About
Don C. Weber is a visionary cybersecurity leader specializing in the protection of…
Services
Articles by Don C.
Activity
3K followers
-
Don C. Weber reposted thisDon C. Weber reposted thisWe're excited to be joining the DFW Spring CISO XC Event this week! Reflex Security is focused on helping security teams build real crisis reflexes, not just check compliance boxes. We believe tabletop exercises should test how your team actually responds under pressure, not just knowledge of a plan. We're excited to be working with Dani Woolf at Audience 1st to produce a few onsite interviews about the future of proactive incident response. Stay tuned for the release. If you'll be attending the event, we look forward to connecting! #CISOXC #ReflexSecurity #incidentresponse #cybersecurity
-
Don C. Weber reposted thisDon C. Weber reposted thisThe making of warriors…. Congratulations to our newest teammates from BRC Class 2-26! You still have 15+ weeks to complete the remainder of the Reconnaissance pipeline, before you get to the Fleet Marine Force and assigned to a platoon and team. You stand on the shoulders of giants, from Amphibious Reconnaissance men of WWII who swam into Iwo Jima, the legendary green ghosts of Vietnam & MACV/SOG NAD, the Recon men who operated in South America in the 80’s, to the pipe hitting warriors of the GWOT. Remember that reputation IS EVERYTHING, you are under observation by your instructors, peers and future teammates…so earn it every day. Welcome aboard! A special thank you to MRF volunteer and Force Recon Teammate Marcus Allen for capturing the graduation and creating this video. @recontrainingcompany Marine Reconnaissance Foundation Marine Reconnaissance Foundation Athletics Marcus Allen #allittakesisallyougot #reputationiseverything #earniteveryday
-
Don C. Weber reposted thisDon C. Weber reposted thisCommunication between IT and OT teams is one of the biggest challenges in ICS security. That’s exactly why ICS612 was created. ICS612 was designed to bridge the gap through collaborative hands-on learning that puts students in both the IT and OT shoes. → Learn how operations run → Program real ICS devices → Respond to threats with a true understanding of the infrastructure Learn more about what ICS612 has to offer: https://go.sans.org/gX2gCz #ICS #OTSecurity #Cybersecurity #SANSTraining
-
Don C. Weber reposted thisDon C. Weber reposted thisMost ICS/OT protocols already lack native cryptography, and the ones that do rarely have it enabled. So, where does quantum risk live in industrial environments? Michael Hoffman, SANS Certified Instructor, breaks it down in a new Industrial Cyber feature on post-quantum readiness for OT: → Risk is concentrated in higher-level systems: OT-to-IT communications, remote access, and identity services → The biggest cryptographic exposures are at trust boundaries and edge communications- SCADA telemetry, AMI metering, IIoT deployments → Start with an inventory of edge devices and communication paths where identity and trust are enforced → New procurements should require vendor alignment with current and emerging cryptographic standards, including post-quantum upgradeability OT systems outlive their intended lifespans by decades. The time to plan is now. 🔗 https://lnkd.in/gzAK2Dmd #OTSecurity #PostQuantum #CryptoAgility #ICS #CriticalInfrastructureIndustrial systems face structural gap as quantum risks drive urgency for crypto-agility and post-quantum readiness - Industrial CyberIndustrial systems face structural gap as quantum risks drive urgency for crypto-agility and post-quantum readiness - Industrial Cyber
-
Don C. Weber shared thisConfidentiality. Integrity. Availability. We've mastered two. The third? That's where it gets complicated. Bruce Schneier — security legend, Harvard Kennedy School Fellow & Lecturer, and bestselling author — tackled exactly that at SANS AI Cybersecurity Summit 2026. His keynote "Integrous AI" made the case that integrity is the most elusive pillar of the CIA Triad — and in an AI-powered world, the most urgent. 🎯 #SANSInstitute #AICybersecurity
-
Don C. Weber reposted thisSolid read for those in the ICS/OT community looking for SOC guidance. Christopher Crowley is awesomeDon C. Weber reposted thisA new SOC-CMM whitepaper is available: assessing and maturing OT SOCs. In this whitepaper, a collaboration between SOC-CMM, Jan Kopriva (Nettles Consulting), Christopher Crowley (Montance®LLC) and Bert de Jong (Sopra Steria), we explore key considerations for assessing and maturing a SOC in the OT environment. While OT SOCs share many principles with IT SOCs, they come with unique challenges and nuances that must be addressed thoughtfully. This whitepaper offers practical guidance and best practices to help you elevate your OT SOC to its optimal maturity level. Download the whitepaper here: https://lnkd.in/eb4Ynh-8 #SOCCMM #SOC #OT #OTSOC #SOCMaturityThis website uses some standard cookies for Analytics, nothing special. Read more » Accept & close Strictly necessary onlyThis website uses some standard cookies for Analytics, nothing special. Read more » Accept & close Strictly necessary only
-
