Adrian Sanabria

Adrian Sanabria

The Defenders Initiative

Principal Researcher

Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

Vulnerability Management

Equifax: the Log4Shell lesson we failed to learn

Adrian SanabriaDecember 23, 2021

Equifax’s breach was the perfect opportunity to prepare for future vulnerabilities like Log4Shell. Not enough organizations seized the opportunity to learn from it.

Vulnerability Management

Digital Defense Frontline VM Review | Security Weekly Labs

Adrian SanabriaNovember 17, 2021

Anyone familiar with managing a vulnerability scanner in the past 20 years will be able to do it in their sleep with Frontline.

Vulnerability Management

Taegis VDR: Review | Security Weekly Labs

Adrian SanabriaOctober 1, 2021

This product is proof that there’s a lot more room for automation and workflow improvement in cybersecurity.

A screengrab of multiple the vulnerability scanner VMs running on one of the SW Lab machines.

Vulnerability Management

Vulnerability scanners: Overview | Security Weekly Labs

Adrian SanabriaSeptember 23, 2021

Vulnerability scanners aren't quite as essential and central as they once were, but they're still necessary. This round of reviews will focus entirely on commercial and open-source network vulnerability scanners.

Vulnerability Management

Vulnerability Scanners: Test methodology | Security Weekly Labs

Adrian SanabriaSeptember 23, 2021

This review group will cover commercial and open-source network vulnerability scanners. In a few months, we’ll revisit vulnerability management to cover products that focus on analysis and remediation of vulnerability scanning results .

Vulnerability Management

Rapid7 InsightVM: Review | Security Weekly Labs

Adrian SanabriaSeptember 23, 2021

The ability to create remediation plans, goals, and SLAs is a welcome function to help keep teams focused on the most critical tasks. Ultimately, InsightVM is a product that benefits greatly from integration with the rest of the Rapid7 portfolio.

Vulnerability Management

Open source vulnerability scanners: Review | Security Weekly Labs

Adrian SanabriaSeptember 23, 2021

Free and open-source software (FOSS) may have a place in your security program, depending on your requirements, environment and the skill that exists in your team.

Vulnerability Management

Security Weekly Labs | Overview: Network Vulnerability Scanners

Adrian SanabriaAugust 31, 2021

Blue team

Cryptocurrency: Cybercrime’s New Favorite Tool

Adrian SanabriaJune 1, 2021

This article explores two types of attacks that leverage cryptocurrency directly: (ransomware-leveraged) extortion and cryptojacking.

Security Strategy, Plan, Budget

Attack Surface Management: Overview | Security Weekly Labs

Adrian SanabriaApril 22, 2021

Though the term Attack Surface Monitoring (ASM) doesn’t specifically refer to external threats, that’s what this market currently focuses on. In short, products in this category aim to catalogue and help manage an organization’s exposed assets.

Cybercast

Understanding third party risk by studying third party breaches

There is often no better teacher than failure. Instead of waiting to learn from your own failures, why not learn from others? Find out what third party breaches can teach us about third party risk and vendor due diligence! This webcast with Bill Brenner and Enterprise Security Weekly host Adrian Sanabria will walk through: Improving the vendor...

More info

Cybercast

Exposure management: How organizations can use it to build cyber resilience

As cyber threats continue to evolve, security teams are constantly challenged with the task of fortifying their organization’s defenses against a myriad of potential vulnerabilities. In this SC Panelcast, Tia Hopkins, Chief Cyber Resilience Officer & Field CTO at eSentire, and Nathan Wenzler, Chief Security Strategist at Tenable, will de...

More info

Cybercast

4 key takeaways from new global AI security guidelines

In this webcast, we unravel the insights and implications behind the latest global AI security guidelines, distilling complex recommendations into four key takeaways that every cybersecurity professional should know. As nations grapple with the rapid adoption of artificial intelligence, regulatory bodies worldwide have collaboratively devised comp...

