CISO Marketplace | Offensive Security & Ai Services’ cover photo
CISO Marketplace | Offensive Security & Ai Services

CISO Marketplace | Offensive Security & Ai Services

Computer and Network Security

The Woodlands, Texas 755 followers

Empowering CISOs: One-Stop Shop for Cybersecurity Solutions & Expertise.

About us

CISOMarketplace: Where Cybersecurity Meets Excellence Welcome to CISOMarketplace, the premier platform dedicated to empowering Chief Information Security Officers (CISOs) and their teams. In today's rapidly evolving digital landscape, the role of a CISO has never been more critical. We understand the challenges faced by cybersecurity leaders and have created a platform tailored to their unique needs. Comprehensive Solutions: From cutting-edge cybersecurity tools to best practices and guidelines, we offer a curated selection of resources designed to enhance your security posture. Global Expertise: Our platform brings together a community of seasoned cybersecurity professionals from around the world. Benefit from shared knowledge, experiences, and insights that can help navigate the complex world of digital threats. Continuous Learning: The cyber landscape is ever-changing. Stay ahead of the curve with our regular webinars, workshops, and training sessions led by industry experts. Collaborative Community: Connect with peers, share challenges, and collaborate on solutions. Our platform fosters a sense of community, ensuring that no CISO feels isolated in their journey. Innovation Hub: Discover the latest in cybersecurity innovation. From startups offering disruptive solutions to established players pushing the boundaries, find tools that align with your organization's goals. Our Mission: At CISOMarketplace, our mission is to provide CISOs with the tools, resources, and community they need to succeed. We believe that by fostering collaboration and knowledge-sharing, we can collectively build a safer digital future for all. Join us in our quest to elevate the world of cybersecurity. Whether you're a seasoned CISO, a budding cybersecurity enthusiast, or a solution provider, there's a place for you at CISOMarketplace.

Website
www.cisomarketplace.com
Industry
Computer and Network Security
Company size
1 employee
Headquarters
The Woodlands, Texas
Type
Self-Employed

Locations

Employees at CISO Marketplace | Offensive Security & Ai Services

Updates

  • CISO Marketplace | Offensive Security & Ai Services reposted this

    Let's welcome the new cohort of SG Cyber Olympians! 🎉 These talented youth have earned their spots through a competitive selection process and are now ready to push their limits. They'll dive into cyber sparring sessions, bespoke training, industry certifications, and ultimately represent Singapore against the world's best. 🌍 🏆 At the kick-off, Choon Bong, Director of the Workforce and Strategic Partnership Division, reminded participants that the SG Cyber Olympians is not just about individual excellence. Cybersecurity is a team sport. In the real world, they will need to work in teams to solve complex cybersecurity challenges. Participants were encouraged to push the boundaries of their technical skills, while developing strong teamwork and leadership capabilities through the programme. For instance, participants went head-to-head on challenges involving prompt injection, data poisoning, and adversarial inputs in preparation for the competitions ahead.   We can’t wait to see what Singapore’s cyber talent can do. Let's go SGCO!   #SGCyberOlympians #SGCyberTalent #Cybersecurity #SecuringOurCyberspace

    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image
  • CISO Marketplace | Offensive Security & Ai Services reposted this

    🚨CALL FOR PLAYERS! In partnership with USNWC's Cyber & Innovation Policy Institute, we're conducting a limited-run execution of the Digital Straits Wargame during DEF CON 34! Why? -> "The internet has roots. Most of them are underwater." Digital Straits is an interactive strategy game exploring the protection, sabotage, repair, and coordination challenges associated with critical undersea communications infrastructure. The scenario examines a future crisis in which the undersea cable systems of Taiwan become contested infrastructure. Participants must work across governments, industry, and technical communities to defend and deter Chinese interference with Taiwan's domestic and global connectivity. No previous wargaming experience is required. No DefCon Badge Required. This game is being held within walking distance of DefCon. Space is intentionally (and extremely) limited. REGISTER HERE! https://lnkd.in/e2c_2s5Z Frank Smith, Nina Kollars, Jason Vogt, Duncan Woodbury #MaritimeVillage #MHV #DEFCON #DC34 #Wargame #MaritimeSecurity #Subsea #Cables

