<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Alexa Cybersecurity — Blog</title>
    <link>https://alexasecurity.net/blog</link>
    <atom:link href="https://alexasecurity.net/rss.xml" rel="self" type="application/rss+xml"/>
    <description>Autonomous defense, zero-trust architecture, threat intelligence and security operations from Alexa Cybersecurity.</description>
    <language>en</language>
    <lastBuildDate>Tue, 07 Jul 2026 11:00:39 GMT</lastBuildDate>
    <item>
      <title>Alexa Research — The Future of Defensive Engineering</title>
      <link>https://alexasecurity.net/blog/alexa-research-future-of-defensive-engineering</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-future-of-defensive-engineering</guid>
      <category>Alexa Research</category>
      <pubDate>Sun, 10 May 2026 00:00:00 GMT</pubDate>
      <description>A perspective on where defensive engineering is heading, drawn from the patterns we are seeing across hundreds of customer environments.</description>
    </item>
    <item>
      <title>The Honest Total Cost of Cybersecurity Tools</title>
      <link>https://alexasecurity.net/blog/the-honest-cost-of-cybersecurity-tools</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/the-honest-cost-of-cybersecurity-tools</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Sat, 09 May 2026 00:00:00 GMT</pubDate>
      <description>The license cost of a cybersecurity tool is rarely the largest component of total cost. Here is the honest accounting.</description>
    </item>
    <item>
      <title>Regulatory Notification — The Clock Starts Earlier Than You Think</title>
      <link>https://alexasecurity.net/blog/regulatory-notification-the-clock</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/regulatory-notification-the-clock</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Fri, 08 May 2026 00:00:00 GMT</pubDate>
      <description>Regulatory notification clocks start at &apos;awareness,&apos; not at &apos;investigation completion.&apos; The decision-making must be pre-staged.</description>
    </item>
    <item>
      <title>Cyber Insurance Renewal — The Conversation You Should Be Having</title>
      <link>https://alexasecurity.net/blog/managing-cyber-insurance-renewal</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/managing-cyber-insurance-renewal</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Thu, 07 May 2026 00:00:00 GMT</pubDate>
      <description>Cyber insurance renewals have tightened materially. Here is the engineering and program work that affects rates and coverage.</description>
    </item>
    <item>
      <title>Running a Purple Team Cycle Without a Dedicated Team</title>
      <link>https://alexasecurity.net/blog/running-a-purple-team-cycle</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/running-a-purple-team-cycle</guid>
      <category>Security Operations</category>
      <pubDate>Wed, 06 May 2026 00:00:00 GMT</pubDate>
      <description>You do not need a dedicated red team to run an effective purple-team program. Here is the structure for smaller security teams.</description>
    </item>
    <item>
      <title>Decommissioning Systems Securely — The Forgotten Discipline</title>
      <link>https://alexasecurity.net/blog/decommissioning-systems-securely</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/decommissioning-systems-securely</guid>
      <category>Security Operations</category>
      <pubDate>Tue, 05 May 2026 00:00:00 GMT</pubDate>
      <description>Most security programs handle deployment well. Decommissioning is consistently weaker, and produces ongoing risk.</description>
    </item>
    <item>
      <title>Managing an Internal Penetration Testing Program That Pays Back</title>
      <link>https://alexasecurity.net/blog/managing-an-internal-pen-test-program</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/managing-an-internal-pen-test-program</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Mon, 04 May 2026 00:00:00 GMT</pubDate>
      <description>Internal pen tests pay back when they are scoped to produce actionable findings. The scoping discipline is everything.</description>
    </item>
    <item>
      <title>Negotiating With an Incident Response Firm Before You Need One</title>
      <link>https://alexasecurity.net/blog/negotiating-with-incident-response-firm</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/negotiating-with-incident-response-firm</guid>
      <category>Security Operations</category>
      <pubDate>Sun, 03 May 2026 00:00:00 GMT</pubDate>
      <description>Negotiating an IR retainer mid-incident is the worst possible time. Here is the negotiation that makes sense before you need it.</description>
