Jim Donahue
@jimdonahue-cyber.bsky.social
My work account, focused on cybersecurity. I'm the managing editor, content operations, at Dark Reading, part of Informa TechTarget.
I'm retiring as of tomorrow, so this work account will be going dark. (It seems likely I'll do some freelance work in 2026, so I'm not shutting down the acct. But I'm taking it easy a few months.)
I do have a personal account here, but it seems weird to post the link. Feel free to DM me, though.
I do have a personal account here, but it seems weird to post the link. Feel free to DM me, though.
August 27, 2025 at 2:41 PM
I'm retiring as of tomorrow, so this work account will be going dark. (It seems likely I'll do some freelance work in 2026, so I'm not shutting down the acct. But I'm taking it easy a few months.)
I do have a personal account here, but it seems weird to post the link. Feel free to DM me, though.
I do have a personal account here, but it seems weird to post the link. Feel free to DM me, though.
New on @darkreading.bsky.social, commentary by Liad Cohen and Eyal Paz, OX Security: "By addressing these risk vectors, organizations can continue leveraging GitHub's innovation while protecting against the sophisticated supply chain attacks targeting our interconnected software ecosystem."
10 Major GitHub Risk Vectors Hidden in Plain Sight
By addressing these overlooked risk vectors, organizations can continue leveraging GitHub's innovation while protecting against sophisticated supply chain attacks targeting interconnected software.
www.darkreading.com
August 19, 2025 at 2:23 PM
New on @darkreading.bsky.social, commentary by Liad Cohen and Eyal Paz, OX Security: "By addressing these risk vectors, organizations can continue leveraging GitHub's innovation while protecting against the sophisticated supply chain attacks targeting our interconnected software ecosystem."
New on @darkreading.bsky.social, commentary by Aditya K. Sood, VP of Security Engineering & AI Strategy, Aryaka: "Today's RATs don't just exploit technical vulnerabilities. They also take advantage of the blind spots created by how enterprise architects establish their security environments."
How Evolving RATs Are Redefining Enterprise Security Threats
A more unified and behavior-aware approach to detection can significantly improve security outcomes.
www.darkreading.com
August 18, 2025 at 2:38 PM
New on @darkreading.bsky.social, commentary by Aditya K. Sood, VP of Security Engineering & AI Strategy, Aryaka: "Today's RATs don't just exploit technical vulnerabilities. They also take advantage of the blind spots created by how enterprise architects establish their security environments."
New on @darkreading.bsky.social, commentary by Ivanti's Field CISO Mike Riemer: "When security becomes part of the development culture rather than an external constraint, teams start thinking about security implications naturally as they build features."
Using Security Expertise to Bridge the Communication Gap
Cybersecurity-focused leadership delivers better products and business outcomes.
www.darkreading.com
August 15, 2025 at 2:47 PM
New on @darkreading.bsky.social, commentary by Ivanti's Field CISO Mike Riemer: "When security becomes part of the development culture rather than an external constraint, teams start thinking about security implications naturally as they build features."
New on @darkreading.bsky.social, commentary by Ofri Ouzan, Security Researcher & Advocate, JFrog: CVE scoring systems "often fail to account for the unique context of each organization's environment. As a result, teams risk focusing on theoretical risks while genuine threats may be overlooked."
The Critical Flaw in CVE Scoring
With informed decision-making, organizations can strengthen their overall resilience and maintain the agility needed to adapt to emerging threats, without sacrificing innovation or productivity.
www.darkreading.com
August 11, 2025 at 3:24 PM
New on @darkreading.bsky.social, commentary by Ofri Ouzan, Security Researcher & Advocate, JFrog: CVE scoring systems "often fail to account for the unique context of each organization's environment. As a result, teams risk focusing on theoretical risks while genuine threats may be overlooked."
New on @darkreading.bsky.social, commentary by Lane Sullivan, Chief Information Security & Strategy Officer, Concentric AI: "Being a CISO today is a balancing act of strategic leadership, financial literacy, technical expertise, and human connection, regardless of [company size]."
