James R. McQuiggan, CISSP, SACP
@jamesmcquiggan.bsky.social
Security Awareness Advocate, Knowster, CISSP, (ISC)2 CFL President, Professor, #80, photographer
Another breach, another reminder:
✅ Was I expecting this?
✅ Is the request unusual?
✅ Can I verify it another way?
If not—don’t click. Don’t reply. Report it.
Stay skeptical. Stay secure. #Cybersecurity #Phishing #AIThreats
www.msn.com/en-us/money/...
✅ Was I expecting this?
✅ Is the request unusual?
✅ Can I verify it another way?
If not—don’t click. Don’t reply. Report it.
Stay skeptical. Stay secure. #Cybersecurity #Phishing #AIThreats
www.msn.com/en-us/money/...
July 3, 2025 at 3:30 PM
Another breach, another reminder:
✅ Was I expecting this?
✅ Is the request unusual?
✅ Can I verify it another way?
If not—don’t click. Don’t reply. Report it.
Stay skeptical. Stay secure. #Cybersecurity #Phishing #AIThreats
www.msn.com/en-us/money/...
✅ Was I expecting this?
✅ Is the request unusual?
✅ Can I verify it another way?
If not—don’t click. Don’t reply. Report it.
Stay skeptical. Stay secure. #Cybersecurity #Phishing #AIThreats
www.msn.com/en-us/money/...
🔒 What does a colonoscopy teach us about cybersecurity? Spoiler: Both require uncomfortable preparation and catching invisible risks before they become disasters. Why cyber risk is really about human behavior ⬇️
blog.knowbe4.com/checkups-and...
blog.knowbe4.com/checkups-and...
Checkups and Checklists: Cyber Risk Isn’t Just a Technical Problem
There are many things in our lives we must prepare for to be ready. For other things, we wing it, or we're not prepared to deal with it at the moment.
blog.knowbe4.com
June 16, 2025 at 10:58 PM
🔒 What does a colonoscopy teach us about cybersecurity? Spoiler: Both require uncomfortable preparation and catching invisible risks before they become disasters. Why cyber risk is really about human behavior ⬇️
blog.knowbe4.com/checkups-and...
blog.knowbe4.com/checkups-and...
Would you open the front door to a stranger? Then why trust a random caller? If you weren’t expecting the call, hang up and verify. It’s not rude—it’s smart. #CyberSecurity #Vishing #ThinkBeforeYouPickUp #HumanRisk #SocialEngineering
www.cpomagazine.com/cyber-securi...
www.cpomagazine.com/cyber-securi...
June 12, 2025 at 1:30 PM
Would you open the front door to a stranger? Then why trust a random caller? If you weren’t expecting the call, hang up and verify. It’s not rude—it’s smart. #CyberSecurity #Vishing #ThinkBeforeYouPickUp #HumanRisk #SocialEngineering
www.cpomagazine.com/cyber-securi...
www.cpomagazine.com/cyber-securi...
AI coding tools enhance productivity, but "vibe coding" risks unleashing insecure code into the wild. Organizations need to prioritize security education for devs! 🌟 Read more: www.darkreading.com/application-...
June 9, 2025 at 6:59 PM
AI coding tools enhance productivity, but "vibe coding" risks unleashing insecure code into the wild. Organizations need to prioritize security education for devs! 🌟 Read more: www.darkreading.com/application-...
Shadow AI is Shadow IT's dangerous cousin 👑 Your team uses ChatGPT to boost productivity, but feeds sensitive data to systems you don't control. Bans don't work - governance does. Read more: technewsworld.com/story/it-pro...
June 5, 2025 at 2:17 PM
Shadow AI is Shadow IT's dangerous cousin 👑 Your team uses ChatGPT to boost productivity, but feeds sensitive data to systems you don't control. Bans don't work - governance does. Read more: technewsworld.com/story/it-pro...
