Category: Security Fundamentals
-
AI vs ML and why it is important in cybersecurity
we love buzzwords in cybersecurity. every few months the industry discovers a new shiny acronym, slaps it on the same old product, and suddenly we’re all supposed to believe the world has changed. now the magic word is “AI.” everything is “AI-powered,” “AI-enhanced,” “AI-driven.” but when you look under the hood, most of these so‑called…
-
AI boundaries: you still need to learn how to think
recently I heard someone confidently say: “you don’t need to learn how to code anymore. nobody needs to. AI will do it for you.” this is exactly the kind of thinking that keeps pushing us further away from understanding the root of anything. if we follow that logic, then we also don’t need to teach…
-
You Cannot Audit Your Own Shadow
The illusion of independence In 2025, the industry still repeats the same mistake: letting the same hands build the system and then “validate” it. That is not validation. That is self‑comfort. A consultant who deploys your environment cannot be the one who tests it. A builder cannot be the judge of their own shortcuts. A…
-
What is research and why is it crucial for elevating your knowledge in computer security?
Doing research in computer security since 1989 has kind of put me in a situation where I could organically learn what research really is and what I expect from it. To start with, perhaps it’s easier to say what is “not” considered research. These days, when people talk about research, they’re simply referring to Googling…
-
When Are You Ready For Agentic AI Security?
The Excitement Is Premature Everyone wants agentic AI in security. Autonomous actions. Self-healing systems. Machines making decisions… Sounds efficient. Sounds inevitable. But are you ready? Or are you just tired of doing the work yourself? “Automation without understanding is just faster confusion.” The Missing Foundation It may sound strange, but if you have never experienced…
-
What is your background in Computer Security?
Can you be a cybersecurity professional just because you are passionate about it or overnight got a certificate? Real quick answer: NO, not at all! That is actually one of the main reasons behind hackers being always ahead of the security community. I hear people in this industry, well, I should say in this commercial…
-
Security solution which acts like traditional painkiller
most security solutions are like traditional painkillers, we certainly feel better after talking them, but the root cause of pain remains intact and unresolved! as long as we do not address root cause of security incidents and vulnerabilities, we will be feeling better from short-term pain relief of “Security Solutions” and then suffering again soon…
-
utilizing dark web as defense
I was shocked when I heard from a “security professional” that using dark web as means understanding cyber threats has been Just Recently been discovered by them as an effective defense mechanism! no kidding! then why we are surprised we get hacked by the most trivial TTP out there? this is very disappointing that “security…
-
endpoint protection won’t work!
any solution 100% focused on endpoint protection would not actually protect you from cyber threats. best case scenario, you will discover IoC (not even necessary IoA) after the fact, after a system has actually been compromised. the easiest way to confirm this is what is happening everyday in companies with sophisticated but pure endpoint detection…
-
you won’t get there without knowing the truth!
one of the main reasons Security community has hard time securing “stuff”, is lack of understanding of Hackers community. without knowing motives, the motivations behind breaking into computer systems, and deep knowledge of hacking and cracking techniques, securing a system is pointless. results are telling us every single day that we are not doing the…