nuclear Age: At the Precipice of Armageddon – IST Hosts Book Talk with Author Ankit Panda
IST’s Nuclear Policy team hosted international security expert and author Ankit Panda in Palo Alto to learn more about his latest book unpacking the trilateral nuclear competition between the United S...
securityandtechnology.org
November 17, 2025 at 10:15 PM
IST hosted international security expert & author Ankit Panda for a fireside chat with IST CEO Philip Reiner to discuss his latest book on the nuclear age and the need for political & technical solutions for emerging tech. IST’s Catherine Murphy recaps the event for the #NatSpecs blog.
🛡️ Learn more:
🛡️ Learn more:
For #CybersecurityAwarenessMonth, our social channels featured practical resources, novel research, and critical insights from IST’s cadre of experts. Compiled for the #NatSpecs blog, these resources showcase IST’s work in the fields of #ransomware, #AI, #cyber & more.
🛡️ Learn more: bit.ly/4i12g6C
🛡️ Learn more: bit.ly/4i12g6C
November 17, 2025 at 5:18 PM
For #CybersecurityAwarenessMonth, our social channels featured practical resources, novel research, and critical insights from IST’s cadre of experts. Compiled for the #NatSpecs blog, these resources showcase IST’s work in the fields of #ransomware, #AI, #cyber & more.
🛡️ Learn more: bit.ly/4i12g6C
🛡️ Learn more: bit.ly/4i12g6C
IST joined the CRI in Singapore last month to share research, build capacity & reaffirm our collective commitment to addressing #ransomware on a global scale. IST's Elizabeth Vish spoke to Inside Cybersecurity on the annual summit.
🛡️ Read the interview: insidecybersecurity.com/daily-news/i...
🛡️ Read the interview: insidecybersecurity.com/daily-news/i...
November 14, 2025 at 10:08 PM
IST joined the CRI in Singapore last month to share research, build capacity & reaffirm our collective commitment to addressing #ransomware on a global scale. IST's Elizabeth Vish spoke to Inside Cybersecurity on the annual summit.
🛡️ Read the interview: insidecybersecurity.com/daily-news/i...
🛡️ Read the interview: insidecybersecurity.com/daily-news/i...
Nominations are now open for the 3rd Annual #CyberPolicyAwards! The Awards recognize those who've driven meaningful progress in domestic & international policy, research, journalism, and more. Submit your noms & join us in D.C. in February!
🏆 Nominations close 12/5: form.jotform.com/252225026250...
🏆 Nominations close 12/5: form.jotform.com/252225026250...
November 13, 2025 at 10:30 PM
Nominations are now open for the 3rd Annual #CyberPolicyAwards! The Awards recognize those who've driven meaningful progress in domestic & international policy, research, journalism, and more. Submit your noms & join us in D.C. in February!
🏆 Nominations close 12/5: form.jotform.com/252225026250...
🏆 Nominations close 12/5: form.jotform.com/252225026250...
#Ransomware attacks have plagued the U.K. this year, but in its first year the independent Cyber Monitoring Centre is providing transparent, impartial incident assessments. IST SVP Nicholas Leiserson unpacks the program & calls on global policymakers to franchise the model.
🛡️ Learn more:
🛡️ Learn more:
A Category Three Cyber Hurricane: Classifying the JLR Hack
Ransomware attacks have plagued the UK this year. But in its first year, the independent Cyber Monitoring Centre is providing transparent, impartial incident assessments, modeled on natural disaster s...
securityandtechnology.org
November 12, 2025 at 8:34 PM
#Ransomware attacks have plagued the U.K. this year, but in its first year the independent Cyber Monitoring Centre is providing transparent, impartial incident assessments. IST SVP Nicholas Leiserson unpacks the program & calls on global policymakers to franchise the model.
🛡️ Learn more:
🛡️ Learn more:
IST's Lauren Zabiernik joined the Cyber Wire Data Security Decoded podcast to discuss her work on driving momentum in #SecurebyDesign. “Having more secure software is not a technical impossibility," she told host Caleb Tolin.