Hmmm, I wonder if an LLM hallucinated the citations for their report?!
www.nytimes.com/2025/05/29/w...
www.nytimes.com/2025/05/29/w...
White House Health Report Included Fake Citations
www.nytimes.com
May 30, 2025 at 4:13 PM
Hmmm, I wonder if an LLM hallucinated the citations for their report?!
www.nytimes.com/2025/05/29/w...
www.nytimes.com/2025/05/29/w...
Saw a juggler on a cruise balancing bottles and juggling pins while chatting with the crowd.
Felt like watching a CISO. Cybersecurity is a balancing act and here’s what we can learn from the stage. 🎪🔐
👉 jamesmcquiggan.com/2025/05/30/m...
#Cybersecurity #CISO #SecurityCulture
Felt like watching a CISO. Cybersecurity is a balancing act and here’s what we can learn from the stage. 🎪🔐
👉 jamesmcquiggan.com/2025/05/30/m...
#Cybersecurity #CISO #SecurityCulture
What a Cruise Show Revealed About Cybersecurity Challenges
Discover how a cruise juggler's performance mirrors the daily balancing act of cybersecurity professionals. Learn key takeaways for success!
jamesmcquiggan.com
May 30, 2025 at 12:47 PM
Saw a juggler on a cruise balancing bottles and juggling pins while chatting with the crowd.
Felt like watching a CISO. Cybersecurity is a balancing act and here’s what we can learn from the stage. 🎪🔐
👉 jamesmcquiggan.com/2025/05/30/m...
#Cybersecurity #CISO #SecurityCulture
Felt like watching a CISO. Cybersecurity is a balancing act and here’s what we can learn from the stage. 🎪🔐
👉 jamesmcquiggan.com/2025/05/30/m...
#Cybersecurity #CISO #SecurityCulture
Reposted by James R. McQuiggan, CISSP, SACP
User Awareness Training Must Be Cybersecurity Investment No. 1
User Awareness Training Must Be Cybersecurity Investment No. 1
For small and rural towns and counties, cybersecurity awareness training is the lowest of the low-hanging fruit when it comes to achieving cyber resilience.
buff.ly
May 17, 2025 at 1:12 AM
User Awareness Training Must Be Cybersecurity Investment No. 1
The FBI alerts us to malware targeting outdated routers, emphasizing the need for proactive hardware upgrades. Don't wait for a breach! Invest in your devices' lifecycle.
🔒🌐 Read more: www.ic3.gov/CSA/2025/250...
🔒🌐 Read more: www.ic3.gov/CSA/2025/250...
May 9, 2025 at 2:32 PM
The FBI alerts us to malware targeting outdated routers, emphasizing the need for proactive hardware upgrades. Don't wait for a breach! Invest in your devices' lifecycle.
🔒🌐 Read more: www.ic3.gov/CSA/2025/250...
🔒🌐 Read more: www.ic3.gov/CSA/2025/250...
8 years after NotPetya, basic attack methods are still used.CISA warns that OT systems are still wide open to stolen creds, unpatched flaws, and sloppy remote access. This isn’t advanced tradecraft. It’s failure to cover the basics.
👉 buff.ly/AtqTMbS
#OTSecurity
👉 buff.ly/AtqTMbS
#OTSecurity
OT Systems Exposed to Basic Hacks, CISA Warns
The Cybersecurity and Infrastructure Security Agency is warning that critical infrastructure operators remain vulnerable to low-skill cyberattacks targeting OT
www.inforisktoday.co.uk
May 8, 2025 at 3:00 PM
8 years after NotPetya, basic attack methods are still used.CISA warns that OT systems are still wide open to stolen creds, unpatched flaws, and sloppy remote access. This isn’t advanced tradecraft. It’s failure to cover the basics.
👉 buff.ly/AtqTMbS
#OTSecurity
👉 buff.ly/AtqTMbS
#OTSecurity
The LockBit ransomware gang has been hacked, exposing negotiations with victims, revealing that even criminals can overlook security vulnerabilities. Always patch!
www.bleepingcomputer.com/news/securit...