    • No alternative text description for this image
  • CISO Marketplace | Offensive Security & Ai Services reposted this

    Yesterday, we tested Grok 4.5 that had just come out. At first, we were disappointed. But then one of our engineers looked more closely. I head the AI research department at XBOW, a cybersecurity company specializing in autonomous pentesting. Model choice is a big topic here, and when new models come out, we’re usually among the first to benchmark them on our cybersecurity benchmarks.  So when Grok 4.5 was pushed out, I was curious – its direct predecessor hadn’t performed particularly well, but the Grok series had had some strong contenders in the past, and “trained alongside Cursor”.... Well, it can’t hurt, can it. Especially an agent that needs to address fiddly code problems could well profit from it. The numbers in our first test were a mixed bag: it seemed effective, but not efficient. Meaning it could solve most problems we gave it, but it spent a whole lot of money on the way. We might have discarded it right there, but something didn’t feel right, given that its per-token price actually sounded quite reasonable. Where was it spending the money? Our agent traces looked normal. But Bjørn Christian Skov Jensen discovered an interesting anomaly: the model wasn’t failing the tasks – it was failing the calls. It would call out for a completion, but the returned string was unparseable, so it had to retry. Usually several times. So we paid double and triplicate for each turn of our agents. All because Grok really chafed under the yaml format we instructed it to give its answers in. That didn’t degrade performance – whenever it messed up (i.e. often) and an immediate retry didn’t work, we’d instruct it with more details about its format errors, and eventually it would get it right. The funny thing was: these answers were actually really clever, it’s just that for the life of it the model couldn’t bring itself to obey our formatting instructions. Of course, nowadays a model answer shouldn’t need to be parsed: tool calling should enforce the right format by itself. It’s just that we hadn’t used Grok in production for a while, and our Grok connector had gone a bit stale. So that option wasn’t available anymore, and we automatically fell back to our original way of talking to the models, and that was in yaml strings. Once we updated the model backend, the test went swimmingly: Grok was just as clever, but now it also was also bang for buck. At the end of the day, what remains is a lesson: AI has come a long way, but individual models still have individual quirks, systems can fail in unique and unexpected ways, and you can’t just run a new eval hands-off: you need to keep your eyes on the ball. Or the benchmark.

    • No alternative text description for this image
  • CISO Marketplace | Offensive Security & Ai Services reposted this

    When Peter Stokes (Scattered Spider's "Bouquet") was arrested in Finland this month, people speculated that his real identity had been unmasked by Microsoft using the Windows GDID assigned to his computer. GDID *was* used to trace crimes to his computer, but Unit 221B's Allison Nixon tells me he had been unmasked in 2023, long before he allegedly committed the biggest crimes mentioned in his indictment. I spoke with her about tracking Stokes and other members of The Com, and why these cybercriminals brag about their crimes online and are so reckless about drawing attention to themselves and leaving a trail of evidence. We also talked about why, if Stokes had been identified in 2023, it took until 2026 to arrest him. https://lnkd.in/ePjV2Km7

