SMB Tech & Cyber Newsletter | CPF Coaching

What inside your business can act before a human verifies it? This week, we dive into the convergence of three major tech shifts: the modular infostealer economy, costly regulatory enforcement after ransomware, and the mainstream arrival of computer-using AI agents like Gemini 3.5 Flash.If you lead tech or cybersecurity for an SMB, this episode provides a localized execution plan to bridge the gap between risk awareness and actual protection. We cover:Cyber Threats: Why treating browsers, endpoints, and admin sessions as a single identity risk surface is critical to stopping credential theft.Compliance: How to build an evidence trail that satisfies regulators (like HHS OCR) before a ransomware incident occurs.AI Governance: Setting up "advise, draft, and act" lanes for AI to prevent unverified execution.Listen in for the 3 steps you need to take this week to secure your unverified workflows. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

From building software to defending it: Jason Casey (CEO, Beyond Identity) shares his journey from Software Engineer to Cybersecurity Expert. Discover why mastering network protocols and engineering fundamentals is the secret to a successful cyber career. Listen now on Breaking into Cybersecurity. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

Urgent briefing for US SMBs: Critical patches needed for WatchGuard, Fortinet, & Cisco. Discover how to stop AI attacks and avoid $3M breach costs. Read the Urgent briefing for US SMBs: Critical patches needed for WatchGuard, Fortinet, & Cisco. Discover how to stop AI attacks and avoid $3M breach costs. Read the plan. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

Is your business one tragedy away from collapse? Learn how to mitigate "Key Person Risk" and the "Bus Factor" with our 2025 guide to IT succession planning. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

In the latest episode of “Breaking into Cybersecurity,” host Chris Foulon sits down with Eric Stride, the Chief Security Officer at Huntress. Eric’s journey into cybersecurity is not only inspiring but also enlightening for anyone looking to enter this ever-evolving field. With over two decades of experience in the military and private sectors, Eric shares his insights on career development, leadership, and the future of cybersecurity. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

Don't assume your cloud provider has you covered. Master the Shared Responsibility Model, build a comprehensive SRM, and align your strategy with frameworks like NIST and CMMC. Read our guide to achieve total accountability. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