🎙️ Listen now:
🎙️ Listen now:
Secure by Design, Secure by Default, Secure by Demand
Host Caleb Tolin is joined by guest Lauren Zabierek, Senior Vice President for the Future of Digital Security at the Institute for Security and Technology. A former CISA leader and long-time national security professional, Lauren unpacks the principles of Secure by Design, Secure by Default, and Secure by Demand and how these frameworks are reshaping the software supply chain.Why security must be a business decision led by executives rather than a technical afterthought.
thecyberwire.com
November 12, 2025 at 6:07 PM
IST's Lauren Zabiernik joined the Cyber Wire Data Security Decoded podcast to discuss her work on driving momentum in #SecurebyDesign. “Having more secure software is not a technical impossibility," she told host Caleb Tolin.
🎙️ Listen now:
🎙️ Listen now:
In advance of the Third Annual Cyber Policy Awards™ on Feb. 5, 2026, the organizing committee is pleased to announce three new additions to our independent panel of distinguished judges: Tom Fanning, Dr. Susan Landau, and Ciaran Martin, CB.
🏆 Learn more: securityandtechnology.org/blog/announc...
🏆 Learn more: securityandtechnology.org/blog/announc...
November 10, 2025 at 7:03 PM
In advance of the Third Annual Cyber Policy Awards™ on Feb. 5, 2026, the organizing committee is pleased to announce three new additions to our independent panel of distinguished judges: Tom Fanning, Dr. Susan Landau, and Ciaran Martin, CB.
🏆 Learn more: securityandtechnology.org/blog/announc...
🏆 Learn more: securityandtechnology.org/blog/announc...
Reposted by Institute for Security and Technology
CVE has quietly underpinned global cybersecurity for 26 years—tracking vulnerabilities across systems we all depend on.
But on the Cyber Focus podcast @istorg.bsky.social's Nick Leiserson says that foundation is cracking.
Find us on Spotify, Apple, or YT
youtu.be/jYXxlDWF7hw
#Cybersecurity #CVE
But on the Cyber Focus podcast @istorg.bsky.social's Nick Leiserson says that foundation is cracking.
Find us on Spotify, Apple, or YT
youtu.be/jYXxlDWF7hw
#Cybersecurity #CVE
November 5, 2025 at 3:15 PM
CVE has quietly underpinned global cybersecurity for 26 years—tracking vulnerabilities across systems we all depend on.
But on the Cyber Focus podcast @istorg.bsky.social's Nick Leiserson says that foundation is cracking.
Find us on Spotify, Apple, or YT
youtu.be/jYXxlDWF7hw
#Cybersecurity #CVE
But on the Cyber Focus podcast @istorg.bsky.social's Nick Leiserson says that foundation is cracking.
Find us on Spotify, Apple, or YT
youtu.be/jYXxlDWF7hw
#Cybersecurity #CVE
The #RansomwareTaskForce developed the Blueprint for Ransomware Defense to provide SMEs with an actionable cyber framework, aligning with NIST's Cybersecurity Framework 1.0 & using the CIS Controls. Today IST remaps the Blueprint to NIST Cybersecurity Framework 2.0.
🛡️ Learn more: bit.ly/480PHEZ
🛡️ Learn more: bit.ly/480PHEZ
November 7, 2025 at 6:42 PM
The #RansomwareTaskForce developed the Blueprint for Ransomware Defense to provide SMEs with an actionable cyber framework, aligning with NIST's Cybersecurity Framework 1.0 & using the CIS Controls. Today IST remaps the Blueprint to NIST Cybersecurity Framework 2.0.
🛡️ Learn more: bit.ly/480PHEZ
🛡️ Learn more: bit.ly/480PHEZ
The Common Vulnerabilities and Exposures program is “taken for granted,” IST SVP Nicholas Leiserson told McCrary Institute Director Frank Cillufo on the #CyberFocus podcast.
🛡️ Listen to the full discussion:
🛡️ Listen to the full discussion:
Cyber Focus S2E44 - CVE at a Crossroads: Global Standards, Local Failures, and What Comes Next with Nick Leiserson
Cybersecurity veteran Nick Leiserson joins Cyber Focus this week to break down critical governance gaps in the Common Vulnerabilities and Exposures (CVE) system and what’s at stake if they’re not fixe...
mccraryinstitute.com
November 6, 2025 at 7:22 PM
The Common Vulnerabilities and Exposures program is “taken for granted,” IST SVP Nicholas Leiserson told McCrary Institute Director Frank Cillufo on the #CyberFocus podcast.