Redefining the Role: What Makes a CISO Great
Security is everyone's responsibility, but as a CISO, it starts with you.
www.darkreading.com
August 11, 2025 at 3:21 PM
New on @darkreading.bsky.social, commentary by Lane Sullivan, Chief Information Security & Strategy Officer, Concentric AI: "Being a CISO today is a balancing act of strategic leadership, financial literacy, technical expertise, and human connection, regardless of [company size]."
New on @darkreading.bsky.social, commentary by Melina Scotto, Founder, Mastin & Associates: "Consider securing AI as your next career opportunity to transform challenges into a strategic advantage and build cyber resilience in a rapidly changing, AI-enabled, digital world."
Will Secure AI Be the Hottest Career Path in Cybersecurity?
Securing AI systems represents cybersecurity's next frontier, creating specialized career paths as organizations grapple with novel vulnerabilities, regulatory requirements, and cross-functional deman...
www.darkreading.com
August 11, 2025 at 3:19 PM
New on @darkreading.bsky.social, commentary by Melina Scotto, Founder, Mastin & Associates: "Consider securing AI as your next career opportunity to transform challenges into a strategic advantage and build cyber resilience in a rapidly changing, AI-enabled, digital world."
New on @darkreading.bsky.social, commentary by Pritesh Parekh, CISO, PagerDuty: "In an era where cyber threats are increasingly sophisticated and pervasive, the importance of post-incident security reviews cannot be overstated." Get tips on organizing your own reviews.
Building the Perfect Post-Security Incident Review Playbook
By creating a safe environment for open discussion, prioritizing human context alongside technical data, and involving diverse stakeholders, organizations can turn security incidents into accelerators...
www.darkreading.com
August 5, 2025 at 3:53 PM
New on @darkreading.bsky.social, commentary by Pritesh Parekh, CISO, PagerDuty: "In an era where cyber threats are increasingly sophisticated and pervasive, the importance of post-incident security reviews cannot be overstated." Get tips on organizing your own reviews.
New on @darkreading.bsky.social, commentary by Trend Micro's Jon Clay: "While the cybercriminal underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020."
Why the Old Ways Are Still the Best for Most Cybercriminals
While the cybercrime underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020.
www.darkreading.com
August 5, 2025 at 3:49 PM
New on @darkreading.bsky.social, commentary by Trend Micro's Jon Clay: "While the cybercriminal underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020."
Get the latest news from Black Hat this week. www.darkreading.com/keyword/blac...
Black Hat News
Black Hat News
www.darkreading.com
August 5, 2025 at 3:27 PM
Get the latest news from Black Hat this week. www.darkreading.com/keyword/blac...
Reposted by Jim Donahue
Scoop: CISA's contract with ICF has expired, reducing the JCDC's contractor workforce from 100+ to just 10. CISA can use emergency money & 2-week extensions to keep those 10 around, but only through Sept. Other contracts also caught up in huge backlog. www.cybersecuritydive.com/news/cisa-jo...
July 30, 2025 at 2:53 PM
Scoop: CISA's contract with ICF has expired, reducing the JCDC's contractor workforce from 100+ to just 10. CISA can use emergency money & 2-week extensions to keep those 10 around, but only through Sept. Other contracts also caught up in huge backlog. www.cybersecuritydive.com/news/cisa-jo...
New on @darkreading.bsky.social, commentary by Alisdair Faulkner, Darwinium: "We must accept that malicious agents will often appear legitimate — and gain access. Defending against them requires speed, but not at the expense of paralyzing online commerce."
How to Spot Malicious AI Agents Before They Strike
The rise of agentic AI means the battle of the machines is just beginning. To win, we'll need our own agents — human and machine — working together.
www.darkreading.com
July 30, 2025 at 7:49 PM
New on @darkreading.bsky.social, commentary by Alisdair Faulkner, Darwinium: "We must accept that malicious agents will often appear legitimate — and gain access. Defending against them requires speed, but not at the expense of paralyzing online commerce."
New on @darkreading.bsky.social, commentary by Roger Cressey, Mountain Wave Ventures: "As we reflect on the anniversary of the largest outage in IT history, organizations everywhere need to make an active effort to ... create a more robust and resilient cyber ecosystem moving forward."
