Author | Lightnews

Kathryn Renaud @krenaud1.bsky.social · 10h

This is my theory: Auth abuse (like the F5 + Salesloft cases) triggered rushed identity hardening across the industry. Entra’s recent issues may be the growing pains. Tho if the security fixes break everything like this, can we really trust them?
#CyberSecurity #IAM #OAuth #ZeroTrust #Microsoft

1

Kathryn Renaud @krenaud1.bsky.social · 10h

Vendor OAuth is the hidden backdoor most orgs ignore. Salesloft-Drift proves incident response without systemic change fails. Monitoring + token discipline must become standard.
#CyberSecurity #APIsecurity #OAuth #SupplyChainRisk #Infosec #CISO #ZeroTrust

Two Months After Salesloft-Drift: What We Know Now and What's Still Broken

Two months ago, attackers compromised one vendor and accessed 700+ Salesforce instances. By October 28, 2025, the crisis response is complete.

www.linkedin.com

2

Kathryn Renaud @krenaud1.bsky.social · 3d

Cybersecurity isn’t failing from lack of tech — it’s failing from lack of maturity. My latest piece explores how MSPs could evolve from service delivery to capability building and reshape resilience itself.

#Cybersecurity #MSP #RiskManagement #Innovation #Resilience #SecurityMaturity #InfoSec

The Maturity Divide: How Forward-Thinking MSPs Could Evolve

Cybersecurity isn't failing because of technology. It's failing because of organizational immaturity and because many leaders still view protection as an IT expense rather than a business foundation.

www.linkedin.com

2

Kathryn Renaud @krenaud1.bsky.social · 8d

When the guard falls, the ripple spreads. My latest piece dives into the F5 breach—how it happened, what it means for global supply chains, and how IRF Theory could’ve changed the outcome.

Read here 👉 www.linkedin.com/pulse/when-g...

#CyberSecurity #F5 #IRFTheory #DataBreach #Resilience

When the Guard is Breached: The F5 Incident and Lessons for the Supply Chain

Executive Overview On October 15, 2025, F5 disclosed a cybersecurity breach that compromised portions of its internal systems, including source code and vulnerability data related to its flagship BIG-...

www.linkedin.com

2

Kathryn Renaud @krenaud1.bsky.social · 9d

Remember folks! Keep up with the #hustle and don’t let the lack of immediate #motivation get in the way of your success. This goes from inside the cybersecurity space all the way to everyday life!

1

Kathryn Renaud @krenaud1.bsky.social · 13d

Policy defines operations. It is not just theoretical. CISA confirmed ~35% furloughed, but core cyber defense, SOC, and incident response teams remain excepted. Support roles paused ≠ defense stopped. National security functions still run under Title 44 U.S.C. §3553 and OPM guidance.

Kathryn Renaud @krenaud1.bsky.social · 13d

Your data got exposed? You’re not powerless.
Traceless put together a great guide on what to do after a breach — from enabling MFA to securing every account you have. Check it out here:
👉 traceless.com/so-your-pers...
#Cybersecurity #DataBreach

So your Personal Data's Been Stolen - Traceless.com

Learn how to turn on MFA on over 100 services to ensure you're safe in the event of a corporate data breach!

traceless.com

2

Kathryn Renaud @krenaud1.bsky.social · 13d

Meaning… some support staff are affected, but the core cyber defense isn’t. CISA, DHS, and federal SOC teams are excepted, and most contractors tied to those missions keep working under pre-funded or emergency ops. National security doesn’t stop for a shutdown.

1

Kathryn Renaud @krenaud1.bsky.social · 13d

The 7-day window started after CISA confirmed active risk, which aligns with past emergency directives. DOJ’s disclosure timing isn’t the same as patch timing. While some contractors are affected, core cyber defense and incident response roles stay active under excepted status.