    </item>
    <item>
      <title>How to Read a Postmortem and Learn From It</title>
      <link>https://alexasecurity.net/blog/how-to-read-a-postmortem</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/how-to-read-a-postmortem</guid>
      <category>Security Operations</category>
      <pubDate>Sat, 02 May 2026 00:00:00 GMT</pubDate>
      <description>The discipline of reading other organizations&apos; postmortems is one of the highest-leverage habits a security leader can build.</description>
    </item>
    <item>
      <title>Hosting the World Cup — The Cyber Attack Surface a Host Nation Must Defend</title>
      <link>https://alexasecurity.net/blog/world-cup-host-nation-cyber-attack-surface</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/world-cup-host-nation-cyber-attack-surface</guid>
      <category>Threat Intelligence</category>
      <pubDate>Fri, 01 May 2026 00:00:00 GMT</pubDate>
      <description>Match operations, stadium OT, transport, payments, broadcast, government services, and the fan experience all converge into one of the largest planned attack surfaces a country ever signs up for. Here is the systems-level map every host nation needs.</description>
    </item>
    <item>
      <title>Writing a Runbook That Holds Up at 3 a.m.</title>
      <link>https://alexasecurity.net/blog/writing-a-good-runbook</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/writing-a-good-runbook</guid>
      <category>Security Operations</category>
      <pubDate>Fri, 01 May 2026 00:00:00 GMT</pubDate>
      <description>Most runbooks fail at the moments they are needed most. Here is the seven-block structure that holds up under sleep deprivation, the prose to ruthlessly cut, the test cadence that keeps it honest, and a complete worked example.</description>
    </item>
    <item>
      <title>Alexa Research — The Next Five Years in Cybersecurity</title>
      <link>https://alexasecurity.net/blog/alexa-research-the-next-five-years</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-the-next-five-years</guid>
      <category>Alexa Research</category>
      <pubDate>Thu, 30 Apr 2026 00:00:00 GMT</pubDate>
      <description>A five-year forward view of cybersecurity, structured around technology shifts, regulatory shifts, and adversary evolution.</description>
    </item>
    <item>
      <title>Cybersecurity Talent in 2026 — Where the Real Shortages Are</title>
      <link>https://alexasecurity.net/blog/cybersecurity-talent-2026</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/cybersecurity-talent-2026</guid>
      <category>Security Operations</category>
      <pubDate>Wed, 29 Apr 2026 00:00:00 GMT</pubDate>
      <description>The &apos;cybersecurity talent shortage&apos; is real but uneven. Here is where the gaps are real and where the conventional wisdom is wrong.</description>
    </item>
    <item>
      <title>Private 5G — A Security Perspective for Industrial Networks</title>
      <link>https://alexasecurity.net/blog/5g-private-network-security</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/5g-private-network-security</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Tue, 28 Apr 2026 00:00:00 GMT</pubDate>
      <description>Private 5G is replacing some industrial Wi-Fi and SCADA wireless. Here is the security model the technology actually offers.</description>
    </item>
    <item>
      <title>UAS and Drone Cybersecurity — The Emerging Threat Surface</title>
      <link>https://alexasecurity.net/blog/drone-and-uav-cybersecurity</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/drone-and-uav-cybersecurity</guid>
      <category>Threat Intelligence</category>
      <pubDate>Mon, 27 Apr 2026 00:00:00 GMT</pubDate>
      <description>Unmanned aircraft systems are now a critical infrastructure threat surface. Here is the practitioner overview.</description>
    </item>
    <item>
      <title>Blockchain in Security — The Real Uses, Not the Hype</title>
      <link>https://alexasecurity.net/blog/blockchain-security-real-uses</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/blockchain-security-real-uses</guid>
      <category>Threat Intelligence</category>
      <pubDate>Sun, 26 Apr 2026 00:00:00 GMT</pubDate>
      <description>Blockchain has a small number of legitimate security uses. Here is the honest list, with the criteria for when it actually wins.</description>
    </item>
    <item>
      <title>The Browser as the New Perimeter — Enterprise Browser Reality</title>
      <link>https://alexasecurity.net/blog/browser-security-the-new-perimeter</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/browser-security-the-new-perimeter</guid>
