This website uses cookies

Read our Privacy policy and Terms of use for more information.

In partnership with

Disclaimer: All views presented here, in this newsletter, are my own.

Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for information, education and awareness purposes only and is not specific to any business and or situation.

This publication does not constitute legal, regulatory, or professional security advice.

M. Yousuf Faisal

Hi Friends, Hope you are doing well.

I know, I’ve been quieter lately, showing up less in your inbox with new editions.

But some other updates first:

↪️ I’ll be starting a series of awareness posts on my Linkedin on following 3 topics:

  • EU AI Act - based on upcoming book launch - Easy Peasy Guide by Jamal.

  • ACSSA (Automation and Control System Security Assurance) Certification Scheme for Asset Owners - by ISA Security Compliance Institute (ISCI).

  • Hong Kong Cap. 653, PCICSO - Protection of Critical Infrastructures (Computer Systems) Ordinance (effective 1 January 2026) and the Code of Practice v1.0 issued by the Office of the Commissioner of Critical Infrastructure (Computer-system Security), Security Bureau, HKSAR.

If you like or are interested in any of these topics

↪️ Also, from my next Q2 2026 quarterly update - I’ll be adding a 4th Section Data Privacy, besides IT, OT/ICS and AI.

But for now, in this edition, I’d like to cover the following:

✍️ Part 1 - Big Change AI Reveals for Cybersecurity

  • Mythos Isn't the Story

  • Asking the Wrong Question

  • Vulnerability Management to Decision Management

  • Mythos Briefing Reinforces Trend Already Underway

  • View From an OT Perspective

  • Attackers Benefits Too

‼️ Part 2 - What This Means for CISOs

  • Board Conversation Is About to Change

  • Building a Security Team Today

  • One Lesson I Keep Coming Back To

  • Looking Beyond Mythos

📘Part 3 - So Where Do We Go From Here?

  • A Different Way to Think About Cybersecurity Metrics

  • Opportunity for OT Leaders

  • Investing in People Still Matters Most

  • Closing Thoughts.

This is me pondering on how to tackle this new world.

If you happen to have figured it all out, or have a way that’s been working for you, your clients and or your environment - I am all ears.

Do drop me a note and would love to have a chat about it!

But before we begin, do me a favor and make sure you “Subscribe” to let me know that you care and keep me motivated to publish more. Thanks!

♻️Share / Reshare - if you know someone in your professional circle who will benefit from these resources and interested in learning. Thanks 🌟

Ready? let’s dig in.

Yours truly.

— Yousuf.

Together with (Sponsor):

Your employees are connecting AI to everything. Now what?

ChatGPT and Claude aren't just answering questions. Employees are connecting them directly to Notion, Linear, Jira, and the rest of your stack — with no security visibility into what data moves or what actions they take.

Harmonic Security gives your team the visibility to control it.

1 - Big Change AI Reveals for Cybersecurity

I found myself thinking lately … If a CISO / cyber leader asks me a question today, that am not really sure how to answer:

"Do you think vulnerability management still works?"

Not whether it was important but rather whether it still worked?

I may first clarify if the CISO meant from patch management, Or asset visibility, Or one of the operational challenges every security team wrestles with.

If CISO say: "No,". "I mean the whole idea behind it." And then explains:

"Every year we buy better tools. Every year our visibility improves. Yet our backlog somehow gets larger. If AI starts finding ten times more vulnerabilities than people can realistically analyse, what exactly are we managing?"

I've thought about such a conversation few times lately primarily because:

  • Recently saw joint Mythos CISO Briefing: Navigating the AI Vulnerability Storm, published by experts from SANS, OWASP, the Cloud Security Alliance and others. (if you haven’t, I’d definitely recommend looking at it)

  • projects like Mythos, Glass Door and Fable 5 have become the focus of every AI security discussion recently.

Note: This isn’t a edition reviewing capabilities about Mythos or “The Mythos CISO briefing: Navigating the AI Vulnerability Storm” white paper.

If you are interested on those - please reply to this newsletter and I’ll cover soon.

