Daniel Kennedy
@danielkennedy74.bsky.social
Application Development, Application Security VP, FinCo CISO now industry analyst. Spend my days talking to CISOs. Tweets and opinions are my own, a10wn.
http://www.praetorianprefect.com
https://blog.451alliance.com/author/dkennedy/
http://www.praetorianprefect.com
https://blog.451alliance.com/author/dkennedy/
Pinned
"Automating aspects of detection, analysis or response, including outside tool coordination and data retrieval, can streamline repeatable incident response tasks in chronically understaffed security operations centers (SOCs)." blog.451alliance.com/organization...
November 5, 2025 at 5:10 PM
"Automating aspects of detection, analysis or response, including outside tool coordination and data retrieval, can streamline repeatable incident response tasks in chronically understaffed security operations centers (SOCs)." blog.451alliance.com/organization...
Recent attacks amplify the need for software supply chain security - blog.451alliance.com/recent-attac...
Recent attacks amplify the need for software supply chain security
The 451 Alliance shares recent survey findings on all things application security, including pain points cited by security professionals.
blog.451alliance.com
October 10, 2025 at 3:55 PM
Recent attacks amplify the need for software supply chain security - blog.451alliance.com/recent-attac...
The annual “security summer camp” that is made up of the Black Hat and DefCon conferences is just past and the security analyst team, Scott Crawford, Dan Kennedy, Justin Lam & Mark Ehr, join host Eric Hanselman to examine what they saw and discuss the implications.
open.spotify.com/episode/1itd...
open.spotify.com/episode/1itd...
Black Hat and DefCon
Next in Tech · Episode
open.spotify.com
August 19, 2025 at 8:11 PM
The annual “security summer camp” that is made up of the Black Hat and DefCon conferences is just past and the security analyst team, Scott Crawford, Dan Kennedy, Justin Lam & Mark Ehr, join host Eric Hanselman to examine what they saw and discuss the implications.
open.spotify.com/episode/1itd...
open.spotify.com/episode/1itd...
Reflections from Black Hat USA 2025 - www.linkedin.com/pulse/reflec... #BlackHat
Reflections from Black Hat USA 2025
Our team’s #BlackHat2025 recap is up on the latest Next in Tech podcast, where Scott Crawford, Mark Ehr, Justin Lam, and I join Eric Hanselman to provide our impressions of the conference. We encourag...
www.linkedin.com
August 19, 2025 at 6:48 PM
Reflections from Black Hat USA 2025 - www.linkedin.com/pulse/reflec... #BlackHat
Use of GenAI security solutions has spiked, continued uptake projected: blog.451alliance.com/use-of-genai...
July 22, 2025 at 3:35 PM
Use of GenAI security solutions has spiked, continued uptake projected: blog.451alliance.com/use-of-genai...
Turns out it’s not the company clothing store…
June 29, 2025 at 1:09 AM
Turns out it’s not the company clothing store…
I had the opportunity again this year at #RSAC to discuss my latest end user security research with @mathewjschwartz.bsky.social at the ISMG studio.
Full interview: www.databreachtoday.com/ai-delivers-...
Full interview: www.databreachtoday.com/ai-delivers-...
AI Delivers AppSec Gains, but Ransomware Overconfidence Persists
Cybersecurity leaders are embracing generative AI for its practical value in security operations and application security. But as ransomware tactics evolve, S&P's
www.databreachtoday.com
May 5, 2025 at 4:18 PM
I had the opportunity again this year at #RSAC to discuss my latest end user security research with @mathewjschwartz.bsky.social at the ISMG studio.
Full interview: www.databreachtoday.com/ai-delivers-...
Full interview: www.databreachtoday.com/ai-delivers-...
As the RSA Conference kicks off this week, listen to our conference preview on the Next in Tech podcast: www.spglobal.com/market-intel... #rsac2025
www.spglobal.com
April 28, 2025 at 2:37 PM
As the RSA Conference kicks off this week, listen to our conference preview on the Next in Tech podcast: www.spglobal.com/market-intel... #rsac2025
I recently had the opportunity to sit down with a couple of folks who have spent significant time working out real world challenges in enterprise application security programs, catch the replay here: event.on24.com/wcc/r/490723...