      <category>Zero Trust Architecture</category>
      <pubDate>Sat, 25 Apr 2026 00:00:00 GMT</pubDate>
      <description>Enterprise browsers are no longer a curiosity. They are increasingly the right answer for high-control workforce access scenarios.</description>
    </item>
    <item>
      <title>OT Network Design — Defensible Segmentation Without Disrupting Production</title>
      <link>https://alexasecurity.net/blog/operational-technology-network-design</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/operational-technology-network-design</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Fri, 24 Apr 2026 00:00:00 GMT</pubDate>
      <description>OT segmentation projects often stall on availability concerns. The Purdue model, properly applied, is the defense the standards expect.</description>
    </item>
    <item>
      <title>Medical Device Cybersecurity — The 2023 FDA Cyber Mandate</title>
      <link>https://alexasecurity.net/blog/medical-device-cybersecurity-fda</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/medical-device-cybersecurity-fda</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Thu, 23 Apr 2026 00:00:00 GMT</pubDate>
      <description>Section 524B requires cybersecurity for cyber devices. Here is what manufacturers must include in submissions.</description>
    </item>
    <item>
      <title>Automotive Cybersecurity — ISO/SAE 21434 in the Real World</title>
      <link>https://alexasecurity.net/blog/automotive-cybersecurity-iso-21434</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/automotive-cybersecurity-iso-21434</guid>
      <category>International Standards</category>
      <pubDate>Wed, 22 Apr 2026 00:00:00 GMT</pubDate>
      <description>ISO/SAE 21434 governs cybersecurity engineering for road vehicles. Here is what manufacturers and suppliers actually have to do.</description>
    </item>
    <item>
      <title>Post-Quantum Cryptography — A Realistic Migration Plan (FIPS 203 / 204 / 205 in the Field)</title>
      <link>https://alexasecurity.net/blog/post-quantum-cryptography-migration</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/post-quantum-cryptography-migration</guid>
      <category>International Standards</category>
      <pubDate>Tue, 21 Apr 2026 00:00:00 GMT</pubDate>
      <description>NIST has standardized the first post-quantum algorithms. The migration is multi-year. Here is the realistic plan: inventory, crypto-agility, harvest-now-decrypt-later prioritization, hybrid TLS, and what does NOT require action this year.</description>
    </item>
    <item>
      <title>Building a Cybersecurity Roadmap That Survives Reorganization</title>
      <link>https://alexasecurity.net/blog/building-a-cybersecurity-roadmap</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/building-a-cybersecurity-roadmap</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate>
      <description>Cybersecurity roadmaps that depend on organizational stability fail. Here is the structure that survives change.</description>
    </item>
    <item>
      <title>Outsourcing the SOC — When It Works and When It Doesn&apos;t</title>
      <link>https://alexasecurity.net/blog/outsourcing-soc-when-and-how</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/outsourcing-soc-when-and-how</guid>
      <category>Security Operations</category>
      <pubDate>Sun, 19 Apr 2026 00:00:00 GMT</pubDate>
      <description>MSSP and MDR outsourcing has matured. It is right for many organizations and wrong for others. Here is the decision framework.</description>
    </item>
    <item>
      <title>The Detection Engineer — Career Path and Skills</title>
      <link>https://alexasecurity.net/blog/career-path-detection-engineer</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/career-path-detection-engineer</guid>
      <category>Security Operations</category>
      <pubDate>Sat, 18 Apr 2026 00:00:00 GMT</pubDate>
      <description>Detection engineering is a discipline distinct from SOC analysis and from software engineering. Here is the path that produces strong ones.</description>
    </item>
    <item>
      <title>How Much Engineering Time Should Be Spent on Security?</title>
      <link>https://alexasecurity.net/blog/engineering-time-spent-on-security</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/engineering-time-spent-on-security</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Fri, 17 Apr 2026 00:00:00 GMT</pubDate>
      <description>There is no universal number. There is a defensible methodology for arriving at the right number for your organization.</description>