Kathryn Renaud @krenaud1.bsky.social · 13d

FYI for anyone seeing the cold takes about CISA “extending” F5 patch timelines — the directive calls the threat imminent and sets tight deadlines (Oct 22 & 31). No mention of shutdowns or staffing. Cyber defense roles are legally excepted — they can’t be furloughed or left unpaid.

#FYI #CISA #F5

Jake Williams @malwarejake.bsky.social · 13d

The timelines in this CISA directive to patch F5 vulnerabilities are not grounded in the relative risk posed. The required remediation timelines have been artificially extended to ensure there's a possibility for compliance given staff impacted by the shutdowns.
www.cisa.gov/news-events/...

ED 26-01: Mitigate Vulnerabilities in F5 Devices | CISA

Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information security

www.cisa.gov

1

Kathryn Renaud @krenaud1.bsky.social · 13d

That’s just not true, CISA labeled the F5 threat imminent and set tight patch deadlines (Oct 22 & 31). The directive never mentions staffing or shutdowns. Cyber defense roles are “excepted” during a shutdown. No one’s pausing national security because Congress can’t do its job.

shutdown.no

Kathryn Renaud @krenaud1.bsky.social · 13d

🚨CISA’s latest malware analysis 🚨exposes Ivanti EPMM exploits (CVE-2025-4427 & -4428) used for persistent code injection. MDMs remain one of the most overlooked threat surfaces—patch fast, monitor deeper.

#CyberSecurity #CISA #Ivanti #ThreatIntel #IncidentResponse #MDM #InfoSec

Redirect to https://www.cisa.gov/news-events/analysis-reports/ar25-261a

go.dhs.gov

Kathryn Renaud @krenaud1.bsky.social · 14d

My top 5 horror movies this season: 🫦Killer Crush, 💀Death Becomes Her, 🖤 Only Lovers Left Alive, 🌺 Don’t Worry Darling, and 🌙 B’twixt Now and Sunrise.
Beautiful people making terrible choices under moody lighting - my favorite.

#halloween #spookyseason #horrormovies

1

Kathryn Renaud @krenaud1.bsky.social · 18d

🩸 A patient died waiting for a blood test that never came. When cyberattacks hit healthcare, the network becomes the patient. Read my latest analysis on the Synnovis NHS breach and why continuity must equal safety.

Check out below!

#CyberSecurity #Healthcare #IRF #NHS #CyberResilience

The Blood Test That Never Came

Executive Summary On June 7th, 2024, a patient at one of southeast London's major NHS hospitals died waiting for blood test results that would never arrive. The samples had been drawn and sent to Synn...

www.linkedin.com

1

Kathryn Renaud @krenaud1.bsky.social · 22d

I can’t stop laughing at the shock over how Americans are handling the #europeanpickpockets. Like… our jobs rob us every single day and we can’t fight back. You really think a pickpocket is gonna ruin the one international vacation someone gets in a lifetime? 😂

Kathryn Renaud @krenaud1.bsky.social · 27d

🚨 A single click shut down an ER. 28 minutes lost, 15% of a heart gone forever. My latest piece: how ransomware crippled a hospital & how IRF could have stopped it. 👉 www.linkedin.com/pulse/waitin...

#CyberSecurity #Healthcare #Ransomware #InfoSec #IRF #PatientSafety

The Waiting Room Massacre: When the ER Went Dark

Code Blue at County General At 2:47 AM on a Tuesday in March 2025, the emergency room at a 50-bed rural hospital went dark. Not the lights — the monitors, charts, and the hospital’s nervous hum of cli...

www.linkedin.com

1

Kathryn Renaud @krenaud1.bsky.social · Sep 29

Who’s really pulling the strings in cyber? 🎭 My new article dives into the hidden risks of outsourcing & third-party access. Check it out:

#Cybersecurity #Infosec #SupplyChain #ZeroTrust #ThreatIntelligence #CyberDefense #DataProtection #DigitalRisk #SecurityStrategy

The Puppet Masters of Cybersecurity

The Puppet Masters of Cybersecurity Opening On the surface, every business likes to believe it is running the show with the spotlight firmly on its own stage. But look closer and you will see the stri...

www.linkedin.com

Kathryn Renaud @krenaud1.bsky.social · Sep 27

🔐 New article: Wedding Crashers — Cybersecurity & the Genea Fertility Clinic. Why patient trust + data protection in fertility care can’t be ignored. Read here ➡️ www.linkedin.com/pulse/weddin...