🛡️ Listen to the full discussion:
🛡️ Listen to the full discussion:
Reposted by Institute for Security and Technology
Deep-tech hardware—advanced semiconductors, batteries, quantum computers—faces a systematic financing gap. U.S. companies can access the capital for innovation, but struggle to scale and deploy. @istorg.bsky.social proposes ways to close this missing middle: securityandtechnology.org/virtual-libr...
The Missing Middle: How to Close America’s Deep-Tech Financing Gap in Strategic Competition with China
The United States and China are locked in competition to finance & deploy foundational technologies that will underwrite economic leadership and ensure national security for decades to come. Building ...
securityandtechnology.org
November 5, 2025 at 7:52 PM
Deep-tech hardware—advanced semiconductors, batteries, quantum computers—faces a systematic financing gap. U.S. companies can access the capital for innovation, but struggle to scale and deploy. @istorg.bsky.social proposes ways to close this missing middle: securityandtechnology.org/virtual-libr...
“Cyber terrorism is not what’s keeping us up at night. It’s cyber criminals and adversary states." In a new @cyberscoop.bsky.social op-ed, IST's Nick Leiserson and
FDD's Mark Montgomery call on Congress to consider a cyber reinsurance program.
✒️ Read the op-ed: cyberscoop.com/congress-cyb...
FDD's Mark Montgomery call on Congress to consider a cyber reinsurance program.
✒️ Read the op-ed: cyberscoop.com/congress-cyb...
Don’t let Congress punt on cyber insurance reform
A government-backed reinsurance program can cap the losses insurers face if a cyber catastrophe — known as a “grey swan” event — occurs. Even if disaster never strikes, the mere existence of this fina...
cyberscoop.com
November 4, 2025 at 4:00 PM
“Cyber terrorism is not what’s keeping us up at night. It’s cyber criminals and adversary states." In a new @cyberscoop.bsky.social op-ed, IST's Nick Leiserson and
FDD's Mark Montgomery call on Congress to consider a cyber reinsurance program.
✒️ Read the op-ed: cyberscoop.com/congress-cyb...
FDD's Mark Montgomery call on Congress to consider a cyber reinsurance program.
✒️ Read the op-ed: cyberscoop.com/congress-cyb...
As #CybersecurityAwarenessMonth comes to an end, IST is sharing one last resource on harnessing opportunities and mitigating risk in security applications. 🧵
October 31, 2025 at 4:07 PM
As #CybersecurityAwarenessMonth comes to an end, IST is sharing one last resource on harnessing opportunities and mitigating risk in security applications. 🧵
IST joined the International Counter Ransomware Initiative’s 74 members and private partners in Singapore last week to share our research, build capacity, and reaffirm our collective commitment to addressing #ransomware on a global scale.
October 31, 2025 at 1:53 PM
IST joined the International Counter Ransomware Initiative’s 74 members and private partners in Singapore last week to share our research, build capacity, and reaffirm our collective commitment to addressing #ransomware on a global scale.
Reposted by Institute for Security and Technology
For more than 20 years, the CVE system has been a foundational system used to track and categorize cyber vulnerabilities. @istorg.bsky.social recently released a report, "CVE at a Crossroads" looking at what should come next.
Read more: www.ittcybersecurity.org/news-resourc...
Read more: www.ittcybersecurity.org/news-resourc...
REPORT: CVE at a Crossroads: Building a Global Vulnerability System for the Next 25 Years
For more than two decades, the CVE system has been the foundation of global vulnerability management, ensuring that everyone from software developers to government agencies speaks the same language wh...
www.ittcybersecurity.org
October 30, 2025 at 8:31 PM
For more than 20 years, the CVE system has been a foundational system used to track and categorize cyber vulnerabilities. @istorg.bsky.social recently released a report, "CVE at a Crossroads" looking at what should come next.
Read more: www.ittcybersecurity.org/news-resourc...
Read more: www.ittcybersecurity.org/news-resourc...