April 22, 2025 at 12:50 AM
I recently had the opportunity to sit down with a couple of folks who have spent significant time working out real world challenges in enterprise application security programs, catch the replay here: event.on24.com/wcc/r/490723...
How important are information security certifications?
Almost half (47%) of respondents to our recent survey note certifications are very important, and they require job candidates to have them. Another 43% note they are somewhat important - blog.451alliance.com/security-tal...
Almost half (47%) of respondents to our recent survey note certifications are very important, and they require job candidates to have them. Another 43% note they are somewhat important - blog.451alliance.com/security-tal...
Security talent gap cannot be expressed in job numbers alone
The 451 Alliance shares key findings from a recent information security study. The topic? Organizational behavior.
blog.451alliance.com
March 28, 2025 at 7:38 PM
How important are information security certifications?
Almost half (47%) of respondents to our recent survey note certifications are very important, and they require job candidates to have them. Another 43% note they are somewhat important - blog.451alliance.com/security-tal...
Almost half (47%) of respondents to our recent survey note certifications are very important, and they require job candidates to have them. Another 43% note they are somewhat important - blog.451alliance.com/security-tal...
From an old hand, step 1 in the 'finding leakers' handbook is...don't announce you're looking for or have found leakers. I know you think it has a deterrence effect, it doesn't. You want folks to make mistakes and leave bread trails, not get better at leaking information.
qz.com/meta-fires-2...
qz.com/meta-fires-2...
Meta just fired about 20 employees for leaks
The Facebook parent company fired the workers for sharing confidential information
qz.com
March 1, 2025 at 5:17 PM
From an old hand, step 1 in the 'finding leakers' handbook is...don't announce you're looking for or have found leakers. I know you think it has a deterrence effect, it doesn't. You want folks to make mistakes and leave bread trails, not get better at leaking information.
qz.com/meta-fires-2...
qz.com/meta-fires-2...
Let's see, from what I'm reading you're making some demands here, somewhat impolitely, I just need to check a couple things...
- Yup, not in my chain of command, ok, next thing...
- You don't add value, either now or project to in the future...
And there you go, right on the 'pay no mind' list.
- Yup, not in my chain of command, ok, next thing...
- You don't add value, either now or project to in the future...
And there you go, right on the 'pay no mind' list.
a man in a black shirt and tie is writing on a notebook with a pen .
ALT: a man in a black shirt and tie is writing on a notebook with a pen .
media.tenor.com
February 28, 2025 at 9:02 PM
Let's see, from what I'm reading you're making some demands here, somewhat impolitely, I just need to check a couple things...
- Yup, not in my chain of command, ok, next thing...
- You don't add value, either now or project to in the future...
And there you go, right on the 'pay no mind' list.
- Yup, not in my chain of command, ok, next thing...
- You don't add value, either now or project to in the future...
And there you go, right on the 'pay no mind' list.
"We have a new guideline in place, if you could just sign the form..."
Gotcha, well I apologize, I have a process where I'm not allowed to 'just sign' anything I don't understand or agree with or that lacks the force of law, you understand, can't be upsetting the folks upstairs here at Kennedy Inc.
Gotcha, well I apologize, I have a process where I'm not allowed to 'just sign' anything I don't understand or agree with or that lacks the force of law, you understand, can't be upsetting the folks upstairs here at Kennedy Inc.
February 11, 2025 at 6:44 PM
"We have a new guideline in place, if you could just sign the form..."
Gotcha, well I apologize, I have a process where I'm not allowed to 'just sign' anything I don't understand or agree with or that lacks the force of law, you understand, can't be upsetting the folks upstairs here at Kennedy Inc.
Gotcha, well I apologize, I have a process where I'm not allowed to 'just sign' anything I don't understand or agree with or that lacks the force of law, you understand, can't be upsetting the folks upstairs here at Kennedy Inc.