We're watching cybersecurity change in ways that reminds me of the early cloud years. Back then, most discussions were centered on virtual machines and data centers. In hindsight, those weren't the important stories.

Cloud changed how we thought about ownership, architecture and operating models. The technology was only the catalyst.

My view is that AI represents a similar inflection point. The headlines happen to mention of break throughs like Mythos.

Underlying story - how expertise itself is beginning to scale differently.

Mythos Isn't the Story

One thing I've noticed over last 2.5 decades in cybersecurity is that we tend to become fascinated by the visible part of a technological shift while missing the structural change happening underneath.

We did it with cloud → Zero Trust → DevSecOps → now we're doing it again with AI.

Much of the conversation revolves around - AI can discover vulnerabilities faster than human researchers, autonomous agents outperform security analysts, or AI-generated exploit development is changing offensive security.

Worthwhile discussions to have. I just don't think they're the most interesting ones.

The more interesting question is this:

What happens when experienced practitioners can apply their expertise at a scale that was previously impossible?

For most part, cybersecurity has been constrained by people. If you wanted

  • to investigate more incidents, you hired more analysts.

  • more application security reviews, you hired more engineers.

  • to improve OT security, you searched for experienced control systems security specialists — a challenge that anyone working in industrial cybersecurity knows all too well.

Knowledge scaled almost linearly. AI doesn't eliminate that model but rather - It bends it.

That's an important distinction because much of the current narrative assumes AI replaces expertise. I'm not convinced that's what we're seeing.

AI is making experienced people dramatically more productive while simultaneously making technical knowledge more accessible to everyone else. Those are two very different things.

  • A junior analyst can now understand a vulnerability more quickly than they could a year ago.

  • An experienced security architect can review far more complex environments without proportionally increasing effort.

Neither example diminishes expertise. If anything, both increase the value of experience because experienced professionals now spend less time searching for information and more time applying judgement.

That feels like a subtle difference today. I suspect it will feel like a profound one in five years.

Asking the Wrong Question

Since Mythos began attracting attention, one question seems to dominate every discussion:

Question: "Will AI discover more vulnerabilities?"

Answer: Almost certainly.

The more interesting question is whether that actually changes the security problem we're trying to solve.

Software hasn't suddenly become less secure. Industrial control systems haven't become inherently more vulnerable. Cloud platforms haven't started introducing defects overnight.

Most of those weaknesses already existed. The limiting factor was our ability to find them. That's why I believe we're entering a very different phase of cybersecurity.

For decades, vulnerability discovery was constrained by human effort. Researchers had finite time. Bug bounty programs had finite budgets. Reverse engineering required specialist skills. Vendor security teams had limited engineering capacity.

AI changes the economics of discovery. And when the economics change, priorities usually change with them.

We're not heading towards a vulnerability crisis, rather, heading towards a prioritisation crisis. Those aren't the same thing.

Security teams already struggle to process the findings they have today. Giving them significantly more visibility without improving decision-making won't necessarily make organisations safer. It may simply make them busier.

That's the thought that stayed with me after reading the Mythos briefing.

Not whether AI finds more vulnerabilities. I think that's inevitable. The question that interests me far more is whether organisations are preparing for what comes next.

Because finding problems has never really been the difficult part.

Deciding which ones deserve immediate attention has always been where experienced security leaders create value.

And that, more than anything else, feels like the conversation CISOs should be having today.

Vulnerability Management to Decision Management

The possible CISO conversation kept coming back to me because it highlighted something I don't think we've fully acknowledged as an industry.

For years, we've treated vulnerability management as if the objective was to find every vulnerability and remediate as many as possible. That approach made sense when discovery itself was difficult. Visibility was the constraint.

I'm not sure that's true anymore.

AI continues to accelerate vulnerability research — the limiting factor won't be discovery. It'll be our ability to decide what deserves attention and what doesn't.

That sounds like a subtle distinction, but I think it's one of the most important shifts happening in cybersecurity today.

