Andre Smith
@andresmith-sec.bsky.social
Hacking systems to stop hackers, before they strike. 25 years experience in cybersecurity.
CEO & Director of Technology for AMEOT. Real proactive security is detection-less. www.ameot.com
CEO & Director of Technology for AMEOT. Real proactive security is detection-less. www.ameot.com
Speed is great—until it skips security. Fast deployments often skip critical security steps. Is your rush to innovate opening the door for attackers? Are you trading safety for speed?
December 11, 2024 at 9:00 PM
Speed is great—until it skips security. Fast deployments often skip critical security steps. Is your rush to innovate opening the door for attackers? Are you trading safety for speed?
High cost ≠ high tech. The most expensive tools often rely on old tech with new marketing. Expensive ≠ innovative. Are you paying for innovation or legacy systems in disguise? Know your tools, not just your brands.
December 11, 2024 at 7:00 PM
High cost ≠ high tech. The most expensive tools often rely on old tech with new marketing. Expensive ≠ innovative. Are you paying for innovation or legacy systems in disguise? Know your tools, not just your brands.
Detection tools miss the unknown. How are you defending the future? Detection tools only recognize known patterns—zero-days go undetected. Are you stuck reacting with yesterday's threat intelligence? Get Proactive.
December 11, 2024 at 5:00 PM
Detection tools miss the unknown. How are you defending the future? Detection tools only recognize known patterns—zero-days go undetected. Are you stuck reacting with yesterday's threat intelligence? Get Proactive.
Costly detection based tools still cry wolf. Are your teams chasing noise? False positives still plague even the priciest tools, draining your team’s time and energy. False positives = wasted time. Are you paying more for more alerts? Are your most expensive tools solving or creating problems?
December 11, 2024 at 3:00 PM
Costly detection based tools still cry wolf. Are your teams chasing noise? False positives still plague even the priciest tools, draining your team’s time and energy. False positives = wasted time. Are you paying more for more alerts? Are your most expensive tools solving or creating problems?
AI + humans = success. Are you underestimating the human element? Automation supports humans, it doesn’t replace them. No one wants to rely on a company that is more robotic than human. Don't trade talent for tools it creates gaps in your operations and defenses.
December 10, 2024 at 9:00 PM
AI + humans = success. Are you underestimating the human element? Automation supports humans, it doesn’t replace them. No one wants to rely on a company that is more robotic than human. Don't trade talent for tools it creates gaps in your operations and defenses.
ML ≠ magic. Machine learning models rely on quality data. Are you feeding your tools the data they need? Are you maintaining your tools or leaving them blind? ML needs data, not assumptions, how well-fed is your model?
December 10, 2024 at 7:00 PM
ML ≠ magic. Machine learning models rely on quality data. Are you feeding your tools the data they need? Are you maintaining your tools or leaving them blind? ML needs data, not assumptions, how well-fed is your model?
Are you trusting AI without understanding its foundation? Big data alone ≠ smart decisions any more than more data (quality excluded) ≠ better results. Are your tools making you safer or are they just busy massaging heaps of less than useful data?
December 10, 2024 at 5:00 PM
Are you trusting AI without understanding its foundation? Big data alone ≠ smart decisions any more than more data (quality excluded) ≠ better results. Are your tools making you safer or are they just busy massaging heaps of less than useful data?
Are you ready for the unknown? Detection based tools are designed to find the known threats, unknown threats are often blind spots. What about threats your tools can’t see? Get Proactive! Detection only works after the fact.
December 10, 2024 at 3:00 PM
Are you ready for the unknown? Detection based tools are designed to find the known threats, unknown threats are often blind spots. What about threats your tools can’t see? Get Proactive! Detection only works after the fact.
A bigger budget, alone, doesn’t stop breaches—it just makes failure more costly. Are you focusing on the price of your tools or creating an effective strategy? Are you investing for bragging rights or to solve the right problems? Seek results!
December 9, 2024 at 9:00 PM
A bigger budget, alone, doesn’t stop breaches—it just makes failure more costly. Are you focusing on the price of your tools or creating an effective strategy? Are you investing for bragging rights or to solve the right problems? Seek results!
Proactive ≠ reactive. Detection tools only react after a threat is present—AI doesn’t make them proactive. Are you confusing speed with prevention? AI speeds reaction, but it can’t prevent presence. Is your AI-driven tool just faster at playing catch-up? AI ≠ proactive.
December 9, 2024 at 7:00 PM
Proactive ≠ reactive. Detection tools only react after a threat is present—AI doesn’t make them proactive. Are you confusing speed with prevention? AI speeds reaction, but it can’t prevent presence. Is your AI-driven tool just faster at playing catch-up? AI ≠ proactive.
High cost ≠ high security and expensive tools ≠ foolproof security. Every year we spend more, only to have the rate of successful attacks rise. Results should overshadow price tag, otherwise, your just buying great branding, which also ≠ great security. Seek results!
December 9, 2024 at 5:30 PM
High cost ≠ high security and expensive tools ≠ foolproof security. Every year we spend more, only to have the rate of successful attacks rise. Results should overshadow price tag, otherwise, your just buying great branding, which also ≠ great security. Seek results!