By Chris Foulon & Sinan ErenIntroductionIn this episode of "Breaking into Cybersecurity," we sat down with Sinan Eren, a seasoned cybersecurity professional, entrepreneur, and founder. Sinan’s journey from a curious hobbyist in Istanbul to a serial founder in Silicon Valley offers a wealth of insights for anyone interested in cybersecurity, entrepreneurship, or both. Here are the highlights and lessons from our conversation.From Hobbyist to Professional: The Early DaysSinan’s entry into cybersecurity wasn’t a deliberate career choice. In the late 1990s, cybersecurity wasn’t even a defined field—just a function of IT. Resources were scarce, and much of the learning happened in underground communities like IRC and through publications like FRAC magazine. For Sinan, curiosity and a desire to experiment led him to discover vulnerabilities and share his findings on platforms like Bug Track, which eventually opened doors to job opportunities.Key Takeaway: Sometimes, passion and curiosity can be more important than formal education in breaking into a new field.Signature-Based vs. Heuristic Security: A Technical EvolutionSinan explained the shift from signature-based antivirus solutions to heuristic and behavioral approaches. Early security tools relied on known patterns to detect threats, but as malware evolved—like the infamous Code Red worm—this reactive approach proved insufficient. The industry began to focus on detecting abnormal behaviors, setting the stage for modern endpoint security.Key Takeaway: The cybersecurity landscape is always evolving. Staying ahead means understanding both the history and the latest trends in threat detection.Entrepreneurship in Cybersecurity: Two PlaybooksSinan’s entrepreneurial journey followed two main playbooks:* The Hype Playbook: Attach security to the latest technology trend (e.g., AI + Security).* The Next-Gen Playbook: Take an existing solution and make it better, faster, or more secure (e.g., reinventing VPNs with Zero Trust Network Access).His first company focused on mobile security, capitalizing on the rise of mobile apps and their security flaws. Later ventures addressed remote access and automation, always driven by real-world needs and feedback from users.Key Takeaway: Successful startups often solve existing problems in new ways or improve on what’s already out there. Listen to the market and adapt.Lessons Learned: Growth, Pivots, and ExitsSinan shared candid stories about the challenges of scaling a startup, including the risks of over-reliance on a single partner and the importance of diversifying your customer base. He emphasized the value of learning from mistakes and knowing when to pivot or sell.Key Takeaway: Flexibility and self-awareness are crucial in entrepreneurship. Sometimes, the best move is to exit and apply your lessons to the next venture.Automation and the Future: Beyond CybersecuritySinan’s latest venture emerged from listening to managed service providers who struggled with operating and automating a growing stack of security tools. By leveraging process mining, UI automation, and AI, his team built solutions that automate repetitive tasks—not just in cybersecurity, but also in finance and other fields.Key Takeaway: The skills and solutions developed in cybersecurity can often be applied to other industries. Don’t limit your vision to a single domain.Advice for Aspiring Professionals and Leaders* For Beginners: The field is more exciting than ever, especially with the rise of AI and LLMs (Large Language Models). Red teaming and offensive security remain fertile ground for creative minds, regardless of background.* For Experienced Pros: Embrace the challenge of integrating AI responsibly. Focus on building guardrails and understanding business processes, not just deploying tools.* For Entrepreneurs: Understand your customers’ workflows and pain points. Document processes, model workflows, and always be ready to adapt your product or business model.ConclusionSinan Eren’s story is a testament to the power of curiosity, adaptability, and listening—both to technology and to people. Whether you’re just starting out or leading a team, the lessons from his journey can help guide your own path in cybersecurity and beyond.To hear the full conversation, listen to the episode of Breaking Into Cybersecurity (and uploaded as the video in this post ;-) The YouTube channel has years of previous conversations)Some security tools you can consider for improving your business security posture:CrowdStrike Falcon: An AI-driven platform for securing your infrastructure at scale and keeping up with AI advancements. https://crowdstrike2001.partnerlinks.io/Cpf-coachingINE Security Awareness and Training is essential for your team to stay updated with the evolving threat landscape, enhancing the effectiveness of the teams supporting your organization. https://get.ine.com/cpf-coachingTenable helps identify weaknesses in your infrastructure, whether on-premises, in the cloud, or in your software, providing your vulnerability management with the visibility it needs. https://shop.tenable.com/cpf-coachingCyvatar.AI Managed endpoint protection solution for SMBs and digital cloud environment https://cyvataraif5706.referralrock.com/l/CHRISTOPHE77/Omnistruct helps you with privacy, GRC, and security programs. They can serve as your BISO to help scale your team and security program. https://omnistruct.com/partners/influencers-meet-omnistruct/Guidde helps you turn your tribal, undocumented processes into easy-to-follow documented videos and instructions. https://affiliate.guidde.com/cpf-coachingCyberupgrade simplifies the process of enhancing your cyber and digital risk management, allowing you to grow your business without having to be a compliance expert. We take care of the complexities associated with frameworks like DORA, ISO 27001, and NIS2, enabling your team to concentrate on building, scaling, and serving your customers. https://join.cyberupgrade.net/cpf-coaching1Password secures your secrets, tokens, passwords, documents, and more, whether you're at home, work, or school. They offer programs suited for everyone. https://1password.partnerlinks.io/cpf-coaching This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

Supercharge your vulnerability management with a data-driven approach! Discover the 15 essential key performance indicators (KPIs) that will help you track your progress, highlight the value of your efforts, and elevate your security program. Embrace actionable metrics to continuously measure, monitor, and enhance your strategy—it's a journey towards a more secure future! This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

Stop chasing every vulnerability. Learn how a Data-Centric Security approach using Microsoft Defender for Cloud helps you discover, classify, and protect your most sensitive cloud data. Prioritize real business risks and prevent impactful breaches. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

Strengthen your organization's security response with robust Remediation Policies and SLAs! Discover how to transform your vulnerability management program into a mature, auditable business function that ensures accountability and timely risk reduction. Learn more about the essential components of a successful policy in our latest discussion. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

Learn to "shift left" with DevSecOps. Discover how to integrate security into your development lifecycle, from Infrastructure as Code (IaC) scanning to container analysis, using Microsoft Defender for Cloud to build a proactive, code-to-cloud security posture. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

In this episode of CISO Tradecraft, host G Mar welcomes Christophe Foulon, founder of CPF Coaching LLC. Christophe shares insights on enabling businesses to use technology safely through strategic planning, risk management, and tailored cybersecurity measures. He emphasizes the importance of a holistic approach to security, addressing people, processes, and technology to enhance business resilience. Christophe also discusses his efforts in developing leaders within organizations and his support for the community through his podcast and involvement with various non-profits. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe

Discover how a robust Identity and Access Management (IAM) strategy, with JIT access and adaptive controls, can transform your cloud security and virtually patch vulnerabilities. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit substack.cpf-coaching.com/subscribe