Most organisations don't suffer from a lack of data but they suffer from a lack of clarity and making the right decision.

Which vulnerability genuinely threatens production? Which one can safely wait until the next maintenance window? Which issue looks severe on paper but has very little practical impact in our environment?

Those aren't technical questions. They're business questions informed by technical evidence.

That's why I suspect vulnerability management will gradually evolve into something closer to decision management.

Organisations that will succeed won't necessarily be the ones with the largest vulnerability databases or the most sophisticated scanners. They'll be the ones that consistently make better decisions with the information they already have.

Moving forward, the need to build the capability of prioritised decision making, by having the ability to ingest detailed operational environment context that is merged with the vulnerabilities data and the human in the loop to make the final decision.

Mythos Briefing Reinforces Trend Already Underway

One of the reasons I found the Mythos CISO Briefing so valuable wasn't because it introduced a completely new idea. It didn't.

Instead, it brought together several trends that many security leaders have been observing independently and placed them into a coherent narrative.

Report makes a compelling case that AI is changing the economics of vulnerability discovery, disclosure volumes are likely to increase and vulnerability management processes may struggle to scale if organisations continue relying on largely manual workflows.

I agree with that assessment.

Where I'd extend the discussion is in what comes next.

Most organisations are still thinking about AI as another capability to deploy or platform to evaluate and another procurement exercise. I think that's too narrow.

AI is becoming part of how security work gets done. A different kind of change.

We didn't ask whether spreadsheets would replace accountants. We asked how accountants would work differently once spreadsheets existed.

The same thing happened with cloud. Cloud didn't eliminate infrastructure teams. It changed what infrastructure teams spent their time doing.

I suspect AI will follow a similar path.

Routine analysis becomes increasingly automated. Context, judgement and accountability become increasingly valuable.

View From an OT Perspective

This is where I think the conversation becomes particularly interesting. Most AI discussions still come from an enterprise IT perspective.

The examples usually involve email, coding assistants or SOC automation. They're useful examples. They just aren't the ones that occupy most of my thinking.

For organisations where cybersecurity decisions have physical consequences e.g. Food manufacturing, Chemical processing, Energy. Utilities. Critical infrastructure.

In those environments, every vulnerability exists within a much larger operational context.

A vulnerability affecting a payroll application and a vulnerability affecting a safety instrumented system may receive the same CVSS score, yet they represent entirely different kinds of risk.

Anyone who has worked in OT knows this instinctively. That's why I don't believe AI will completely replace industrial engineers or experienced OT security practitioners.

If anything, it will increase their importance.

Imagine asking an AI to analyse an engineering workstation, compare firewall policies against IEC 62443, review PLC firmware, correlate historian data and identify potential paths between enterprise systems and production assets.

Those capabilities are genuinely exciting. But they're only useful if someone understands the process they're protecting.

One of the lessons I've learned over the years is that OT almost always punishes oversimplification.

Context, production schedules, maintenance windows and safety matters.

That's why I become slightly uneasy whenever I hear predictions that AI will "solve" industrial cybersecurity. It has never been just a technology problem.

It's an engineering discipline. AI can accelerate engineering but will not replace engineering.

Attackers Benefits Too

Another misconception I've noticed creeping into industry conversations is the idea that AI somehow gives defenders a unique advantage.

I don't think that's how this plays out.

The same models helping defenders review advisories, prioritise exposures and accelerate investigations can also help attackers understand products more quickly, analyse firmware, generate proof-of-concept exploits and automate reconnaissance.

History suggests that major technological advances rarely favor only one side.

The internet, cloud, open-source software didn't. AI probably won't either.

What it changes is speed. Both attackers and defenders become more capable. Both become more efficient.

Organisations that adapt fastest won't necessarily have better algorithms. They'll have better operating models. That's an important distinction.

Technology has always been relatively easy to buy. Learning how to integrate technology into decision-making has always been much harder.

And that's where I think CISOs should be focusing their attention over the next few years — not simply asking which AI platform to adopt, but asking how AI changes the way security teams work, collaborate and make decisions.

