Tidal Cyber’s cover photo
Tidal Cyber

Tidal Cyber

Computer and Network Security

A New Era in Threat-Led Defense Begins Here. Redefining Detection and Defense.

About us

Tidal Cyber is redefining how modern security teams think about exposure, detection, and readiness. No longer bound by CVE counts, asset inventories, or checkbox compliance, Tidal Cyber's Threat-Led Defense provides a level of specificity not seen before. Organizations can now reduce risk proactively with the precision to answer the most important question in cybersecurity: "Can I defend against the latest threat?" Through TTPs and procedural-level insights mapped to MITRE ATT&CK, adversary groups and their behavior are embedded into your security strategy, shifting to a proactive, continuous threat-led defense first. Built by former MITRE ATT&CK® experts and the co-founder of MITRE's Center for Threat-Informed Defense, Tidal Cyber's threat-led platform introduces a breakthrough level of specificity by mapping techniques and sub-techniques to operationalize adversary procedures. This shift transforms how organizations understand, measure, and act on threat exposure. Unlike traditional, reactive, or vulnerability-first approaches, Tidal Cyber delivers procedural-level granularity across the MITRE ATT&CK framework, offering unmatched visibility into the "how" of attacker behavior. Their coverage mapping calculates residual risk for each technique and provides stack-specific visibility, highlighting exposures based on how real-world adversaries operate.

Website
https://www.tidalcyber.com
Industry
Computer and Network Security
Company size
11-50 employees
Headquarters
Washington D.C.
Type
Privately Held
Founded
2022
Specialties
cybersecurity, threat intelligence, security architecture, cyber defense, detection engineering, risk quantification, threat hunting, threat-informed defense, threat exposure management, threat profiling, coverage mapping, and mitre attack product mapping

Locations

Employees at Tidal Cyber

Updates

  • “We've been saying this kind of message for many years now in terms of we need something better than just the list of vulnerabilities But there hasn't been a consensus around what is the actual best approach there. I think that this is our attempt at having a solution there. And I legitimately think that it is very good because it attaches those things directly to the context in which they're actually being executed. I think the market shift is pretty clear that security teams just can't keep relying on these static prioritization models if it's just a score, and that's the thing that you focus on that was really built in a slower era of cybersecurity. So like now with AI things are picking up. Things are picking up pace in an already fast-paced area and the volume is too high. The environment changes too quickly, the adversaries adapt too quickly too fast. AI is just adding more fuel to that fire. So defenders really need a better model that is tied to how those attacks actually work, and that in our view means Procedure-Led intelligence, it means Threat-Led prioritization, it means connecting those adversary executions directly to the vulnerabilities, the controls, the defensive actions.” -Harrison Van Riper, Senior Director of AI , Tidal Cyber In our recent webcast “The Future of Defensive Security: Threat-Led Asset Visibility & Vulnerability Prioritization”, Frank Duff and Harrison Van Riper discussed why the industry must evolve and how Tidal Cyber’s #ThreatLedDefense platform is purpose-built around adversary procedures to help security teams understand how threats, assets, vulnerabilities, and adversary procedures converge to: ✅ Map adversary procedures to critical assets and defenses ✅ Identify vulnerabilities and misconfigurations that enable attacker success ✅ Measure defensive gaps against real-world attacker execution ✅ Prioritize actions based on procedural-led intelligence and risk, not asset inventory or severity scores Watch your copy of the full On-Demand replay here: https://okt.to/xUv4ac

  • View organization page for Tidal Cyber

    7,811 followers

    🎤 What’s your go-to Karaoke song? Start warming up those vocal chords and get those song choices ready, because the original Trident Search CISO Karaoke is back at Black Hat 2026! Register now for your spot to join a group of cybersecurity leaders for a night to remember of music, drinks, and the connection and networking that only happens when everyone is singing the chorus together. 📅 Tuesday, August 4th 2026 🕘 9 PM - 12 AM 📍 House of Blues, Mandalay Bay Join Trident Search, Tidal Cyber, Kai, Infrawatch, Capsule Security, Huskeys, Cytix, F5 to make new singing partners and new memories at this can't-miss event! https://okt.to/079Fap

    • No alternative text description for this image
  • View organization page for Tidal Cyber

    7,811 followers

    Press Release: Tidal Cyber Advances Threat-Led Defense to Transform Asset Visibility and Vulnerability Prioritization We are excited to announce the addition of Threat-Led Asset Visibility and Vulnerability Prioritization as news innovations in our Threat-Led Defense platform. This is a significant advancement in defensive security by shifting the industry beyond static asset inventories, CVSS scoring, and disconnected exposure management toward an execution-centric model built on how adversaries actually execute attacks across the kill chain. Threat-Led Vulnerability Prioritization moves beyond static severity scoring by correlating vulnerabilities directly to adversary procedures, operational tradecraft, and the likelihood of successful attack execution. Instead of asking, “Which vulnerabilities are most severe?” organizations can now answer the question that matters most: ❓Which vulnerabilities materially increase the likelihood of attacker success against the assets and procedures that matter most? ❓ This approach enables organizations to prioritize: ✅ Vulnerabilities tied to active adversary tradecraft ✅ Control gaps impacting critical attack procedures ✅ Defensive actions that reduce real operational risk Read the full Press Release: https://lnkd.in/eAFK-64a

