Nikoloz K.
@nikolozk.bsky.social
Founder of CybersecTools.com (3,000+ security tools) | Fractional CISO for B2B companies | ex-Mambu, ex-EclecticIQ, ex-JDE
Security vendors optimize for buyers, not users.
Here's the ugly truth nobody wants to say out loud:
🧵
Here's the ugly truth nobody wants to say out loud:
🧵
November 11, 2025 at 1:55 PM
Security vendors optimize for buyers, not users.
Here's the ugly truth nobody wants to say out loud:
🧵
Here's the ugly truth nobody wants to say out loud:
🧵
This week I reviewed and published 100+ new cybersecurity tools including:
1. Seqrite EDR
EDR solution for threat detection, response, and investigation
2. Secureends Identity Governance & Administration
Identity governance for access reviews, compliance, and provisioning
1. Seqrite EDR
EDR solution for threat detection, response, and investigation
2. Secureends Identity Governance & Administration
Identity governance for access reviews, compliance, and provisioning
November 7, 2025 at 1:58 PM
This week I reviewed and published 100+ new cybersecurity tools including:
1. Seqrite EDR
EDR solution for threat detection, response, and investigation
2. Secureends Identity Governance & Administration
Identity governance for access reviews, compliance, and provisioning
1. Seqrite EDR
EDR solution for threat detection, response, and investigation
2. Secureends Identity Governance & Administration
Identity governance for access reviews, compliance, and provisioning
Most security teams obsess over Mean Time To Resolution.
They're optimizing the wrong metric.
After responding to dozens of incidents across Forbes Cloud 100 FinTech, global FMCG operations, and enterprise banking, here's what actually determines survival:
They're optimizing the wrong metric.
After responding to dozens of incidents across Forbes Cloud 100 FinTech, global FMCG operations, and enterprise banking, here's what actually determines survival:
November 6, 2025 at 1:55 PM
Most security teams obsess over Mean Time To Resolution.
They're optimizing the wrong metric.
After responding to dozens of incidents across Forbes Cloud 100 FinTech, global FMCG operations, and enterprise banking, here's what actually determines survival:
They're optimizing the wrong metric.
After responding to dozens of incidents across Forbes Cloud 100 FinTech, global FMCG operations, and enterprise banking, here's what actually determines survival:
Vendor selection isn't a technical decision.
It's a 3-year business strategy disguised as a feature comparison.
Most companies realize this 18 months too late.
Here's what nobody tells you: 🧵
It's a 3-year business strategy disguised as a feature comparison.
Most companies realize this 18 months too late.
Here's what nobody tells you: 🧵
November 4, 2025 at 1:55 PM
Vendor selection isn't a technical decision.
It's a 3-year business strategy disguised as a feature comparison.
Most companies realize this 18 months too late.
Here's what nobody tells you: 🧵
It's a 3-year business strategy disguised as a feature comparison.
Most companies realize this 18 months too late.
Here's what nobody tells you: 🧵
I've added 3 new security tools this week:
- SoSafe Smart phishing simulations
- Maze AI Agents
- Radiant Logic RadiantOne
If you're evaluating cybersecurity tools or building your own product, you can find 3,060 tools at CybersecTools.
- SoSafe Smart phishing simulations
- Maze AI Agents
- Radiant Logic RadiantOne
If you're evaluating cybersecurity tools or building your own product, you can find 3,060 tools at CybersecTools.
October 27, 2025 at 1:52 PM
I've added 3 new security tools this week:
- SoSafe Smart phishing simulations
- Maze AI Agents
- Radiant Logic RadiantOne
If you're evaluating cybersecurity tools or building your own product, you can find 3,060 tools at CybersecTools.
- SoSafe Smart phishing simulations
- Maze AI Agents
- Radiant Logic RadiantOne
If you're evaluating cybersecurity tools or building your own product, you can find 3,060 tools at CybersecTools.