Because that's where the real transformation is happening.

2 - What This Means for CISOs

If I put myself in the shoes of a CISO today, I don't think my first concern would be selecting the right AI platform. My first concern would be:

Whether my security operating model (current or target) is still fit for purpose?

Most security program have evolved over years, sometimes decades. We add a new control here, another dashboard there, automate a few workflows, update a policy, introduce another framework.

Individually those decisions make sense. Collectively they often create complexity that's difficult to unwind. AI has a way of exposing complexity.

An AI assistant can summarise hundreds of vulnerability reports in minutes. It can correlate threat intelligence, asset inventories and exploit data far more quickly than any individual analyst.

What it can't do is tell you what level of operational risk your organisation is willing to accept. That's still a leadership decision.

I suspect one of the defining characteristics of successful security programs over the next five years won't be how much AI they deploy, but how clearly they've defined accountability.

  • Who approves an AI-generated recommendation?

  • Who signs off on delaying a critical patch because the operational risk of applying it is higher than the cyber risk of waiting?

  • Who explains that decision to the Board if something goes wrong?

Those questions existed before AI. AI simply makes them more visible.

Board Conversation Is About to Change

For years, many Boards have asked cybersecurity teams essentially the same questions.

Are we keeping pace with our peers? Are we compliant? Have we been breached? How many critical risks / vulnerabilities do we have?

They're reasonable questions, but they'll become less useful over time.

Imagine presenting next year's cyber risk report. Instead of showing 15,000 vulnerabilities, you now report 80,000.

  • Has the organisation become dramatically less secure? Probably not.

It has probably become dramatically more visible. That's an entirely different story.

The challenge for CISOs won't be reducing every number on a dashboard. It will be helping executives understand what those numbers actually mean.

That's where I think security leaders need to become even better communicators. Not because Boards need less technical information but because they need more context.

A Board never asks, "What's our CVSS average?" they asks, "Are we exposed?" Those are very different conversations.

The organisations that navigate this transition well, will be the ones that shift reporting away from activity metrics and towards business outcomes.

Less emphasis on how many vulnerabilities exist. More emphasis on which ones genuinely threaten revenue, safety, customer trust or operational resilience.

Building a Security Team Today

Every few months someone asks me what skills they should focus on next. Five years ago my answer was fairly predictable - Learn cloud, identity, application security, understand industrial / OT networking etc. etc.

I still believe those fundamentals matter. What has changed is what I'd add to that list.

I would encourage people to become exceptionally good at connecting disciplines.

One of the unintended consequences of specialisation is that we sometimes optimise for depth at the expense of perspective.

The next generation of cyber leaders will need both.

They'll need to move comfortably between an engineering discussion, an AI governance workshop, a business continuity exercise and a Board meeting.

A very different career profile from the one our industry has traditionally rewarded.

I don't think organisations will be looking for AI security experts per say, but rather, security professionals who understands:

How AI changes software development, cloud security, data governance, OT, privacy, risk management and executive decision-making.

That's a much broader skill set. It's also a much more interesting career.

One Lesson I Keep Coming Back To

Every major technology shift creates anxiety.

Remember similar conversations when organisations started virtualising infrastructure. The same concerns resurfaced when cloud, mobile, DevOps and Zero Trust adoption accelerated.

Each wave brought predictions that cybersecurity would have to reinvent itself. In many ways, it did. But not in the ways people expected.

Technology rarely removes the need for experienced professionals. It changes where experienced professionals spend their time. AI will follow that same pattern.

  • Security engineers will spend less time collecting information and more time validating it.

  • Threat hunters will spend less time searching for signals and more time interpreting them.

  • Architects will spend less time documenting controls and more time evaluating trade-offs.

  • CISOs will spend less time explaining technical detail and more time helping organisations make informed risk decisions.

None of that makes cybersecurity less human. If anything, it makes the human contribution more important.

Looking Beyond Mythos

In a few years, we probably won't remember every technical detail about Mythos, Glass Door or Fable 5.