Advances in AI present key cybersecurity opportunities, but how might malicious actors utilize the same technology? This #CybersecurityAwarenessMonth, we’re featuring our work to investigate the state of AI in #cybersecurity. 🧵
October 29, 2025 at 4:37 PM
Advances in AI present key cybersecurity opportunities, but how might malicious actors utilize the same technology? This #CybersecurityAwarenessMonth, we’re featuring our work to investigate the state of AI in #cybersecurity. 🧵
As AI tech proliferates across the globe, it is expanding the ability of authoritarian states to commit human rights abuses, and enhance their info ops & cyber attack capabilities. This #CybersecurityAwarenessMonth, we’re sharing our work to unpack the opportunities & challenges of AI advancement. 🧵
October 28, 2025 at 6:58 PM
As AI tech proliferates across the globe, it is expanding the ability of authoritarian states to commit human rights abuses, and enhance their info ops & cyber attack capabilities. This #CybersecurityAwarenessMonth, we’re sharing our work to unpack the opportunities & challenges of AI advancement. 🧵
Reposted by Institute for Security and Technology
#ICYMI: @megans.bsky.social from @istorg.bsky.social delivered her keynote at #CyberNextDC, focused on what the future of cyber policy should look like through the lens of the Ransomware Task Force (RTF).
Hear her full remarks below:
www.youtube.com/watch?v=AXaH...
Hear her full remarks below:
www.youtube.com/watch?v=AXaH...
Megan Stifel: What Cyber Policy Needs Next Through the Looking Glass of the Ransomware Task Force
YouTube video by Center for Cybersecurity Policy and Law
www.youtube.com
October 28, 2025 at 2:44 PM
#ICYMI: @megans.bsky.social from @istorg.bsky.social delivered her keynote at #CyberNextDC, focused on what the future of cyber policy should look like through the lens of the Ransomware Task Force (RTF).
Hear her full remarks below:
www.youtube.com/watch?v=AXaH...
Hear her full remarks below:
www.youtube.com/watch?v=AXaH...
What happens to a community when their local hospital loses power or water? If a #cyber attack cripples your hospital, where do you go? This #CybersecurityAwarenessMonth, we’re sharing our work to ensure that stakeholders are prepared for #cyber threats. 🧵
October 24, 2025 at 5:30 PM
What happens to a community when their local hospital loses power or water? If a #cyber attack cripples your hospital, where do you go? This #CybersecurityAwarenessMonth, we’re sharing our work to ensure that stakeholders are prepared for #cyber threats. 🧵
“Log4j is such a small, tiny library. But everybody can use it in their software.” -Christian Grobmeier
A new @github.com blog telling the story of ‘the breach that broke the Internet’ interviewed Christian, a maintainer of the Log4j open source project, to get his take on what happened.
➡️Read more:
A new @github.com blog telling the story of ‘the breach that broke the Internet’ interviewed Christian, a maintainer of the Log4j open source project, to get his take on what happened.
➡️Read more:
Inside the breach that broke the internet: The untold story of Log4Shell
Log4Shell proved that open source security isn't guaranteed and isn’t just a code problem.
github.blog
October 22, 2025 at 9:06 PM
“Log4j is such a small, tiny library. But everybody can use it in their software.” -Christian Grobmeier
A new @github.com blog telling the story of ‘the breach that broke the Internet’ interviewed Christian, a maintainer of the Log4j open source project, to get his take on what happened.
➡️Read more:
A new @github.com blog telling the story of ‘the breach that broke the Internet’ interviewed Christian, a maintainer of the Log4j open source project, to get his take on what happened.
➡️Read more:
“We have always been prey,” IST Exec in Residence @joshcorman.bsky.social told @theverge.com's Justine Calma. This #CybersecurityAwarenessMonth, we’re highlighting our efforts to prepare our communities for #cyber threats like #VoltTyphoon. 🧵
October 22, 2025 at 8:19 PM
“We have always been prey,” IST Exec in Residence @joshcorman.bsky.social told @theverge.com's Justine Calma. This #CybersecurityAwarenessMonth, we’re highlighting our efforts to prepare our communities for #cyber threats like #VoltTyphoon. 🧵