This week I reviewed and published 5 new cybersecurity tools:
1. Alkira Zero Trust Network Access
Cloud-based ZTNA solution providing identity-based access control for users and apps
2. Keeper Privileged Access Management
Cloud-native PAM securing privileged access to critical infrastructure
1. Alkira Zero Trust Network Access
Cloud-based ZTNA solution providing identity-based access control for users and apps
2. Keeper Privileged Access Management
Cloud-native PAM securing privileged access to critical infrastructure
October 24, 2025 at 12:58 PM
This week I reviewed and published 5 new cybersecurity tools:
1. Alkira Zero Trust Network Access
Cloud-based ZTNA solution providing identity-based access control for users and apps
2. Keeper Privileged Access Management
Cloud-native PAM securing privileged access to critical infrastructure
1. Alkira Zero Trust Network Access
Cloud-based ZTNA solution providing identity-based access control for users and apps
2. Keeper Privileged Access Management
Cloud-native PAM securing privileged access to critical infrastructure
Another security vendor homepage:
"Enterprise-grade AI-powered security solution"
Cool story. What does it DO?
Reviewed 300+ vendors on CybersecTools.
73% use same meaningless buzzwords.
The 27% with specific positioning.
27% wins every time. Others stay invisible.
"Enterprise-grade AI-powered security solution"
Cool story. What does it DO?
Reviewed 300+ vendors on CybersecTools.
73% use same meaningless buzzwords.
The 27% with specific positioning.
27% wins every time. Others stay invisible.
October 17, 2025 at 12:58 PM
Another security vendor homepage:
"Enterprise-grade AI-powered security solution"
Cool story. What does it DO?
Reviewed 300+ vendors on CybersecTools.
73% use same meaningless buzzwords.
The 27% with specific positioning.
27% wins every time. Others stay invisible.
"Enterprise-grade AI-powered security solution"
Cool story. What does it DO?
Reviewed 300+ vendors on CybersecTools.
73% use same meaningless buzzwords.
The 27% with specific positioning.
27% wins every time. Others stay invisible.
AI Companies are allowing everyone to install unverified code, and no one is stopping them.
Figma's MCP tool has just had a serious security issue that allowed hackers to execute code remotely.
New MCPs are released daily, but AI companies fail to verify their safety before they are used widely.
Figma's MCP tool has just had a serious security issue that allowed hackers to execute code remotely.
New MCPs are released daily, but AI companies fail to verify their safety before they are used widely.
October 15, 2025 at 9:58 AM
AI Companies are allowing everyone to install unverified code, and no one is stopping them.
Figma's MCP tool has just had a serious security issue that allowed hackers to execute code remotely.
New MCPs are released daily, but AI companies fail to verify their safety before they are used widely.
Figma's MCP tool has just had a serious security issue that allowed hackers to execute code remotely.
New MCPs are released daily, but AI companies fail to verify their safety before they are used widely.
Your ASPM isn't broken because of the tools.
It's failing because you're focused on the wrong metrics.
Everyone talks about:
- ROI
- Remediation time
But here's what nobody tells you:
→ 63% of critical vulnerabilities are fixed by developers themselves when ASPM is implemented correctly.
It's failing because you're focused on the wrong metrics.
Everyone talks about:
- ROI
- Remediation time
But here's what nobody tells you:
→ 63% of critical vulnerabilities are fixed by developers themselves when ASPM is implemented correctly.
October 14, 2025 at 9:53 AM
Your ASPM isn't broken because of the tools.
It's failing because you're focused on the wrong metrics.
Everyone talks about:
- ROI
- Remediation time
But here's what nobody tells you:
→ 63% of critical vulnerabilities are fixed by developers themselves when ASPM is implemented correctly.
It's failing because you're focused on the wrong metrics.
Everyone talks about:
- ROI
- Remediation time
But here's what nobody tells you:
→ 63% of critical vulnerabilities are fixed by developers themselves when ASPM is implemented correctly.
I just shipped 240+ hours of work into the biggest CybersecTools update yet. Here's what actually changed:
🎯 FOR SECURITY TEAMS
→ Find tools in seconds, not hours
18 categories → 106 specializations → 944 specific tasks
Need "API security testing for cloud"? Go straight there.
🎯 FOR SECURITY TEAMS
→ Find tools in seconds, not hours
18 categories → 106 specializations → 944 specific tasks
Need "API security testing for cloud"? Go straight there.