Just as most people no longer remember the individual cloud products that dominated conference presentations a decade ago.

What we'll remember is the shift they represented. Mythos didn't suddenly create an AI revolution. It made an existing trend impossible to ignore.

The industry is moving from a world where technical analysis is scarce to one where technical analysis becomes increasingly abundant.

When that happens, the scarce resource changes. Not intelligence. Not data. Judgement. That's the capability organisations will compete on.

And after spending more than 2.5 decades working across enterprise IT, OT and critical infrastructure, that's probably the conclusion I'm most confident about.

The next decade won't belong to organisations that discover the most vulnerabilities. It will belong to the organisations that consistently make the best decisions with the information they have.

That's always been the real job of a CISO. AI just makes it much harder and much more valuable.

Together with (Sponsor):

Write docs 4x faster. Without hating every second.

Nobody became a developer to write documentation. But the docs still need to get written — PRDs, README updates, architecture decisions, onboarding guides.

Wispr Flow lets you talk through it instead. Speak naturally about what the code does, how it works, and why you built it that way. Flow formats everything into clean, professional text you can paste into Notion, Confluence, or GitHub.

Used by engineering teams at OpenAI, Vercel, and Clay. 89% of messages sent with zero edits. Works system-wide on Mac, Windows, and iPhone.

3 - So Where Do We Go From Here?

On AI, someone eventually asks the same question.

"So what should I actually do?"

It's a fair question. The temptation is to respond with a shopping list — buy this platform, deploy that capability, hire this role. I'm not convinced that's where the opportunity is.

Most organisations don't have an AI problem but rather have an operating model problem.

Adding AI to an already complicated security programme rarely makes it simpler. In many cases it just allows the existing complexity to move faster.

That's why I'd start somewhere much less exciting. I'd look at how decisions are made.

  • How does a critical vulnerability move from discovery to remediation?

  • Who decides whether production can tolerate downtime?

  • Who signs off when engineering and security disagree?

  • Where does business context enter the conversation?

If those answers aren't clear today, AI won't fix them tomorrow.

In fact, it'll probably expose the gaps even more quickly.

Different Way to Think About Cybersecurity Metrics

I've never been a fan of measuring security simply by counting things. Number of alerts / blocked attacks / vulnerabilities / incidents.

Those metrics are easy to produce. They're much harder to interpret.

Over the next few years, we'll gradually move towards measuring something else. Decision quality.

  • How quickly did we understand the problem?

  • Did we prioritise the right assets?

  • Did we allocate engineering effort where it had the greatest business impact?

  • Were we able to explain our decisions to executives before explaining them to auditors?

Those are much harder questions. They're also much closer to what Boards actually care about.

One of the unintended consequences of AI is that collecting data becomes easier. That means interpreting data becomes more valuable.

Opportunity for OT Leaders

If there's one community that should be paying close attention to these developments, it's the OT and industrial cybersecurity community.

Manufacturing has always operated differently from enterprise IT. Production doesn't stop because a scanner recommends a patch. Safety systems aren't upgraded because a dashboard changes colour.

Operational decisions have always balanced cybersecurity against reliability, engineering, maintenance, safety and production.

That's why AI has enormous potential in industrial environments — not because it removes people from the process, but because it helps experienced engineers make better-informed decisions.

Imagine preparing for a maintenance shutdown.

Instead of manually reviewing engineering documents, firewall rules, asset inventories, firmware versions and vendor advisories over several days, your engineering team begins with an AI-generated assessment that already correlates those sources.

Engineers still make the decision. They simply begin from a much stronger position.

That's a future I can see arriving much sooner than fully autonomous industrial security. And frankly, I think it's the more realistic one.

Mythos CISO briefing crystallised many of the conversations already taking place across the industry, while projects like Glass Door and Fable 5 gave practitioners something tangible to debate.

The more conversations we had, the more we will realise that we are all asking slightly different questions.

Security researchers wanted to know how AI changes vulnerability research.

SOC leaders wanted to know how it changes detection, triage and response.