#CrimeIsBad #YouGotToPatchIt
www.bleepingcomputer.com/news/securit...
#CrimeIsBad #YouGotToPatchIt
www.bleepingcomputer.com
May 8, 2025 at 1:59 AM
The LockBit ransomware gang has been hacked, exposing negotiations with victims, revealing that even criminals can overlook security vulnerabilities. Always patch!
www.bleepingcomputer.com/news/securit...
#CrimeIsBad #YouGotToPatchIt
www.bleepingcomputer.com/news/securit...
#CrimeIsBad #YouGotToPatchIt
Is Security Awareness dead? Not if I can help it!
Catch me at #NJSECON as I unpack how AI is changing the game & why we must evolve into Human Risk Management. Fewer slides, more laughs, stronger firewalls.
www.njsecon.org
Catch me at #NJSECON as I unpack how AI is changing the game & why we must evolve into Human Risk Management. Fewer slides, more laughs, stronger firewalls.
www.njsecon.org
May 6, 2025 at 7:18 PM
Is Security Awareness dead? Not if I can help it!
Catch me at #NJSECON as I unpack how AI is changing the game & why we must evolve into Human Risk Management. Fewer slides, more laughs, stronger firewalls.
www.njsecon.org
Catch me at #NJSECON as I unpack how AI is changing the game & why we must evolve into Human Risk Management. Fewer slides, more laughs, stronger firewalls.
www.njsecon.org
Agentic AI doesn’t need intent to cause damage. When systems act on flawed data or conflicting goals, the outcome can be chaos. CISOs must align innovation with oversight—because misalignment, not malice, is the real risk. #AI #Cybersecurity #CISO
www.darkreading.com/vulnerabilit...
www.darkreading.com/vulnerabilit...
May 5, 2025 at 8:03 PM
Agentic AI doesn’t need intent to cause damage. When systems act on flawed data or conflicting goals, the outcome can be chaos. CISOs must align innovation with oversight—because misalignment, not malice, is the real risk. #AI #Cybersecurity #CISO
www.darkreading.com/vulnerabilit...
www.darkreading.com/vulnerabilit...
Still holding onto passwords like it’s 1999? 🕹️ Time to ditch the sticky notes—passkeys are here to level up your digital security. 🔐 Read on for smart tips that prep you for the passwordless future. #Cybersecurity #Passkeys
www.zdnet.com/article/10-p...
www.zdnet.com/article/10-p...
10 passkey survival tips: Prepare for your passwordless future now
Although passkeys remain an evolving ecosystem, we'd be wise to embrace tomorrow's authentication standard today. Here are ZDNET's 10 recommendations for reaching passkey paradise.
www.zdnet.com
May 5, 2025 at 3:29 PM
Still holding onto passwords like it’s 1999? 🕹️ Time to ditch the sticky notes—passkeys are here to level up your digital security. 🔐 Read on for smart tips that prep you for the passwordless future. #Cybersecurity #Passkeys
www.zdnet.com/article/10-p...
www.zdnet.com/article/10-p...
The Empire didn’t fall because of the Force. It fell from bad security. I break down Star Wars and cybersecurity in my latest blog—Rogue One, R2-D2, stormtroopers, and real-world breaches. No fluff. Just facts.
🔗 jamesmcquiggan.com/2025/05/04/c...
#CyberSecurity #StarWars
🔗 jamesmcquiggan.com/2025/05/04/c...
#CyberSecurity #StarWars
Cybersecurity Lessons from Star Wars: May the 4th Be With You
Explore the parallels between Star Wars and cybersecurity, uncovering vital lessons on security, insider threats, and endpoint controls.
jamesmcquiggan.com
May 4, 2025 at 12:45 PM
The Empire didn’t fall because of the Force. It fell from bad security. I break down Star Wars and cybersecurity in my latest blog—Rogue One, R2-D2, stormtroopers, and real-world breaches. No fluff. Just facts.