October 13, 2025 at 12:54 PM
I just shipped 240+ hours of work into the biggest CybersecTools update yet. Here's what actually changed:
🎯 FOR SECURITY TEAMS
→ Find tools in seconds, not hours
18 categories → 106 specializations → 944 specific tasks
Need "API security testing for cloud"? Go straight there.
🎯 FOR SECURITY TEAMS
→ Find tools in seconds, not hours
18 categories → 106 specializations → 944 specific tasks
Need "API security testing for cloud"? Go straight there.
I added four new security products on CybersecTools.com
- Xygeni - Application security management capabilities
- Delphos Labs - AI-powered binary file analysis
- Guardpot - Deception security platform that deploys honeypots
- Apollo Secure - AI-powered cybersecurity compliance platform
- Xygeni - Application security management capabilities
- Delphos Labs - AI-powered binary file analysis
- Guardpot - Deception security platform that deploys honeypots
- Apollo Secure - AI-powered cybersecurity compliance platform
October 10, 2025 at 1:14 PM
I added four new security products on CybersecTools.com
- Xygeni - Application security management capabilities
- Delphos Labs - AI-powered binary file analysis
- Guardpot - Deception security platform that deploys honeypots
- Apollo Secure - AI-powered cybersecurity compliance platform
- Xygeni - Application security management capabilities
- Delphos Labs - AI-powered binary file analysis
- Guardpot - Deception security platform that deploys honeypots
- Apollo Secure - AI-powered cybersecurity compliance platform
Another day, another breach: this time, it's Red Hat.
And yes, their own on-premises GitLab instance.
Shocking? Not really.
Today, it doesn't really matter if you host your systems on-premises or in the cloud.
And yes, their own on-premises GitLab instance.
Shocking? Not really.
Today, it doesn't really matter if you host your systems on-premises or in the cloud.
October 9, 2025 at 1:04 PM
Another day, another breach: this time, it's Red Hat.
And yes, their own on-premises GitLab instance.
Shocking? Not really.
Today, it doesn't really matter if you host your systems on-premises or in the cloud.
And yes, their own on-premises GitLab instance.
Shocking? Not really.
Today, it doesn't really matter if you host your systems on-premises or in the cloud.
I use MCPs all the time, especially with Claude Code.
They’re game-changers for building and extending LLMs.
But let’s be honest: from a cybersecurity perspective, MCPs are a dangerous wild card for enterprises.
Right now, it’s almost impossible to verify which MCP servers are legit.
They’re game-changers for building and extending LLMs.
But let’s be honest: from a cybersecurity perspective, MCPs are a dangerous wild card for enterprises.
Right now, it’s almost impossible to verify which MCP servers are legit.
October 8, 2025 at 12:58 PM
I use MCPs all the time, especially with Claude Code.
They’re game-changers for building and extending LLMs.
But let’s be honest: from a cybersecurity perspective, MCPs are a dangerous wild card for enterprises.
Right now, it’s almost impossible to verify which MCP servers are legit.
They’re game-changers for building and extending LLMs.
But let’s be honest: from a cybersecurity perspective, MCPs are a dangerous wild card for enterprises.
Right now, it’s almost impossible to verify which MCP servers are legit.
It’s remarkable how quickly AI is advancing.
Just six months ago, Claude was getting 35% of CTF challenges right.
Now, it gets twice as many right.
We’re talking about sniffing network traffic, extracting malware, and even decompiling and decrypting, all done by an AI that improves every month.
Just six months ago, Claude was getting 35% of CTF challenges right.
Now, it gets twice as many right.
We’re talking about sniffing network traffic, extracting malware, and even decompiling and decrypting, all done by an AI that improves every month.
October 6, 2025 at 12:11 PM
It’s remarkable how quickly AI is advancing.
Just six months ago, Claude was getting 35% of CTF challenges right.
Now, it gets twice as many right.
We’re talking about sniffing network traffic, extracting malware, and even decompiling and decrypting, all done by an AI that improves every month.
Just six months ago, Claude was getting 35% of CTF challenges right.
Now, it gets twice as many right.
We’re talking about sniffing network traffic, extracting malware, and even decompiling and decrypting, all done by an AI that improves every month.