    </item>
    <item>
      <title>OSPO and Security — A Productive Partnership</title>
      <link>https://alexasecurity.net/blog/open-source-program-office-security</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/open-source-program-office-security</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Thu, 16 Apr 2026 00:00:00 GMT</pubDate>
      <description>Open Source Program Offices and security teams have overlapping concerns. Here is the partnership that consistently produces value.</description>
    </item>
    <item>
      <title>Tabletops for the Executive Team — A Different Exercise</title>
      <link>https://alexasecurity.net/blog/tabletop-for-the-executive-team</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/tabletop-for-the-executive-team</guid>
      <category>Security Operations</category>
      <pubDate>Wed, 15 Apr 2026 00:00:00 GMT</pubDate>
      <description>Executive tabletops are not technical exercises. They are decision exercises under pressure with imperfect information.</description>
    </item>
    <item>
      <title>Communicating Cyber Risk to the Board — A Working Template</title>
      <link>https://alexasecurity.net/blog/communicating-cyber-risk-to-the-board</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/communicating-cyber-risk-to-the-board</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Tue, 14 Apr 2026 00:00:00 GMT</pubDate>
      <description>The board wants to understand cyber risk. Here is the communication template that consistently lands.</description>
    </item>
    <item>
      <title>Insider Risk — A Modern Program That Doesn&apos;t Resemble Surveillance</title>
      <link>https://alexasecurity.net/blog/insider-risk-modern-program</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/insider-risk-modern-program</guid>
      <category>Security Operations</category>
      <pubDate>Mon, 13 Apr 2026 00:00:00 GMT</pubDate>
      <description>Insider risk programs that look like surveillance fail employees and outcomes. Here is the modern model that produces results.</description>
    </item>
    <item>
      <title>Third-Party Risk Starts With Data Classification</title>
      <link>https://alexasecurity.net/blog/third-party-risk-data-classification</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/third-party-risk-data-classification</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Sun, 12 Apr 2026 00:00:00 GMT</pubDate>
      <description>You cannot tier vendor diligence without knowing what data each vendor will touch. Data classification is the precondition.</description>
    </item>
    <item>
      <title>Secure by Design — Beyond Signing the CISA Pledge (the Multi-Year Engineering Plan Behind a One-Page Commitment)</title>
      <link>https://alexasecurity.net/blog/secure-by-design-cisa-pledge</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/secure-by-design-cisa-pledge</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Sat, 11 Apr 2026 00:00:00 GMT</pubDate>
      <description>CISA&apos;s Secure by Design pledge is well-intentioned and structurally clarifying. The hard part is the multi-year engineering work it implies. Here is the per-goal implementation plan, the where-it-hurts table, and the metrics that prove the program is real.</description>
    </item>
    <item>
      <title>Post-Incident Learning — Beyond the Postmortem</title>
      <link>https://alexasecurity.net/blog/post-incident-learning</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/post-incident-learning</guid>
      <category>Security Operations</category>
      <pubDate>Fri, 10 Apr 2026 00:00:00 GMT</pubDate>
      <description>The postmortem is the start of the learning, not the end. Here is the practice that turns incidents into durable improvement.</description>
    </item>
    <item>
      <title>Running a Bug Bounty Program That Earns Its Keep</title>
      <link>https://alexasecurity.net/blog/running-a-bug-bounty-program</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/running-a-bug-bounty-program</guid>
      <category>Security Operations</category>
      <pubDate>Thu, 09 Apr 2026 00:00:00 GMT</pubDate>
      <description>Bug bounty programs deliver real value but require operational discipline. Here is what makes the difference.</description>
    </item>
    <item>
      <title>Logging Pipeline — The Modern Security Data Stack</title>
      <link>https://alexasecurity.net/blog/logging-pipeline-the-modern-stack</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/logging-pipeline-the-modern-stack</guid>
      <category>Security Operations</category>
      <pubDate>Wed, 08 Apr 2026 00:00:00 GMT</pubDate>