  • CISO Marketplace | Offensive Security & Ai Services reposted this

    Anthropic's most capable model flagged my defensive security work as a risk and quietly fell back to an older one. In March, I ran tachi, an open-source threat modeling tool I built, against a fast-moving open-source AI assistant and shared what it found here. This month, I re-ran it on the latest version of that project, using Anthropic's newest model, Fable 5, which is meant to drive all 14 of its analysis agents. The early setup ran on Fable without complaint. The moment the pipeline reached the real threat analysis, a safeguard message appeared. The model had flagged the request and switched the work to Opus 4.8, which the model succeeded in. Anthropic's own message called the safeguards "intentionally broad" and admitted they "may flag safe and routine coding, cybersecurity, or biology work." When the work finished, two of the session summaries reported it had all run on Fable. The transcript disagreed. Every session came back with the majority of Opus. The safeguard fired the moment the threat analysis began, and the fourteen agents ran on Opus from there. The scoring and the controls that followed ran mostly on Opus too. My tools reported one model. The record showed a different one. None of that stopped the work, and the findings are the reason I re-ran it. In March the tool surfaced 39 findings against this project. This month it surfaced 202. Between the two runs, the project had absorbed 43,723 commits and six new components, and it had switched its safety sandbox off by default. The risky actions that used to run inside an isolated container now run straight on the host machine, unless someone turns protection back on. Not one of the March findings had been fixed. Bigger was the least of it. The shape of the attack surface had changed. I still trust these tools to do the analysis. I stopped trusting them to tell me how it was done. When the answer matters, the transcript is the only witness in the room without a reason to be wrong. ♻️ Repost this for the builders in your network who trust their tools' self-reports. 🔔 Follow David Matousek for daily agentic development and security insights.

    • No alternative text description for this image
  • CISO Marketplace | Offensive Security & Ai Services reposted this

    Pliny just dropped T3MP3ST, his new offensive-security framework. 4,600 stars in less than two weeks, and Pliny claims it beats XBOW on its own benchmark. Anything Pliny ships is worth studying, so I looked under the hood of T3MP3ST's pentesting arm. Highlights: 🔹 Six agentic loops are mapped to the Lockheed Martin kill chain: a recon operator, a vulnerability scanner, an exploiter, an infiltrator, a ghost, and an analyst. They differ mainly by system prompt and an allow-listed subset of 35 built-in and 102 external tools. 🔹 Recon and weaponization fan out to three agents in parallel, roughly 60 and 45 model-turns per phase. Every downstream phase runs a single agent. 🔹 Every step reads and enriches a target object and dumps its raw output into a vault. The user-facing report is written by a separate module that reads the vault. 🔹 Installation and command-and-control are skipped, so an infiltrator and ghost never run. 🔹 The exploiter only sends stateless HTTP requests with no shell or sandbox. Findings are just declared by the model. 🔹 The multi-operator kill chain was never benchmarked, and Pliny discloses it. The published 90.1% on XBEN's 104 web challenges came from a different single agent. My take on effective agentic pentesting frameworks: 1️⃣ Raw model capability still matters. A frontier model without cyberguardrails can provide a significant advantage. 2️⃣ Context management via token-efficient working memory. It should give the model exactly what it needs: the target details, the confirmed findings it can build on, and a tried-and-ruled-out ledger that keeps it from re-running dead vectors. The tension is that the longer a run goes, the more the context grows, driving up token cost and, more importantly, diluting the model's attention. 3️⃣ Long-term memory lets the system evolve by distilling lessons from past runs so it does not relearn every target from zero. Google's Co-RedTeam paper proposes Vulnerability Pattern, Strategy, and Technical Action memories. 4️⃣ Execution environment gives the agent a shell and sandbox that hold state across turns, so it can stage a payload, keep a session, and chain one request into the next. Stateless HTTP requests alone cap it at whatever a single blind request can reach. 5️⃣ Oracle proves impact from the target's own behavior, with evidence the agent cannot fabricate. An agent simply reporting success is not enough. https://lnkd.in/gNUNmKpa

    • No alternative text description for this image
  • 2nd place at THE STACK just got a lot more interesting. NovaCustom — privacy-first, coreboot-powered hardware, Intel Management Engine disabled — is our 2nd-place sponsor at CISO.poker, August 5th at the Wynn Las Vegas, DEFCON 34 week. What's under the cloth stays under the cloth until game day. Grab your own in the meantime: 🔗 Sponsor page: https://lnkd.in/gSRNu-GP 🔗 US buyers through CISO Marketplace: https://lnkd.in/gaHFezrg 🔗 International / direct NovaCustom: https://lnkd.in/gHpjfaWD See you at the felt. -> RSVP https://ciso.poker/apply #CISOpoker #DEFCON34 #PrivacyByDesign #InfoSec #Cybersecurity #NovaCustom #CISO #CCO #CIO