I added four new security products this week:
- OX Active ASPM Platform - Gives SDLC visibility to help prioritize vulnerabilities and cut down on alert noise.
- Material Security - Cloud workspace security for Google Workspace and Microsoft 365, with detection and response features.
- OX Active ASPM Platform - Gives SDLC visibility to help prioritize vulnerabilities and cut down on alert noise.
- Material Security - Cloud workspace security for Google Workspace and Microsoft 365, with detection and response features.
October 3, 2025 at 1:12 PM
I added four new security products this week:
- OX Active ASPM Platform - Gives SDLC visibility to help prioritize vulnerabilities and cut down on alert noise.
- Material Security - Cloud workspace security for Google Workspace and Microsoft 365, with detection and response features.
- OX Active ASPM Platform - Gives SDLC visibility to help prioritize vulnerabilities and cut down on alert noise.
- Material Security - Cloud workspace security for Google Workspace and Microsoft 365, with detection and response features.
Still, great to see the innovation in the space and only time will tell where it leads. I expect new competitors to emerge in the next few months, especially targeting SMBs.
October 2, 2025 at 1:02 PM
Still, great to see the innovation in the space and only time will tell where it leads. I expect new competitors to emerge in the next few months, especially targeting SMBs.
Who is actually responsible for reviewing and approving the final decisions made by agents?
Humans still need to oversee the process. Without the right expertise, many startups and SMBs may not be able to fully leverage AI security officers, at least for now.
Humans still need to oversee the process. Without the right expertise, many startups and SMBs may not be able to fully leverage AI security officers, at least for now.
October 2, 2025 at 1:02 PM
Who is actually responsible for reviewing and approving the final decisions made by agents?
Humans still need to oversee the process. Without the right expertise, many startups and SMBs may not be able to fully leverage AI security officers, at least for now.
Humans still need to oversee the process. Without the right expertise, many startups and SMBs may not be able to fully leverage AI security officers, at least for now.
Are AI agents positioned to become the new security officers for SMBs?
Mycroft has set its sights on this goal after securing a $3.5 million seed round.
Autonomous agents that can spot, resolve, and report issues seem promising, but this brings up an important question.
Mycroft has set its sights on this goal after securing a $3.5 million seed round.
Autonomous agents that can spot, resolve, and report issues seem promising, but this brings up an important question.
October 2, 2025 at 1:02 PM
Are AI agents positioned to become the new security officers for SMBs?
Mycroft has set its sights on this goal after securing a $3.5 million seed round.
Autonomous agents that can spot, resolve, and report issues seem promising, but this brings up an important question.
Mycroft has set its sights on this goal after securing a $3.5 million seed round.
Autonomous agents that can spot, resolve, and report issues seem promising, but this brings up an important question.
That’s where your buyers are searching.
You can go broad or focus on your niche. If possible, do both.
You can go broad or focus on your niche. If possible, do both.
October 1, 2025 at 12:58 PM
That’s where your buyers are searching.
You can go broad or focus on your niche. If possible, do both.
You can go broad or focus on your niche. If possible, do both.
↪ Show your product in action. Share a short screen recording of it blocking a test attack. Prove the value in under a minute.
Be Where Prospects Are Looking.
↪ For broad reach, get on G2. It is crowded, but you should be there.
↪ For a focused cybersecurity audience, submit to CybersecTools.
Be Where Prospects Are Looking.
↪ For broad reach, get on G2. It is crowded, but you should be there.
↪ For a focused cybersecurity audience, submit to CybersecTools.
October 1, 2025 at 12:58 PM
↪ Show your product in action. Share a short screen recording of it blocking a test attack. Prove the value in under a minute.
Be Where Prospects Are Looking.
↪ For broad reach, get on G2. It is crowded, but you should be there.
↪ For a focused cybersecurity audience, submit to CybersecTools.
Be Where Prospects Are Looking.
↪ For broad reach, get on G2. It is crowded, but you should be there.
↪ For a focused cybersecurity audience, submit to CybersecTools.
Focus on the new search bar.
↪ ChatGPT and Claude are scraping Reddit for answers.
↪ If you are not showing up and building trust there, you are missing opportunities.
Stop talking. Start showing.
↪ If your LinkedIn posts are just feature lists, nobody’s paying attention.