      <description>The modern security data pipeline is a multi-tier architecture that separates collection, routing, enrichment, storage, and analysis.</description>
    </item>
    <item>
      <title>Vulnerability Management — Prioritization That Actually Reduces Risk</title>
      <link>https://alexasecurity.net/blog/vulnerability-management-prioritization</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/vulnerability-management-prioritization</guid>
      <category>Security Operations</category>
      <pubDate>Tue, 07 Apr 2026 00:00:00 GMT</pubDate>
      <description>Patching by CVSS alone wastes effort. Reachability and exploitability data change the priority list dramatically.</description>
    </item>
    <item>
      <title>Tabletop Exercises That Actually Change Things</title>
      <link>https://alexasecurity.net/blog/tabletop-exercises-that-change-things</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/tabletop-exercises-that-change-things</guid>
      <category>Security Operations</category>
      <pubDate>Mon, 06 Apr 2026 00:00:00 GMT</pubDate>
      <description>Most tabletops produce a slide deck and no change. The variant that produces change is structurally different.</description>
    </item>
    <item>
      <title>SOC Metrics That Mean Something — A Short List</title>
      <link>https://alexasecurity.net/blog/metrics-that-mean-something</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/metrics-that-mean-something</guid>
      <category>Security Operations</category>
      <pubDate>Sun, 05 Apr 2026 00:00:00 GMT</pubDate>
      <description>Most SOC metrics are activity counts. The metrics that actually matter are smaller in number and harder to game.</description>
    </item>
    <item>
      <title>Detection Engineering as Code — The Discipline That Sticks</title>
      <link>https://alexasecurity.net/blog/detection-engineering-as-code</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/detection-engineering-as-code</guid>
      <category>Security Operations</category>
      <pubDate>Sat, 04 Apr 2026 00:00:00 GMT</pubDate>
      <description>Detection content deserves the same SDLC discipline as application code. Here is what that looks like in practice.</description>
    </item>
    <item>
      <title>SIEM Economics in 2026 — The License Conversation</title>
      <link>https://alexasecurity.net/blog/siem-economics-2026</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/siem-economics-2026</guid>
      <category>Security Operations</category>
      <pubDate>Fri, 03 Apr 2026 00:00:00 GMT</pubDate>
      <description>SIEM licensing has changed more than the technology. Here is the financial conversation every CISO is having.</description>
    </item>
    <item>
      <title>SOAR — Avoiding the Shelf-Ware Trap</title>
      <link>https://alexasecurity.net/blog/soar-without-the-shelf-ware</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/soar-without-the-shelf-ware</guid>
      <category>Security Operations</category>
      <pubDate>Thu, 02 Apr 2026 00:00:00 GMT</pubDate>
      <description>SOAR platforms become shelf-ware when they are bought before the underlying processes are stable. Here is the better sequence.</description>
    </item>
    <item>
      <title>The SOC Tier Collapse — Why It Works for Most Teams (and Where the Tiered Model Still Earns Its Keep)</title>
      <link>https://alexasecurity.net/blog/soc-tier-collapse</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/soc-tier-collapse</guid>
      <category>Security Operations</category>
      <pubDate>Wed, 01 Apr 2026 00:00:00 GMT</pubDate>
      <description>T1/T2/T3 is the wrong shape for most modern SOCs. Here is the flatter, capability-driven org, the metrics that prove it works, the migration sequence that survives a layoff cycle, and the contexts where tiered still wins.</description>
    </item>
    <item>
      <title>Alexa Research — The State of Vendor Risk in 2026</title>
      <link>https://alexasecurity.net/blog/alexa-research-vendor-risk-2026</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-vendor-risk-2026</guid>
      <category>Alexa Research</category>
      <pubDate>Tue, 31 Mar 2026 00:00:00 GMT</pubDate>
      <description>What we have seen across vendor risk programs: where they work, where they fail, and what the next-generation program looks like.</description>
    </item>
    <item>
      <title>Alexa Research — The Real Cost Curves of an Incident</title>
      <link>https://alexasecurity.net/blog/alexa-research-incident-cost-curves</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-incident-cost-curves</guid>