🔗 jamesmcquiggan.com/2025/05/04/c...
#CyberSecurity #StarWars
🔗 jamesmcquiggan.com/2025/05/04/c...
#CyberSecurity #StarWars
Secrets in Slack & Jira can be riskier than code leaks. No scans. No reviews. Just fast creds shared to “get it done.” Treat these tools like code: scan them, train users, and build safer habits. Convenience shouldn’t cost you security. #infosec
Secrets leaks increase — and expand beyond the codebase
Organizations that assume secrets protection is solely about scanning public repositories and codebases for API keys, passwords, and tokens may be overlooking a major blind spot.
securityboulevard.com
May 1, 2025 at 2:00 PM
Secrets in Slack & Jira can be riskier than code leaks. No scans. No reviews. Just fast creds shared to “get it done.” Treat these tools like code: scan them, train users, and build safer habits. Convenience shouldn’t cost you security. #infosec
🚨Phishers are capitalizing on the Iberian blackout, targeting Portuguese and Spanish speakers by masquerading as Portugal's national airline offering compensation for disrupted flights.
April 30, 2025 at 8:00 PM
🚨Phishers are capitalizing on the Iberian blackout, targeting Portuguese and Spanish speakers by masquerading as Portugal's national airline offering compensation for disrupted flights.
Critical infrastructure security is no longer optional. It’s strategic. 🔒
✅ Design for resilience, not just prevention.
✅ Plan for disruption and recovery.
Energy resilience = National resilience
👉 Patrick's Testimony:
✅ Design for resilience, not just prevention.
✅ Plan for disruption and recovery.
Energy resilience = National resilience
👉 Patrick's Testimony:
Testimony Before the U.S.-China Economic and Security Review Commission: Protecting U.S. Energy Infrastructure from Strategic Risks — AMPYX CYBER
On April 24, 2025, Patrick Miller testified before the U.S.-China Economic and Security Review Commission on the growing cybersecurity and supply chain risks facing U.S. energy infrastructure.
ampyxcyber.com
April 29, 2025 at 1:57 PM
Critical infrastructure security is no longer optional. It’s strategic. 🔒
✅ Design for resilience, not just prevention.
✅ Plan for disruption and recovery.
Energy resilience = National resilience
👉 Patrick's Testimony:
✅ Design for resilience, not just prevention.
✅ Plan for disruption and recovery.
Energy resilience = National resilience
👉 Patrick's Testimony:
How ready are you for the rise of deep fakes in cybersecurity? 🎭 I had a great talk with Marc Ashworth on the Cyber Executive Podcast about the deepfake threats and what we can do about them. #Cybersecurity #AI #DeepFakes
Ep 12: Deep Fakes and Security Awareness with James McQuiggan of KnowBe4
In this episode of the Cyber Executive Podcast, host Marc Ashworth speaks with James McQuiggan, a security awareness advocate at KnowBe4, about the growing t...
www.youtube.com
April 29, 2025 at 1:56 PM
How ready are you for the rise of deep fakes in cybersecurity? 🎭 I had a great talk with Marc Ashworth on the Cyber Executive Podcast about the deepfake threats and what we can do about them. #Cybersecurity #AI #DeepFakes
Can your team spot a deepfake in real time?
If not, you’re not alone. Real-time deepfake scams are already targeting businesses today. (404 Media)
And with AI automation and dark web marketplaces, it's only getting easier for attackers. (Dark Reading)
Let's break it down 🧵
If not, you’re not alone. Real-time deepfake scams are already targeting businesses today. (404 Media)
And with AI automation and dark web marketplaces, it's only getting easier for attackers. (Dark Reading)
Let's break it down 🧵
April 28, 2025 at 9:34 PM
Can your team spot a deepfake in real time?