CISOs aren’t there to clean up breaches—they’re there to stop them before they happen. Are you treating security as an afterthought? #CyberSecurity #ProactiveDefense
December 7, 2024 at 3:00 PM
CISOs aren’t there to clean up breaches—they’re there to stop them before they happen. Are you treating security as an afterthought? #CyberSecurity #ProactiveDefense
CISOs drive business strategy, not just IT. Are you underestimating their authority by treating cybersecurity as an IT issue instead of a business priority? #Leadership #CyberSecurity #Strategy #RiskManagement
December 6, 2024 at 9:00 PM
CISOs drive business strategy, not just IT. Are you underestimating their authority by treating cybersecurity as an IT issue instead of a business priority? #Leadership #CyberSecurity #Strategy #RiskManagement
CISO life = strategy+ risk management, not “hackers vs. CISOs.” A CISO’s day isn’t Hollywood-style hacking. Are you glamorizing the grind while ignoring its complexity? #CyberSecurity #Leadership
December 6, 2024 at 7:00 PM
CISO life = strategy+ risk management, not “hackers vs. CISOs.” A CISO’s day isn’t Hollywood-style hacking. Are you glamorizing the grind while ignoring its complexity? #CyberSecurity #Leadership
Reposted by Andre Smith
Key risk trends for Directors and Officers in 2025: ‘AI washing’ is an emerging risk: resilienceforward.com/key-risk-tre...
#RiskManagement
#RiskManagement
December 6, 2024 at 4:47 PM
Key risk trends for Directors and Officers in 2025: ‘AI washing’ is an emerging risk: resilienceforward.com/key-risk-tre...
#RiskManagement
#RiskManagement
Compliance is the floor, not the ceiling. CISOs are there to protect your business, not just check boxes. Compliance ≠ security. Are you focused on protection or just policies? #CyberSecurity
#Compliance #Leadership
#Compliance #Leadership
December 6, 2024 at 5:00 PM
Compliance is the floor, not the ceiling. CISOs are there to protect your business, not just check boxes. Compliance ≠ security. Are you focused on protection or just policies? #CyberSecurity
#Compliance #Leadership
#Compliance #Leadership
CISOs worry just as much about insider threats, supply chain risks, and human error. External attackers aren’t the only threat. Does your CISO have full visibility? #CyberSecurity #RiskManagement #Leadership
December 6, 2024 at 3:00 PM
CISOs worry just as much about insider threats, supply chain risks, and human error. External attackers aren’t the only threat. Does your CISO have full visibility? #CyberSecurity #RiskManagement #Leadership
CISOs guide the organization, however, security is everyone’s job. Although the responsibility is shared, the CISO gets all the blame. Are you helping or blaming? #CyberSecurity #Board #TeamWork
December 5, 2024 at 9:00 PM
CISOs guide the organization, however, security is everyone’s job. Although the responsibility is shared, the CISO gets all the blame. Are you helping or blaming? #CyberSecurity #Board #TeamWork
CISOs aren’t magicians. Expecting a CISO to secure your organization with an inadequate budget is like asking for a skyscraper on a shed’s budget. CISOs need resources, not miracles. #SmartSpending #Cybersecurity #Budget
December 5, 2024 at 7:00 PM
CISOs aren’t magicians. Expecting a CISO to secure your organization with an inadequate budget is like asking for a skyscraper on a shed’s budget. CISOs need resources, not miracles. #SmartSpending #Cybersecurity #Budget
CISO = tech + strategy + leadership—it’s aligning security strategy with business goals. A CISO’s role isn’t just tech. Are you underestimating their value? Or do you see their impact on your organization’s future? #Leadership #CyberSecurity #CISO .
December 5, 2024 at 5:00 PM
CISO = tech + strategy + leadership—it’s aligning security strategy with business goals. A CISO’s role isn’t just tech. Are you underestimating their value? Or do you see their impact on your organization’s future? #Leadership #CyberSecurity #CISO .
Reposted by Andre Smith
A new phishing campaign discovered by malware hunting firm Any.Run utilizes intentionally corrupted Word documents as attachments in emails that pretend to be from payroll and human resources departments.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Novel phishing campaign uses corrupted Word documents to evade security
A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but...
www.bleepingcomputer.com
December 2, 2024 at 7:20 PM
A new phishing campaign discovered by malware hunting firm Any.Run utilizes intentionally corrupted Word documents as attachments in emails that pretend to be from payroll and human resources departments.
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Reposted by Andre Smith
This is so true. Most companies don't have an understanding of what risks are out there or they think it will never happen to them. Business leaders need to be looking at these risks and taking steps to be more secure.
news.sky.com/story/the-uk...
#infosec #cybersecurity #informationsecurity
news.sky.com/story/the-uk...
#infosec #cybersecurity #informationsecurity
The UK is 'widely' underestimating online threats from hostile states and criminals, cyber security chief warns
The NCSC's incident management team was required to provide support in response to 430 cyber attacks over the past year - up from 371 in 2023.
news.sky.com
December 3, 2024 at 6:45 AM
This is so true. Most companies don't have an understanding of what risks are out there or they think it will never happen to them. Business leaders need to be looking at these risks and taking steps to be more secure.
news.sky.com/story/the-uk...
#infosec #cybersecurity #informationsecurity
news.sky.com/story/the-uk...
#infosec #cybersecurity #informationsecurity
Reposted by Andre Smith
It's really worth doing a review of your personal online accounts on a regular basis. Have check of the email address you use on haveibeenpwned.com, check for new security settings that you might want to enable. One little tweak might just prevent an account being compromised.
#cyberawareness
#cyberawareness
Have I Been Pwned: Check if your email has been compromised in a data breach
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
haveibeenpwned.com
December 3, 2024 at 7:32 AM
It's really worth doing a review of your personal online accounts on a regular basis. Have check of the email address you use on haveibeenpwned.com, check for new security settings that you might want to enable. One little tweak might just prevent an account being compromised.
#cyberawareness
#cyberawareness