"SecOps managers said they were aware of but unable to investigate 43% of alerts they received through security operations center (SOC) tools.It's a number that has remained consistent over the years..."
www.techtarget.com/searchitoper...
www.techtarget.com/searchitoper...
Cybersecurity expertise gaps: More than meets the eye | TechTarget
What 10 years of market research data reveals about past improvements in SecOps practices and how to tackle gaps in cybersecurity expertise.
www.techtarget.com
January 24, 2025 at 4:57 PM
"SecOps managers said they were aware of but unable to investigate 43% of alerts they received through security operations center (SOC) tools.It's a number that has remained consistent over the years..."
www.techtarget.com/searchitoper...
www.techtarget.com/searchitoper...
TikTok replaced Vine, and if it’s banned something will replace it (YouTube shorts and Instagram reels among the options). All of these ‘it will be healthy’ takes…20 million kids aren’t going to walk outside and rub their eyes in the sun, and then ‘play until the street lights come on’.
January 16, 2025 at 2:00 AM
TikTok replaced Vine, and if it’s banned something will replace it (YouTube shorts and Instagram reels among the options). All of these ‘it will be healthy’ takes…20 million kids aren’t going to walk outside and rub their eyes in the sun, and then ‘play until the street lights come on’.
Explosive use of GenAI in 2023 results in predictable need to secure it - blog.451alliance.com/explosive-us...
Explosive use of GenAI in 2023 results in need to secure it
What's in store for 2024? The 451 Alliance asks security professionals about their planned spending for the new year.
blog.451alliance.com
January 13, 2025 at 7:17 PM
Explosive use of GenAI in 2023 results in predictable need to secure it - blog.451alliance.com/explosive-us...
Multicloud multiplies the pain for information security - blog.451alliance.com/multicloud-m...
Multicloud multiplies the pain for information security - 451 Alliance
The 451 Alliance explores the evolution of cloud security practices in organizations and key pain points identified in securing the cloud.
blog.451alliance.com
January 6, 2025 at 2:13 PM
Multicloud multiplies the pain for information security - blog.451alliance.com/multicloud-m...
"indicating the importance of a resilience-based strategy focusing on backup technologies such as immutable storage" www.databreachtoday.com/blogs/ransom...
Ransomware Defender Risk: 'Overconfidence' in Security Tools
Are your defenses against ransomware good enough to survive contact with the enemy? Don't be so sure. A new study from market researcher 451 Research finds that "overconfidence in security tooling rem...
www.databreachtoday.com
December 18, 2024 at 2:24 PM
"indicating the importance of a resilience-based strategy focusing on backup technologies such as immutable storage" www.databreachtoday.com/blogs/ransom...
Don’t celebrate #ransomware’s decline just yet - blog.451alliance.com/dont-celebra...
December 16, 2024 at 4:07 PM
Don’t celebrate #ransomware’s decline just yet - blog.451alliance.com/dont-celebra...
I had the opportunity to sit down with Beth Pariseau on her podcast for a wide ranging discussion on the notion of a cybersecurity skills shortage & the effects of the Crowdstrike outage on a long-running debate about platforms vs best-of-breed: www.podbean.com/media/share/...
The arc of SecOps is long, but bends toward improvement
S&P Global Market Intelligence principal research analyst Daniel Kennedy discusses what the results of his Voice of the Enterprise research project dating back to 2015 reveal about the notion of a...
www.podbean.com
December 12, 2024 at 6:03 PM
I had the opportunity to sit down with Beth Pariseau on her podcast for a wide ranging discussion on the notion of a cybersecurity skills shortage & the effects of the Crowdstrike outage on a long-running debate about platforms vs best-of-breed: www.podbean.com/media/share/...
Exploring the shifts in attitudes around 'coordinated disclosure': www.veracode.com/sites/defaul...
December 10, 2024 at 7:38 PM
Exploring the shifts in attitudes around 'coordinated disclosure': www.veracode.com/sites/defaul...