Sophos

Proud to celebrate 22 Sophos leaders recognized on the 2026 #CRN Women of the Channel list. This recognition highlights the expertise, dedication, and partner-first mindset that define how Sophos supports the channel every day. Congratulations to the women making meaningful impact for our partners and customers across the globe.👏💙

‘Ship fast, patch later’ no longer works in cybersecurity. Secure by Design shifts security from a reactive fix to a built‑in foundation. Here’s what that philosophy looks like in practice, and why it changes how we think about firewalls. Read more ⤵️

Could you spot the hidden risk? Not every firewall risk is obvious, and the ones you don’t see are likely the ones attackers rely on. Join us live for "The Hidden Risk in Modern Firewalls", where we challenge security teams to look closer and uncover the risks that are hardest to see and easiest to exploit. 🎙️ Featuring Chris McCormack, Sophos Product Marketing Director 📅 May 7, 2026 ⏰ 11 a.m. PDT | 10 a.m. BST 👉 Register now: https://lnkd.in/eb3i6sUH

🔑 Passkey adoption is one of the few security initiatives where doing the right thing is also the easier thing. That said, implementing passkeys across an organization is where the real challenge begins, particularly when it comes to planning, rollout, and user adoption. We documented our own experience, including the challenges we did not anticipate, in a free, practical CISO playbook from our CISO to yours: https://lnkd.in/d2Wi27QU

On the Federal Bureau of Investigation (FBI)'s Ahead of the Threat podcast, our CEO Joe Levy points out that AI isn't creating new attacks — it's letting attackers run the same playbook faster, cheaper, and at a scale human-led defenses were never built to absorb. The teams keeping pace aren't picking AI or analysts, they're getting clearer on where each one delivers real value. Joe’s full conversation with Brett Leatherman on the FBI’s Ahead of the Threat is worth 30 minutes 👉 https://lnkd.in/dmdpsc-y

Leadership doesn’t start with a title, it starts with how you show up. In our latest #3MinuteMeet, Jessica Reece shares the moments that shaped her leadership, from early advice that shifted her perspective to the impact she’s driving today. Through her work with GSI and MSSP partners, she’s helping extend cybersecurity to more organizations, scaling impact well beyond a single team or role. It’s part of what makes Sophos different: a culture where authenticity matters, and where people are empowered to turn values into action. Thanks for leading with authenticity, Jessica 💙 #SophosLife

In a new Aspen Digital paper, Sophos CEO Joe Levy joins leading cybersecurity voices to highlight a critical shift: the fundamentals of security haven't changed, but the bar to exploit them has. Models like Anthropic's Mythos can now find and exploit software flaws faster than humans can fix them. That changes the math for defenders. The real drag has always been organizational, and AI is making it harder to ignore. That's why the article starts with practical guidance to boards and leaders— how an organization decides, oversees, and enforces its approach to cybersecurity. It outlines 11 direct, practical questions executives can use to challenge their teams. "How quickly can we recover from a full outage, and have we tested it?" sounds straightforward, but few organizations can answer it with confidence. Cybersecurity in a Post-Mythos World is co-authored by Joe Levy alongside Jeff Greene (former Cybersecurity and Infrastructure Security Agency Executive Assistant Director), Rob Joyce (former National Security Agency Cybersecurity Director), Matt Altomare (Aspen Digital), Sezaneh Seymour (Coalition, Inc.), and Rob T. Lee (SANS Institute). Read the full paper: https://bit.ly/4t0Oxkj

The reported use of a commercial AI agent in a breach exposing 150GB of government data shows how threat actors are leveraging agentic AI to scale attacks. We explore how threat actors are starting to weaponize AI, and what security teams need to do to adapt ⤵️

At #CyberUK today, our CISO Ross McKerchar made the case for passkeys, and walked through how we actually rolled them out at Sophos.   Attackers don't need your password anymore. Adversary-in-the-middle, session hijacking, MFA fatigue — every one of them sidesteps the password, and often the MFA protections we’ve relied on for years. Passkeys close that gap.   Knowing change is needed isn't the hard bit. For any organization juggling competing priorities, it's implementing it.   So we've written up what we learned. A free CISO Playbook for passkey adoption — a practical guide to deploying passkeys, including an implementation guide, FAQ, rollout template and overview slides.   🔗 Download here: https://lnkd.in/d2Wi27QU

Threat actors are getting better at hiding in plain sight through using virtual environments to evade detection and deliver ransomware. New research from Sophos X-Ops reveals an increase in the abuse of QEMU, an open-source emulator, to conceal malicious activity inside virtual machines. While this technique isn’t new, its use for defense evasion is accelerating, making visibility and detection even more challenging for defenders. 📅 Join us live this Thursday as Susie Evershed and Morgan Demboski walk through the findings, what this means for businesses, and ask your questions in real time. Register now 👇