    • No alternative text description for this image
    • No alternative text description for this image
  • Open-source security hardware, US inventory, and a Vegas pickup window that closes in under 10 days. SecurityGadgets.shop is the authorized US distribution channel for Nitrokey — the same open-hardware phones, laptops, and security keys, shipped from US inventory instead of waiting 7–14 days on customs from Germany. The Hacker Summer Camp drop is live: → Reserve by July 24 → Pick up in Vegas Aug 5–6 (Hacker Summer Camp week) → Or US ship for +$25 A few things worth grabbing before you land: • NitroPhone 10 Pro / 10 Pro XL — GrapheneOS-hardened Pixel, verified boot, no Google unless you opt in • Nitrokey 3C NFC — EAL 6+ secure element, open firmware, the open-source answer to YubiKey • NitroPad V54 / V56 — Qubes-certified, Dasharo coreboot, Intel ME neutralized • NitroWall V1410 — OPNsense firewall you can actually audit Why open hardware? Publicly auditable firmware, EU jurisdiction, and a certified secure element at a higher cert level than the commercial default. No vendor trust required. Browse the full US catalog: https://lnkd.in/gn4Mf-jb Prefer to order direct from Berlin? That works too — but if you want it in your bag for Vegas, the July 24 reserve date is the one to circle. #Nitrokey #GrapheneOS #DEFCON #HackerSummerCamp #Cybersecurity #OpenSource #InfoSec

    • No alternative text description for this image
  • CISO Marketplace | Offensive Security & Ai Services reposted this

    OpenAI Principles for National Security Partnerships The principles below provide a framework for ensuring national security and law enforcement uses of AI can help democracies defend their populations and institutions while strengthening democratic governance. They reflect an evolution in our approach to national security and law enforcement use of AI driven by changes in AI capabilities, safeguards, and the global threat environment. In sum, the principles emphasize OpenAI’s commitment to government uses of AI that: • benefit people • strengthen democratic governance and avoid concentration of power • preserve appropriate human judgment and accountability in high-consequence national security and law enforcement settings Based on these principles, we will not support use of OpenAI tools for: • mass domestic surveillance • high-stakes decisions — including decisions over the use of force — without appropriate human judgment and accountability • uses that evade legal obligations, oversight, or accountability. https://lnkd.in/gWT6iEzH

  • CISO Marketplace | Offensive Security & Ai Services reposted this

    View organization page for Hack in Hire

    2,362 followers

    We took our hiring thesis offshore. Literally. At Hack in Hire, we believe cybersecurity talent should be demonstrated, not inferred from job titles, certifications, or CV keywords. So, together with RootedCON, we decided to test that idea in a slightly unconventional environment at Cyber Fight Club: - On a ship. - Between Málaga and Melilla. - In international waters. We built an old-school CTF with no internet connection and no AI assistance. Participants had to rely on their knowledge, creativity, teamwork, and ability to keep moving when the first solution failed. That is where real skills become visible. A huge thank you to Ismael Esquilichi, who designed and built the challenges behind the competition. Creating a CTF that is technically demanding, engaging, and capable of running completely offline is no small task. His creativity and hard work made the entire experience possible. And big kudos to the winning crew: 🥇 Martin Vigo 🥈 Gerardo García Urtiaga 🥈 Thomas O neil Álvarez The winners earned specialized cybersecurity training and tickets to the next #RootedCON2027 in Madrid. For us, this was more than an event. It was another reminder of why we are building this project: companies need better ways to discover what cybersecurity professionals can actually do. Thank you to everyone who joined us, competed, collaborated, and helped us turn a slightly crazy idea into a real experience.

    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image
    • No alternative text description for this image

Similar pages

Browse jobs