#Cybersecurity #HealthTech #DataPrivacy #Fertility

The Wedding Crashers of Cybersecurity - Genea Fertility Clinic Breach

Fun Analogy Picture a wedding in full swing. Music drifts across the hall, candles glow on every table, and the bride and groom move from guest to guest with that kind of joy that only comes once.

www.linkedin.com

2

Kathryn Renaud @krenaud1.bsky.social · Sep 24

Manga authors be like: “chill vibes… jk MURDER PACT.” 😂 Oshi No Ko really goes from 0 to felony in half a page and I love every second of it. Peak unhinged drama, 10/10 would recommend. #OshiNoKo #Manga #Anime

Kathryn Renaud @krenaud1.bsky.social · Sep 13

Buying a home is now framed as a ‘savvy hack.’ People used to just… have homes. Instead of cheering how good we’ve become at being poor, maybe pay what we’re worth & build the housing you promised.

#GenZHousing #AffordabilityCrisis #HousingForAll #PayWagesThatMatter #2008CrashEffects #ShoeboxLiving

I'm a 28-year-old Gen Zer who bought an apartment in NYC. It was easier than I expected.

Like many other Gen Z homeowners, I bought my NYC apartment as a single buyer. Affordability is a major issue for Gen Z, but here's how I handled it.

www.businessinsider.com

Kathryn Renaud @krenaud1.bsky.social · Sep 12

Governance failures aren’t “if” but “when” — Salt Typhoon & Jaguar breach show state-backed attacks exploit oversight gaps. Strong governance, intel sharing & risk management = resilience.

#CyberSecurity #Governance #InfoSec #RiskManagement #ZeroTrust #CyberResilience #AI #Leadership #TrendWatch

Salt Typhoon Attacks Jaguar: The Breach That Governance Could Have Prevented

The Breach that Stopped Jaguar When Salt Typhoon infiltrated Jaguar’s network, it didn’t use a zero-day exploit or cutting-edge malware. Instead, the breach occurred through a few forgotten vendor acc...

www.linkedin.com

2

Kathryn Renaud @krenaud1.bsky.social · Sep 4

Thrilled to announce I’ve been accepted into Northeastern’s MS Cybersecurity program! 🚀🐾 Excited to dive deeper into security and take this next step in Boston. Thanks to everyone who supported me! 🔐✨

#Cybersecurity #GradSchool #Tech #Boston #WomenInTech #Infosec #Northeastern

1 7

Kathryn Renaud @krenaud1.bsky.social · Aug 30

Collateral breaches are devastation in disguise—Salt Typhoon shows how one breach ripples across whole sectors. Must‑read breakdown:
🔗 www.linkedin.com/pulse/collat...
#Cybersecurity #InfoSec #DataBreach #ThreatIntel #APT

Collateral Breaches: The Ripple Effect of Nation-State Hacking

Abstract Nation-state cyber campaigns rarely stop at their declared targets. When groups like Salt Typhoon exploit critical infrastructure, the immediate headlines focus on which governments or corpor...

www.linkedin.com

1

Kathryn Renaud @krenaud1.bsky.social · Aug 16

Old folks don’t “not get tech.” They’re just honest: we keep reinventing the wheel in looks and concept so no one can truly master or improve it. Constant change doesn’t equal progress — it just keeps us confused and stuck spinning in circles. #Tech #Aging #UX #Design #Progress #Gaming

2

Kathryn Renaud @krenaud1.bsky.social · Aug 14

It gives the open world people an itch to scratch but lets everyone enjoy the plot. The creativity in making that decision #Chef’sKiss

1