    • No alternative text description for this image
  • Black Hat 2026 is just around the corner and Tidal Cyber is excited to be back at the Las Vegas Cyber Lounge! Take a break from the chaos of the expo floor to sit down and enjoy complimentary coffee, cocktails, food, and great conversations with peers. Walk in anytime or register now to schedule time to meet with the teams from Tidal Cyber, Arcova, formerly MorganFranklin Cyber Team, BreachRx, CLEAR, and Team Cymru. 📍 House of Blues, Mandalay Bay 🗓️ August 4 & 5: Cyber Lounge opens at 10am 🎶 Happy Hour starts at 4pm Register here: https://okt.to/NGaMqs

    • No alternative text description for this image
  • Vulnerability management has mostly been sort of built around this idea that if we can identify enough vulnerabilities and score them and rank them, then we can make better decisions. None of those things by themselves really answer that question that security teams actually need to get answered, which is: “can an adversary successfully use that vulnerability to advance an attack within the environment?” 🧩 That's the missing piece. The shift that we're talking about is moving away from asking this question of “what is the highest scoring vulnerability in whatever ranking system that you have?” and instead asking “which vulnerabilities are most operationally relevant to the actual attacker's success?” 🧠 That really changes the whole thought model around it. We're looking at them more holistically, like how they connect to adversary procedures, where they expose defensive gaps and the broader likelihood of success from the attacker side. -Harrison Van Riper, Senior Director of AI , Tidal Cyber In our recent webcast “The Future of Defensive Security: Threat-Led Asset Visibility & Vulnerability Prioritization”, Frank Duff and Harrison Van Riper discussed how security programs who still treat assets, vulnerabilities, and threats as separate domains are resulting in disconnected visibility, generic prioritization, and reactive security operations- and how to shift to a #ThreatLedDefense model designed to disrupt attacks. Watch your copy of the full On-Demand replay here: https://okt.to/nQXPMi

  • Modern security operations generate overwhelming volumes of data: ✅ Thousands of assets across cloud, on-prem, SaaS, and identities ✅ Thousands of vulnerabilities from scanners and tools ✅ Overlapping exposure data with little prioritization clarity However, these signals do not answer the question that really matters: ❓Does this vulnerability on this asset meaningfully impact the likelihood of attacker success❓ Without that context, teams prioritize volume and not risk. The result is all-too familiar of overwhelmed teams addressing issues without knowing what truly matters. #ThreatLedDefense instead begins with procedures, which are the real actions attackers take, and provide what vulnerability data alone cannot: execution context. Read the full Dark Reading article by Frank Duff: https://okt.to/giseLp

    • No alternative text description for this image
  • Tidal Cyber reposted this

    View organization page for Trident Search

    73,066 followers

    CISO Karaoke is back 🎤 We're back at Black Hat, with our signature event! Last year was one to remember. This year we're cranking up the volume. 📅 Tuesday, August 4th, 9 PM to 12 AM 📍 House of Blues, Mandalay Bay Hosted by us in partnership with Kai, Tidal Cyber, CalypsoAI, Infrawatch, Capsule Security and Huskeys. Space is limited and every request is reviewed. Hit the link in the comment section to request your spot, once you're approved we'll send a QR code for fast-track entry👇 See you at the mic!

    • No alternative text description for this image
  • "It's been interesting to see how it started to shift now, considering that it's taken us 15 years, maybe longer to get there. Cybersecurity has historically been a very asset focused, vulnerability focus, ‘where am I vulnerable, what assets do I have’ kind of mindset, without really taking into account what adversaries are actually trying to do and what adversaries are trying to exploit. So which vulnerabilities do you care about? Well, which threats do you need to care about, which assets do you care about? Well, the ones that are going to enable the adversary to be more successful at what you do. So I think you're seeing that shift. Finally, a lot of the mantra that came out of MITRE around ATT&CK, but even more so now of people actually embracing that you really have to truly be Threat-Led, understand the threats that matter to you, which assets they go after, which types of assets they go after, which types of vulnerabilities they're using, which vulnerabilities they’re using. -Frank Duff, Chief Innovation Officer, Tidal Cyber In our most recent webcast “The Future of Defensive Security: Threat-Led Asset Visibility & Vulnerability Prioritization”, Frank Duff and Harrison Van Riper discussed why security teams must move away from traditional security programs that still treat assets, vulnerabilities, and threats as separate domains, which results in disconnected visibility, generic prioritization, and reactive security operations. Watch your copy of the full On-Demand replay here: https://okt.to/cO28Kx

  • Exposure tells us something could happen. Execution tells us how it happens. Modern security programs are very effective at identifying exposure, but what they lack is an understanding of execution. This difference fundamentally changes defensive decision-making. Instead of asking: ❌ Which vulnerabilities are most severe?❌ Security teams should instead ask: ✅ Which vulnerabilities enable the procedures adversaries use to execute attacks against us? ✅ Instead of asking: ❌ Which assets are most critical? ❌ They should ask: ✅ Which assets are operationally relevant to attacker success? ✅ Instead of asking: ❌ How many findings do we have? ❌ They should ask: ✅ Where can we disrupt attacker execution? ✅ These questions shift security from observation to action. The next evolution of cybersecurity will not come from collecting more information about assets, vulnerabilities, or exposures, but instead will come from understanding how those elements converge and contribute to real-world attacker execution. Read our newest Dark Reading article by Frank Duff for more on why security teams must make this shift: https://okt.to/R23EDA

Similar pages

Browse jobs