↪ ChatGPT and Claude are scraping Reddit for answers.
↪ If you are not showing up and building trust there, you are missing opportunities.
Stop talking. Start showing.
↪ If your LinkedIn posts are just feature lists, nobody’s paying attention.
October 1, 2025 at 12:58 PM
Focus on the new search bar.
↪ ChatGPT and Claude are scraping Reddit for answers.
↪ If you are not showing up and building trust there, you are missing opportunities.
Stop talking. Start showing.
↪ If your LinkedIn posts are just feature lists, nobody’s paying attention.
↪ ChatGPT and Claude are scraping Reddit for answers.
↪ If you are not showing up and building trust there, you are missing opportunities.
Stop talking. Start showing.
↪ If your LinkedIn posts are just feature lists, nobody’s paying attention.
‣ CISOs have tighter budgets.
‣ Security companies have more competition than ever.
‣ The crowded market makes it hard to get noticed.
So how do you stand out? First, you need to get found.
Here is how:
‣ Security companies have more competition than ever.
‣ The crowded market makes it hard to get noticed.
So how do you stand out? First, you need to get found.
Here is how:
October 1, 2025 at 12:58 PM
‣ CISOs have tighter budgets.
‣ Security companies have more competition than ever.
‣ The crowded market makes it hard to get noticed.
So how do you stand out? First, you need to get found.
Here is how:
‣ Security companies have more competition than ever.
‣ The crowded market makes it hard to get noticed.
So how do you stand out? First, you need to get found.
Here is how:
Most cybersecurity growth efforts are a waste of money and time.
I talk with cybersecurity companies every week.
I see strong products, clear missions, and real drive to succeed.
But most still have trouble finding customers because:
I talk with cybersecurity companies every week.
I see strong products, clear missions, and real drive to succeed.
But most still have trouble finding customers because:
October 1, 2025 at 12:58 PM
Most cybersecurity growth efforts are a waste of money and time.
I talk with cybersecurity companies every week.
I see strong products, clear missions, and real drive to succeed.
But most still have trouble finding customers because:
I talk with cybersecurity companies every week.
I see strong products, clear missions, and real drive to succeed.
But most still have trouble finding customers because:
Qantas cuts CEO pay by $800,000 after a data breach.
Many are calling this a “win” for CISOs.
Regulators are preparing to fine executives directly when security breaches occur.
People are calling this an 'accountability revolution' in cybersecurity, but I think that's premature.
Many are calling this a “win” for CISOs.
Regulators are preparing to fine executives directly when security breaches occur.
People are calling this an 'accountability revolution' in cybersecurity, but I think that's premature.
September 30, 2025 at 12:53 PM
Qantas cuts CEO pay by $800,000 after a data breach.
Many are calling this a “win” for CISOs.
Regulators are preparing to fine executives directly when security breaches occur.
People are calling this an 'accountability revolution' in cybersecurity, but I think that's premature.
Many are calling this a “win” for CISOs.
Regulators are preparing to fine executives directly when security breaches occur.
People are calling this an 'accountability revolution' in cybersecurity, but I think that's premature.
Enterprise AI usage has increased by 200%. Non-AI apps? Just 23%.
Everyone's excited, but I see a bigger risk that’s getting ignored.
Most companies are running 300+ unapproved AI apps without even realizing it.
94% of AI services are open to LLM attacks, 11% of uploaded files have sensitive data.
Everyone's excited, but I see a bigger risk that’s getting ignored.
Most companies are running 300+ unapproved AI apps without even realizing it.
94% of AI services are open to LLM attacks, 11% of uploaded files have sensitive data.
September 29, 2025 at 1:09 PM
Enterprise AI usage has increased by 200%. Non-AI apps? Just 23%.
Everyone's excited, but I see a bigger risk that’s getting ignored.
Most companies are running 300+ unapproved AI apps without even realizing it.
94% of AI services are open to LLM attacks, 11% of uploaded files have sensitive data.
Everyone's excited, but I see a bigger risk that’s getting ignored.
Most companies are running 300+ unapproved AI apps without even realizing it.
94% of AI services are open to LLM attacks, 11% of uploaded files have sensitive data.