The CrowdStrike Outage Was Bad but Could Have Been Worse
A year after the largest outage in IT history, organizations need to make an active effort to diversify their technology and software vendors and create a more resilient cyber ecosystem moving forward...
www.darkreading.com
July 30, 2025 at 7:44 PM
New on @darkreading.bsky.social, commentary by Roger Cressey, Mountain Wave Ventures: "As we reflect on the anniversary of the largest outage in IT history, organizations everywhere need to make an active effort to ... create a more robust and resilient cyber ecosystem moving forward."
New on @darkreading.bsky.social : "By tying security investments to measurable outcomes — like reduced breach likelihood and financial impact — CISOs can align internal stakeholders and justify spending based on real-world risk." Commentary by Kara Sprague, CEO, HackerOne
Securing the Budget: Demonstrating Cybersecurity's Return
By tying security investments to measurable outcomes — like reduced breach likelihood and financial impact — CISOs can align internal stakeholders and justify spending based on real-world risk.
www.darkreading.com
July 24, 2025 at 8:58 PM
New on @darkreading.bsky.social : "By tying security investments to measurable outcomes — like reduced breach likelihood and financial impact — CISOs can align internal stakeholders and justify spending based on real-world risk." Commentary by Kara Sprague, CEO, HackerOne
New on @darkreading.bsky.social: "Many CISOs still find themselves speaking a technical language that fails to resonate with other leaders. Technical terms often fall flat in boardrooms more concerned with revenue growth and brand reputation." Commentary by Ashley Rose, Living Security
Translating Cyber-Risk for the Boardroom
When security leaders embrace this truth and learn to speak in the language of leadership, they don't just protect the enterprise, they help lead it forward.
www.darkreading.com
July 24, 2025 at 8:55 PM
New on @darkreading.bsky.social: "Many CISOs still find themselves speaking a technical language that fails to resonate with other leaders. Technical terms often fall flat in boardrooms more concerned with revenue growth and brand reputation." Commentary by Ashley Rose, Living Security
New on @darkreading.bsky.social: "Today's insider threats aren't lone wolves acting out of spite — they're pawns in the hands of sophisticated, organized criminal networks." Commentary by Rob Juncker, Mimecast
How Criminal Networks Exploit Insider Vulnerabilities
Criminal networks are adapting quickly, and they're betting that companies won't keep pace. Let's prove them wrong.
www.darkreading.com
July 24, 2025 at 8:52 PM
New on @darkreading.bsky.social: "Today's insider threats aren't lone wolves acting out of spite — they're pawns in the hands of sophisticated, organized criminal networks." Commentary by Rob Juncker, Mimecast
New on @darkreading.bsky.social: "Agentic AI could be a disaster for authorization systems in software-as-a-service (SaaS) platforms as we know them today. But it doesn't have to be, if security and IT teams address the challenges proactively." Commentary by Josh Lemos, GitLab. chaos
3 Ways Security Teams Can Minimize Agentic AI Chaos
Security often lags behind innovation. The path forward requires striking a balance.
www.darkreading.com
July 24, 2025 at 8:44 PM
New on @darkreading.bsky.social: "Agentic AI could be a disaster for authorization systems in software-as-a-service (SaaS) platforms as we know them today. But it doesn't have to be, if security and IT teams address the challenges proactively." Commentary by Josh Lemos, GitLab. chaos
Reposted by Jim Donahue
My new story about the U.S. government’s fraying partnerships with critical infrastructure operators is packed with new reporting, but there’s a lot more that I couldn’t fit into the story.
Here are some more details from my interviews over the past few weeks about where things stand…
Here are some more details from my interviews over the past few weeks about where things stand…
New: Trump's federal workforce chaos is upending govt partnerships with U.S. critical infrastructure operators, jeopardizing work to protect vital services like healthcare and water from hackers & natural disasters.
My @cybersecuritydive.bsky.social story: www.cybersecuritydive.com/news/critica...
My @cybersecuritydive.bsky.social story: www.cybersecuritydive.com/news/critica...
June 27, 2025 at 4:03 PM
My new story about the U.S. government’s fraying partnerships with critical infrastructure operators is packed with new reporting, but there’s a lot more that I couldn’t fit into the story.
Here are some more details from my interviews over the past few weeks about where things stand…
Here are some more details from my interviews over the past few weeks about where things stand…
New on @darkreading.bsky.social: "The software development ecosystem needs clear requirements for AI transparency and a dedicated risk-disclosure framework. This framework should document key attributes such as training data sources, model versions, known limitations, and security features."