More info

Cybercast

Identity Resilience: The Missing Piece to Securing Your Identities

Most conversations around Identity Resilience focus on the prevention of attacks. But as statistics increasingly show that a major breach is a matter of “when”, not “if”, CISOs are realizing that their Identity Resilience strategy is missing a critical piece: response. In this conversation, we’ll explore Identity Resilience from the lens of B...

More info

Cybercast

Key GRC priorities for the second half of 2024

As organizations navigate the dynamic landscape of governance, risk, and compliance (GRC), join our webcast to explore the critical priorities that will shape the second half of 2024. In an environment marked by evolving regulations, heightened cyber threats, and a rapidly changing business landscape, staying ahead of GRC challenges is paramount. ...

More info

Cybercast

How Unified IGA and PAM Can Protect Organizations from Ransomware and Other Identity-Based Threats

Siloed identity tools and legacy complexity are the enemies of a modern identity program. There is a growing interest in tool convergence – specifically IGA and PAM convergence. The promise of simplicity, efficiency, improved security, and enhanced governance is appealing and can help protect identities from deepfakes and other AI-based threats. B...

More info

Cybercast

Exposure Management: How organizations can build cyber resilience

As cyber threats continue to evolve, security teams are constantly challenged with the task of fortifying their defenses against a myriad of potential vulnerabilities. In this SC Panelcast, Tia Hopkins, Chief Cyber Resilience Officer and Field CTO at eSentire, and Nathan Wenzler, Chief Security Strategist at Tenable, will delve into the pivotal ro...

More info

CybercastWed | 25 | 2:00 PM ET

What the NIST Post-Quantum Cryptography (PQC) Standard Means to Enterprises

After eight years of submission review, testing, and evaluation, NIST has formally announced the PQC standard specifications, setting in motion the largest cryptographic transition in the history of computing – replacing legacy encryption with PQCs. The multiyear crypto migration is certain to usher in new challenges, uncertainties, and risks. Thi...

More info

CybercastThu | 26 | 2:00 PM ET

Zero Trust vs. Evasive Browser Threats: Are You Leaving Your Front Door Wide Open?

Is Your Browser the Weakest Link in Your Security Chain? Zero Trust has been the gold standard in cybersecurity for over a decade, but most organizations are still struggling to implement it where it matters most: the browser. As more applications move to the web, hackers are exploiting this gap with increasingly sophisticated tactics, leaving tra...

More info

CybercastTue | 24 | 2:00 PM ET

Enhancing Governance and Security at Scale: IBM’s IAM Transformation

Like many large organizations, IBM found itself trying to manage a fragmented and inefficient Identity and Access Management (IAM) landscape, riddled with legacy systems that hindered scalability, compliance, and operational efficiency. The company managed to turn things around with help from Saviynt.This webcast will explore how IBM successfully ...

More info

CybercastWed | 16 | 2:00 PM ET

Introducing the Fact or Fiction Webcast Series

Where do myths come from? Why are they so hard to kill? Why do people continue to use them, even after they’ve been exposed? Why is it so important to call them out? The first episode in this new mythbusting webcast series called, Fact or Fiction, we explore the very nature of myths, why they exist, and what we should do about them. We...

More info

CybercastWed | 16 | 2:00 PM ET

Humans are NOT the weakest link in cybersecurity

What a copout this is! Basically, it sounds like someone throwing up their hands and saying, “people will be people, so we’ve got to prevent them from making mistakes!” The “solution” in the past has been security awareness and phishing training, which are increasingly proven to be ineffective, or even harmful. Instea...

More info

CybercastTue | 15 | 2:00 PM ET

Building Modern Network security: Forecast and guidance: Late 2024, early 2025

As cyber threats continue to evolve, maintaining robust network security is paramount for protecting organizational assets and data. Join us for an insightful hot topics webcast where industry experts will present a comprehensive forecast of network security trends and offer strategic guidance for late 2024 and early 2025. This session will delve ...

More info