Tom Spring

Boston

Senior Editorial Director at SC Media

reporter, writer, editor, skeptic and all-around amazing person. Oh, and also a journalist at SC Media.

Featured in: Favicon

scmagazine.com Favicon

cnn.com (+1) Favicon

pcworld.com Favicon

dzone.com

crn.com

notebookreview.com Favicon

newsbreak.com Favicon

flaunt.com Favicon

crn.com.au Favicon

securityaffairs.co + 3 more

Articles

2025’s most dangerous new attack techniques: AI, ICS sabotage, and ‘auth sprawl’

1 week ago | scworld.com | Tom Spring

SAN FRANCISCO — For more than a decade, the SANS Institute’s annual “Five Most Dangerous New Attack Techniques” keynote has served as a weather report for where cybersecurity is headed. This year at RSAC 2025, it felt more like a warning flare. “There’s a common thread in every one of these threats,” said Ed Skoudis, president of the SANS Technology Institute, as he opened Wednesday’s standing-room-only session.
An identity defenders’ worst nightmare? Initial Access Brokers and here is why

1 week ago | scworld.com | Tom Spring

SAN FRANCISCO — They don’t steal your data. They sell access to it. Initial Access Brokers — known as IABs — have become one of cybersecurity’s most dangerous and underestimated players. These dark web middlemen specialize in breaking into networks, then monetizing that access by selling it to the highest bidder: ransomware crews, state-aligned attackers or fraud cartels. Their product? Your identity infrastructure.
2025 SC Award winners revealed: Honoring cybersecurity excellence

2 weeks ago | scworld.com | Tom Spring

SAN FRANCISCO — With RSAC 2025 in full swing, cybersecurity industry leaders, builders, and defenders gathered Tuesday to celebrate excellence, innovation, and the winners of the 28th annual SC Awards. SC Media is proud to honor the 33 winners of this year’s Excellence and Trust Awards, selected by an independent panel of judges from a highly competitive field of more than 160 finalists and hundreds of nominations. View the full list of 2025 SC Awards winners here.
At RSAC, Kristi Noem calls to rein in CISA and reset DHS cyber strategy

2 weeks ago | scworld.com | Tom Spring

SAN FRANCISCO — Homeland Security Secretary Kristi Noem used a keynote at the RSAC on Tuesday to to call for a realignment of the Cybersecurity and Infrastructure Security Agency (CISA), sharply criticizing the agency’s past focus on disinformation and warning against federal overreach in cybersecurity policy. Speaking to packed audience, Noem said CISA had strayed beyond its founding purpose.
RSAC 2025 Keynote: Cisco open-sources AI security tools

2 weeks ago | scworld.com | Tom Spring

SAN FRANCISCO — Cisco set the tone at Monday's RSAC 2025 keynote by announcing a major open-source initiative aimed at securing the future of AI, while other speakers laid out how the industry must adapt to a rapidly changing battlefield. Jeetu Patel, Cisco’s executive vice president and chief product officer, unveiled Foundation AI — a purpose-built, security-specific AI model trained on cybersecurity data.
Secure by design? At RSAC 2025, experts warn: We’re not winning yet, but we could

2 weeks ago | scworld.com | Tom Spring

SAN FRANCISCO - After five decades of cybersecurity evolution, attackers are still winning more often than defenders — and the clock is ticking to change that. That was the urgent warning from Veracode founder Chris Wysopal and Columbia University’s Jason Healey during their RSA Conference 2025 talk, “Secure by Design: Are We Winning?” Spoiler: Not yet.
RSAC 2025 preview: Industry tackles agentic AI, identity shifts, and cyber policy turbulence

2 weeks ago | scworld.com | Tom Spring

SAN FRANCISCO — RSAC 2025 this week promises a packed agenda, with agentic AI, identity access management, application security, and data protection set to dominate the conversation. True to conference’s theme this year, “Many Voices. One Community,” RSAC brings together a wide range of diverse experts from cryptographers, AI researchers, policymakers, and business leaders united to act collaboratively against digital threats.
Bruce Schneier tackles AI hype, NSA surveillance, and cyber ‘rage fatigue’

3 weeks ago | scworld.com | Tom Spring

Security technologist Bruce Schneier tackled some of cybersecurity’s toughest questions in a candid AMA-style session Thursday. In it he covered AI, NSA surveillance, cryptography and broader societal threats beyond typical cyber concerns.
2025 SC Awards finalists announced

1 month ago | scworld.com | Tom Spring

It’s a big day at SC Media: we’re thrilled to announce the finalists for the 2025 SC Awards. This year we received hundreds of submissions across 33 categories, spanning both the Excellence and Trust Awards, and the result is a finalist roster that reflects an evolving cybersecurity industry. From AI-powered threat detection to identity solutions designed for non-human users, finalists aren’t just innovators, they are business enablers. View the full list of 2025 SC Awards finalists here.
Government Regulations

1 month ago | scworld.com | Tom Spring

In this week's enterprise security news, Big funding for Island Is DLP finally getting disrupted? By something that works? We learn all about Model Context Protocol servers Integrating SSO and SSH! Do we have too many cybersecurity regulations? Toxic cybersecurity workplaces Napster makes a comeback this week, we’ve got 50% less AI and 50% more ...