Generative AI Exacerbates Software Supply Chain Risks
Malicious actors are exploiting AI-fabricated software components — presenting a major challenge for securing software supply chains.
www.darkreading.com
June 25, 2025 at 4:13 PM
New on @darkreading.bsky.social: "The software development ecosystem needs clear requirements for AI transparency and a dedicated risk-disclosure framework. This framework should document key attributes such as training data sources, model versions, known limitations, and security features."
Reposted by Jim Donahue
New: Trump's federal workforce chaos is upending govt partnerships with U.S. critical infrastructure operators, jeopardizing work to protect vital services like healthcare and water from hackers & natural disasters.
My @cybersecuritydive.bsky.social story: www.cybersecuritydive.com/news/critica...
My @cybersecuritydive.bsky.social story: www.cybersecuritydive.com/news/critica...
June 25, 2025 at 3:56 PM
New: Trump's federal workforce chaos is upending govt partnerships with U.S. critical infrastructure operators, jeopardizing work to protect vital services like healthcare and water from hackers & natural disasters.
My @cybersecuritydive.bsky.social story: www.cybersecuritydive.com/news/critica...
My @cybersecuritydive.bsky.social story: www.cybersecuritydive.com/news/critica...
New on @darkreading.bsky.social: "Taking senior analysts out of repetitive triage loops gives them space to apply judgment, creativity, and curiosity to the harder problems." Erick Wille, CISO, Cabinetworks www.darkreading.com/vulnerabilit...
A CISO's AI Playbook
In a market where security budgets flatten while threats accelerate, improving analyst throughput is fiscal stewardship.
www.darkreading.com
June 23, 2025 at 2:08 PM
New on @darkreading.bsky.social: "Taking senior analysts out of repetitive triage loops gives them space to apply judgment, creativity, and curiosity to the harder problems." Erick Wille, CISO, Cabinetworks www.darkreading.com/vulnerabilit...
New on @darkreading.bsky.social: "As AI transforms how enterprises operate, a new mandate [for CISOs] has emerged: Govern its use responsibly, end to end." Commentary by Ben de Bont, CISO, ServiceNow www.darkreading.com/vulnerabilit...
How CISOs Can Govern AI & Meet Evolving Regulations
Security teams are no longer just the last line of defense — they are the foundation for responsible AI adoption.
www.darkreading.com
June 18, 2025 at 2:23 PM
New on @darkreading.bsky.social: "As AI transforms how enterprises operate, a new mandate [for CISOs] has emerged: Govern its use responsibly, end to end." Commentary by Ben de Bont, CISO, ServiceNow www.darkreading.com/vulnerabilit...
New on @darkreading.bsky.social: "To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands." Brent Stackhouse, Vice President of Security & GRC, WP Engine
Foundations of Cybersecurity: Reassessing What Matters
To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands.
www.darkreading.com
June 17, 2025 at 4:31 PM
New on @darkreading.bsky.social: "To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands." Brent Stackhouse, Vice President of Security & GRC, WP Engine
New on @darkreading.bsky.social: "Cybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals. What, then, should we pursue? Everything. Everywhere. All at once. And always." James Shank, Director, Threat Operations, Expel
Operation Endgame: Do Takedowns & Arrests Matter?
Cybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals.
www.darkreading.com
June 17, 2025 at 4:29 PM
New on @darkreading.bsky.social: "Cybercrime response needs more aggressive actions from those seeking to protect victims and pursue criminals. What, then, should we pursue? Everything. Everywhere. All at once. And always." James Shank, Director, Threat Operations, Expel
Reposted by Jim Donahue
Generative AI is helping hackers write better malware, phish more convincingly, and seed open-source repositories with backdoors, a Gartner expert said at the company's security conference on Monday. www.cybersecuritydive.com/news/ai-cybe...
June 10, 2025 at 3:00 PM
Generative AI is helping hackers write better malware, phish more convincingly, and seed open-source repositories with backdoors, a Gartner expert said at the company's security conference on Monday. www.cybersecuritydive.com/news/ai-cybe...