Boards wanted to know whether organisational risk had suddenly increased.

OT leaders were asking something else entirely.

"Can we trust these systems enough to support engineering decisions?"

That question deserves more attention than it's getting.

Investing in People Still Matters Most

One observation has stayed consistent throughout my career.

Organisations often overestimate what technology will achieve in the short term and underestimate how much capability comes from investing in good people over the long term.

AI doesn't change that equation. If anything, it reinforces it.

Organisations that benefit most from AI won't necessarily have access to better models. Most organisations will have access to very similar capabilities.

The difference will come from the people using them.

Can they challenge an AI recommendation? Can they recognise when context is missing? Can they explain technical risk in business language? Can they bridge the gap between IT, OT, engineering, legal, privacy and executive leadership?

Those aren't AI skills. They're leadership skills. And they're becoming more valuable, not less.

Closing Thoughts

When historians look back at this period, I don't think they'll describe it as the moment AI entered cybersecurity.

AI had already arrived.

Instead, I think they'll describe it as the period when cybersecurity stopped treating AI as another tool and started reorganising itself around what AI made possible.

That's a much bigger shift.

The Mythos briefing, Glass Door and Fable 5 didn't create that future. They simply made it easier to see.

My advice to security leaders is simple.

Don't spend the next two years asking how AI fits into your existing security program.

Ask whether your existing security programme is designed for a world where AI becomes part of every security decision. Those are very different questions.

One leads to another technology project. The other leads to organisational transformation.

History suggests the organisations asking the second question are usually the ones that shape the next chapter of the industry rather than reacting to it.

That's where I believe we are today. Not at the beginning of an AI race.

At the beginning of a leadership transition.

And those who recognise that distinction early will be in a much stronger position to navigate whatever comes next.

One Thought I Haven't Been Able to Shake

For years we've talked about the cybersecurity skills shortage.

The numbers vary depending on which report you read, but the conclusion has always been similar.

There aren't enough experienced people. That probably remains true.

What may change is how we use the experienced people we already have.

Suppose your best reverse engineer suddenly becomes three times more productive.

Suppose your most experienced OT architect can review five plant designs in the time it previously took to review one.

Suppose your principal security engineer spends less time collecting information and significantly more time mentoring younger engineers.

The shortage doesn't disappear. But its impact changes.

That's a much more optimistic way of looking at AI than the familiar narrative of job displacement. It shifts the conversation from replacement to amplification.

Personally, I think that's a healthier discussion.

Competitive Advantage Is Moving

For most of the last decade, competitive advantage in cybersecurity came from collecting more data.

Better telemetry → asset inventories → visibility → to Better threat intelligence.

Those investments were absolutely necessary. But they're becoming easier to replicate. The differentiator is beginning to move again.

It's moving towards interpretation.

Two organisations may have access to exactly the same threat intelligence, the same AI models, the same vulnerability data. Yet one consistently makes better decisions.

Why?

Because technology doesn't remove the need for judgement. It increases the value of it.

That's one of the reasons I believe security leadership is entering a particularly interesting period.

The conversation is becoming less about operating security tools and more about operating decision systems. Those are very different disciplines.

What I'll Be Watching

Over next 12 months, there are few developments to pay particularly attention to.

They may not dominate headlines, but rather they'll quietly reshape our work.

I'll be watching whether vulnerability disclosures continue accelerating and whether organisations respond by improving prioritisation rather than simply expanding patching programs.

Watch how quickly AI becomes embedded inside engineering workflows (it has certainly started) especially within OT, where context matters as much as technical accuracy.

Watch how regulators bring new regulations or implement / enforce existing ones.

Much of today's discussion focuses on what AI can do.

Eventually the conversation will shift towards what organisations should be expected to govern, validate and document when AI becomes part of security decision-making.

That transition may prove every bit as significant as the technology itself.

Until Next Time

One of the privileges of writing this newsletter is the conversations it creates afterwards.

Some readers agree wholeheartedly. Others may challenge these thoughts and assumptions.