      <category>Alexa Research</category>
      <pubDate>Mon, 30 Mar 2026 00:00:00 GMT</pubDate>
      <description>Detailed cost analysis from 31 incidents we responded to across sectors. The cost is not where most teams budget.</description>
    </item>
    <item>
      <title>Alexa Research — Measuring the Effectiveness of CTI Sharing</title>
      <link>https://alexasecurity.net/blog/alexa-research-cti-sharing-effectiveness</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-cti-sharing-effectiveness</guid>
      <category>Alexa Research</category>
      <pubDate>Sun, 29 Mar 2026 00:00:00 GMT</pubDate>
      <description>We measured the operational impact of Cyber Threat Intelligence sharing across a peer community. The results challenge the narrative.</description>
    </item>
    <item>
      <title>Alexa Research — Deepfake Voice and Executive Fraud Patterns</title>
      <link>https://alexasecurity.net/blog/alexa-research-deepfake-voice-fraud</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-deepfake-voice-fraud</guid>
      <category>Alexa Research</category>
      <pubDate>Sat, 28 Mar 2026 00:00:00 GMT</pubDate>
      <description>We analyzed deepfake voice attacks against our customer base. The patterns are predictable; the controls are not yet deployed.</description>
    </item>
    <item>
      <title>Alexa Research — The Half-Life of a Cloud Misconfiguration</title>
      <link>https://alexasecurity.net/blog/alexa-research-cloud-misconfig-half-life</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-cloud-misconfig-half-life</guid>
      <category>Alexa Research</category>
      <pubDate>Fri, 27 Mar 2026 00:00:00 GMT</pubDate>
      <description>How long do cloud misconfigurations persist before being exploited or detected? Data from 200 monitored environments.</description>
    </item>
    <item>
      <title>Alexa Research — AI Agent Incident Analysis</title>
      <link>https://alexasecurity.net/blog/alexa-research-ai-agent-incidents</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-ai-agent-incidents</guid>
      <category>Alexa Research</category>
      <pubDate>Thu, 26 Mar 2026 00:00:00 GMT</pubDate>
      <description>Analysis of 47 AI agent incidents we responded to in the past year, with patterns and prevention guidance.</description>
    </item>
    <item>
      <title>Alexa Research — Mobile Banking Shielding Effectiveness</title>
      <link>https://alexasecurity.net/blog/alexa-research-mobile-banking-shielding</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-mobile-banking-shielding</guid>
      <category>Alexa Research</category>
      <pubDate>Wed, 25 Mar 2026 00:00:00 GMT</pubDate>
      <description>Quantifying the impact of mobile app shielding on real fraud losses across a multi-bank deployment.</description>
    </item>
    <item>
      <title>Alexa Research — OT and Utility Sector Field Notes</title>
      <link>https://alexasecurity.net/blog/alexa-research-ot-utility-sector</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-ot-utility-sector</guid>
      <category>Alexa Research</category>
      <pubDate>Tue, 24 Mar 2026 00:00:00 GMT</pubDate>
      <description>Field notes from a year of OT security engagements across utilities, oil and gas, and manufacturing.</description>
    </item>
    <item>
      <title>Alexa Research — Banking Sector Attack Trends 2024-2026</title>
      <link>https://alexasecurity.net/blog/alexa-research-banking-attack-trends</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-banking-attack-trends</guid>
      <category>Alexa Research</category>
      <pubDate>Mon, 23 Mar 2026 00:00:00 GMT</pubDate>
      <description>What we are seeing across our banking customer base: attack patterns, dwell time trends, and what the next year looks like.</description>
    </item>
    <item>
      <title>Alexa X-Platform — The Architecture Brief</title>
      <link>https://alexasecurity.net/blog/alexa-x-platform-architecture</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-x-platform-architecture</guid>
      <category>Alexa Research</category>
      <pubDate>Sun, 22 Mar 2026 00:00:00 GMT</pubDate>
      <description>The unmarketed architectural brief on Alexa X-Platform: deterministic decision plane, distributed enforcement at the customer perimeter, federated telemetry that lifts every customer without exposing any of them, and the design constraints that produce that property.</description>
    </item>
    <item>
      <title>Alexa Research — Mapping the Identity Attack Surface</title>
      <link>https://alexasecurity.net/blog/alexa-research-identity-attack-surface</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-identity-attack-surface</guid>