Don C. Weber shared thisConducting this research was a lot of fun. Using real technologies to improve my AI research and development skills has been extremely helpful. At the same time, I was amazed at how well Anthropic's Claude Sonnet and Opus modules can provide OT-related information, from operations to individual devices. I had to use my OT experience to keep it in line and help it. But it was great tool and got me moving in the right directions for my analysis.Don C. Weber shared thisNew from Cutaway Security: a demonstration of how production AI tools collapse the industrial-process knowledge gap that has historically limited precision attacks against operational technology. Founder Don C. Weber, and SANS Institute Instructor, gave a production AI tool the kind of material a threat actor typically acquires from a compromised engineer workstation: ladder logic screenshots, a Modbus address export, and a handful of manufacturer reference documents from the vendor's public documentation site. The AI produced a working interpretation of the process, mapped the cross-subroutine dependencies, and generated ranked attack paths with protocol-level instructions for each one. Every path was tested against the physical kit. Two reproduced cleanly, and both align with exercises taught in SANS ICS613 ICS/OT Penetration Testing and Assessments course. The implications for organizations whose configuration files have left the operational environment, whether through vendor handoffs, backup systems, or compromised endpoints, are worth taking seriously. Read the full analysis on the Cutaway Security blog. https://lnkd.in/enDXatdM #ICS #OTSecurity #ICSsecurity #CriticalInfrastructure #Cybersecurity #AI #PLC #Modbus #ThreatIntelligence #SANS #ICS613AI Gives Attackers OT Expertise on Demand. Here's What the Technique Looks Like on a Real PLC. (Part 1)AI Gives Attackers OT Expertise on Demand. Here's What the Technique Looks Like on a Real PLC. (Part 1)
-
Don C. Weber reposted thisDon C. Weber reposted thisIt is happening. Those with access to Mythos Preview have confirmed the alarms are real. Now we have hard facts. Mozilla released Firefox 150 yesterday, fixing 271 vulnerabilities found with the help of Mythos. Here is a chart of the amount of vulnerabilities they fixed in the previous 12 months of releases. Here is a source: https://lnkd.in/ecwWPden
-
Don C. Weber shared thisPart two of the AI-assisted PLC analysis series is up on the Cutaway Security, LLC blog. The question I get most often from leadership after demonstrations like this is always the same: how realistic is it for an attacker to actually do this? The analysis I described in Part 1 took me about one analyst workday and less than two dollars in API cost. That is the economic picture for an adversary preparing a targeted attack against an operational industrial process using only stolen or leaked configuration files. The cost of entry is not the constraint. The constraint used to be domain expertise, and AI tools now supply that on demand. Part 2 covers where the time went, where the tokens went, and where the human analyst continues to matter. A consolidated white paper with both posts and a methodology appendix is available for download alongside it. If your organization is still framing OT cybersecurity spend as a cost conversation rather than a risk conversation, the numbers in this post should change that. https://lnkd.in/eGght_QF #ICS #OTSecurity #ICSsecurity #CriticalInfrastructure #Cybersecurity #AI #PenetrationTesting #SANS #ICS613 #SecurityLeadership #RiskManagement
Don C. Weber replied to a comment
13h
Thank you, ma'am
Don C. Weber replied to a comment
14h
Arsen Z. When I started the CHAPS project the CIS CAT tool was java based and required that java was installed. I have not looked at the most recent version, so I am not sure how they have updated it.
I hope teams are able to use the CIS CAT tool. I'm sure the community benchmarks for OS and application will be robust. But, the tool does need to be tested on older operating systems. One of the goals I have for CHAPS is to run on and Windows version, including older OS versions.
I hope this helps. Please let us know your experiences with CIS-CAT. Use cases are important for people to start assessing and improving their implementations.
-
Don C. Weber liked thisDon C. Weber liked thisWe're excited to be joining the DFW Spring CISO XC Event this week! Reflex Security is focused on helping security teams build real crisis reflexes, not just check compliance boxes. We believe tabletop exercises should test how your team actually responds under pressure, not just knowledge of a plan. We're excited to be working with Dani Woolf at Audience 1st to produce a few onsite interviews about the future of proactive incident response. Stay tuned for the release. If you'll be attending the event, we look forward to connecting! #CISOXC #ReflexSecurity #incidentresponse #cybersecurity
Experience & Education
-
Cutaway Security, LLC
View Don C.’s full experience
See their title, tenure and more.
By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.
Licenses & Certifications
Projects
-
ICS Village
Have SCADA, will travel.
Twitter - https://www.twitter.com/ICS_Village
DEF CON 22 - ICS Village http://defcne.net/villages/22/37
BSidesDC 2014
Coming Soon
S4x15
BSidesNashville 2015
BruCon 2015
Other creators -
Recommendations received
10 people have recommended Don C.
Join now to viewExplore more posts
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content