If not, you’re not alone. Real-time deepfake scams are already targeting businesses today. (404 Media)
And with AI automation and dark web marketplaces, it's only getting easier for attackers. (Dark Reading)
Let's break it down 🧵
If not, you’re not alone. Real-time deepfake scams are already targeting businesses today. (404 Media)
And with AI automation and dark web marketplaces, it's only getting easier for attackers. (Dark Reading)
Let's break it down 🧵
Reposted by James R. McQuiggan, CISSP, SACP
JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference - SecurityWeek
JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference
The doors to the RSA Conference 2025 swing open here this week with two competing narratives as AI evangelism sets an unmistakable tone for the conference.
buff.ly
April 28, 2025 at 5:42 PM
JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference - SecurityWeek
It’s concerning that the FBI’s workforce may be impacted by layoffs, possibly limiting their capacity to respond effectively to these threats.
www.infosecurity-magazine.com/news/fbi-hel...
www.infosecurity-magazine.com/news/fbi-hel...
FBI Asks for Help Tracking Chinese Salt Typhoon Actors
The US authorities have asked the public to help them unmask China’s Salt Typhoon threat actors
www.infosecurity-magazine.com
April 28, 2025 at 5:13 PM
It’s concerning that the FBI’s workforce may be impacted by layoffs, possibly limiting their capacity to respond effectively to these threats.
www.infosecurity-magazine.com/news/fbi-hel...
www.infosecurity-magazine.com/news/fbi-hel...
🛳️ I'm Speaking at CruiseCon West 2025 on DEEP FAKE DETECTION! Can your team spot AI that mimics your C-suite? Join me & cybersecurity leaders like Robert Bigman on this floating conference. Prices go up May 1! #CyberCruise Use IRA10 to register here: buff.ly/GA1Z4Ce
April 28, 2025 at 3:54 PM
🛳️ I'm Speaking at CruiseCon West 2025 on DEEP FAKE DETECTION! Can your team spot AI that mimics your C-suite? Join me & cybersecurity leaders like Robert Bigman on this floating conference. Prices go up May 1! #CyberCruise Use IRA10 to register here: buff.ly/GA1Z4Ce
🌱 Growing strong network security is like gardening — it takes patience, resilience, and pulling a few weeds.
New blog post: [https://jamesmcquiggan.com/2025/04/26/growing-network-security-lessons-from-gardening/]
What's your best "security gardening" tip? 🌻
New blog post: [https://jamesmcquiggan.com/2025/04/26/growing-network-security-lessons-from-gardening/]
What's your best "security gardening" tip? 🌻
Network Security: Lessons from Gardening for Better Protection
Discover how managing network security is like gardening. Learn to prune vulnerabilities and cultivate a resilient cybersecurity environment.
jamesmcquiggan.com
April 27, 2025 at 3:02 PM
🌱 Growing strong network security is like gardening — it takes patience, resilience, and pulling a few weeds.
New blog post: [https://jamesmcquiggan.com/2025/04/26/growing-network-security-lessons-from-gardening/]
What's your best "security gardening" tip? 🌻
New blog post: [https://jamesmcquiggan.com/2025/04/26/growing-network-security-lessons-from-gardening/]
What's your best "security gardening" tip? 🌻
"If your incident response plan only covers ransomware, it’s already outdated. Threats are evolving fast — is your strategy keeping up? #Cybersecurity #Ransomware #IncidentResponse #InfoSec" www.infosecurity-magazine.com/news/novel-r...
Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes
Increased law enforcement pressure has forced ransomware groups like DragonForce and Anubis to move away from traditional affiliate models
www.infosecurity-magazine.com
April 26, 2025 at 7:18 PM
"If your incident response plan only covers ransomware, it’s already outdated. Threats are evolving fast — is your strategy keeping up? #Cybersecurity #Ransomware #IncidentResponse #InfoSec" www.infosecurity-magazine.com/news/novel-r...