Quite often, those disagreements become the most valuable part of the process.

So I'll leave you with the same question that manufacturing CISO may ask me:

Not because I think I have the answer. But because I think it's the right question to be asking.

If AI dramatically increases our ability to discover cyber risk, are our organisations equally prepared to make better decisions about that risk?

Everything I've seen over the last few months suggests that's where the next chapter of cybersecurity will be written.

Not in the number of vulnerabilities we discover.

But in the quality of the decisions we make after discovering them.

Stay ahead. Stay secure.

Until next time—keep the lights on (and the attackers out).

Questions or topic requests for Q2 2026? Hit reply.

My Recent Most Viewed Social Posts

In case you’ve missed - here are some of my recent most viewed social posts.

  • 🗞️🗞️[ST # 84] Cybersecurity Insights from Q1 2026  IT, OT, AI Cybersecurity Market (fundings, start-ups & M&As), Incidents, breaches, ransomware, cyber threat landscape, regulations and CISOs evolving role. Things are happening & changing very fast.🚀 [Securing Things by M. Yousuf Faisal] 🗞️🗞️

  • 🗞️🗞️[ST # 84] Cybersecurity Insights from Q4 2025  IT, OT, AI Cybersecurity Market (fundings, start-ups & M&As), Incidents, breaches, ransomware, cyber threat landscape, regulations and CISOs evolving role. Things are happening & changing very fast.🚀 [Securing Things by M. Yousuf Faisal] 🗞️🗞️

  • 🗞️🗞️[ST # 83] The Digital Factory - Industry Debates Part 4 Most common Industry Debates (IT/OT Convergence, Purdue Model Dead or Alive, Digital transformation - a strategy or a project, MQTT vs. OPC UA and more) and other updates. [Securing Things by M. Yousuf Faisal] 🗞️🗞️

  • 🗞️🗞️[ST # 82] AI Security & OT Cybersecurity AI tools for research papers, Agentic AI security, AI in OT security guidance, AI benchmark task, Cybersecurity for Railway + Robotics, Li-Fi Tech and weekly inspiration🚀[Securing Things by M. Yousuf Faisal] 🗞️🗞️

  • 🗞️🗞️[ST # 81] Cybersecurity and AI Across IT-OT Automation Stack - Monthly Digest # 4 News, Updates, Insights around Cybersecurity of Cloud, ERP, DMZ, MES, SCADA, HMI, PLC/Edge, layers and references.🚀[Securing Things by M. Yousuf Faisal] 🗞️🗞️

  • 🗞️🗞️[ST # 80] Cybersecurity Insights from Q3 2025 IT, OT, AI Cybersecurity Market (fundings, start-ups & M&As), Incidents, breaches, ransomware, cyber threat landscape, regulations and CISOs evolving role. Things are happening & changing very fast.🚀[Securing Things by M. Yousuf Faisal] 🗞️🗞️

  • 🗞️🗞️[ST # 79] The Digital Factory - Architecture - Part 3 Industry Reference Architectures, Patterns, implementation examples, security controls and CISOs changing role. [Securing Things by M. Yousuf Faisal] 🗞️🗞️

Ways in which I can help?

Whenever you are ready - I can help you with:

A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.

B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program through our subscription based service.

C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.

Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.

D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.

Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.

✉️ Wrapping Up

Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.

Also, if you find this or previous newsletter edition(s) useful and know other people who would too, I'd really appreciate if you'd forward it to them. Thanks a ton.

Thanks for reading - until the next edition!

It’s a Great Day to Start Securing Things for a Smart & Safer Society.

Take care and Best Regards,

Follow Securing Things on LinkedIn | X/Twitter & YouTube.

Rate the newsletter content

Did you find the content valuable?

Login or Subscribe to participate

If you are reading this online don’t forget to register; validate your email, and request a login link to submit the poll.

Your feedback and input is invaluable to me as we work together to strengthen our cybersecurity defenses and create a safer and smarter digital society. Thank you for your trust and continued support.

Reply

Avatar

or to participate

Keep Reading