      <category>Identity &amp; Access</category>
      <pubDate>Sat, 21 Mar 2026 00:00:00 GMT</pubDate>
      <description>From Alexa Research: a methodology for mapping your full identity attack surface across human, workload, and agent identities.</description>
    </item>
    <item>
      <title>CIAM Architecture — Why Customer Identity Is Different</title>
      <link>https://alexasecurity.net/blog/customer-identity-ciam-architecture</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/customer-identity-ciam-architecture</guid>
      <category>Identity &amp; Access</category>
      <pubDate>Fri, 20 Mar 2026 00:00:00 GMT</pubDate>
      <description>CIAM is not just workforce IAM with a different login screen. The requirements, scale, and threats are fundamentally different.</description>
    </item>
    <item>
      <title>Directory Services Modernization — Beyond the AD Era</title>
      <link>https://alexasecurity.net/blog/directory-services-modernization</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/directory-services-modernization</guid>
      <category>Identity &amp; Access</category>
      <pubDate>Thu, 19 Mar 2026 00:00:00 GMT</pubDate>
      <description>On-prem Active Directory is still the heart of most enterprise identity. Modernization is possible — and overdue.</description>
    </item>
    <item>
      <title>ITDR — Identity Threat Detection and Response, Honestly</title>
      <link>https://alexasecurity.net/blog/identity-threat-detection-itdr</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/identity-threat-detection-itdr</guid>
      <category>Identity &amp; Access</category>
      <pubDate>Wed, 18 Mar 2026 00:00:00 GMT</pubDate>
      <description>ITDR is the newest letter in the identity stack. Here is what it actually catches and what to expect of it.</description>
    </item>
    <item>
      <title>Service Account Discipline — From Sprawl to Governance</title>
      <link>https://alexasecurity.net/blog/service-account-discipline</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/service-account-discipline</guid>
      <category>Identity &amp; Access</category>
      <pubDate>Tue, 17 Mar 2026 00:00:00 GMT</pubDate>
      <description>Service accounts are the largest identity sprawl problem in most enterprises. Here is the discipline that contains them.</description>
    </item>
    <item>
      <title>Privileged Access — Just-in-Time and Zero Standing Privilege</title>
      <link>https://alexasecurity.net/blog/privileged-access-jit-zero-standing</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/privileged-access-jit-zero-standing</guid>
      <category>Identity &amp; Access</category>
      <pubDate>Mon, 16 Mar 2026 00:00:00 GMT</pubDate>
      <description>Standing privilege is the legacy default. Just-in-time and zero-standing-privilege models are the realistic upgrade.</description>
    </item>
    <item>
      <title>SCIM Provisioning — Where Real-Life Implementations Break</title>
      <link>https://alexasecurity.net/blog/scim-provisioning-real-life</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/scim-provisioning-real-life</guid>
      <category>Identity &amp; Access</category>
      <pubDate>Sun, 15 Mar 2026 00:00:00 GMT</pubDate>
      <description>SCIM is the boring infrastructure that makes IGA work. Here is where real-world SCIM implementations consistently break.</description>
    </item>
    <item>
      <title>SAML vs OIDC — When to Use Which, in Plain Terms</title>
      <link>https://alexasecurity.net/blog/saml-vs-oidc-when-which</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/saml-vs-oidc-when-which</guid>
      <category>Identity &amp; Access</category>
      <pubDate>Sat, 14 Mar 2026 00:00:00 GMT</pubDate>
      <description>SAML and OIDC both work. Choosing between them is mostly about your application architecture and your IdP.</description>
    </item>
    <item>
      <title>Passwordless — A Realistic Multi-Year Roadmap</title>
      <link>https://alexasecurity.net/blog/passwordless-the-realistic-roadmap</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/passwordless-the-realistic-roadmap</guid>
      <category>Identity &amp; Access</category>
      <pubDate>Fri, 13 Mar 2026 00:00:00 GMT</pubDate>
      <description>Most organizations cannot go passwordless overnight. Here is the multi-year roadmap that actually works.</description>
    </item>
    <item>
      <title>Modern IAM Architecture — A Reference for 2026</title>
      <link>https://alexasecurity.net/blog/modern-iam-architecture</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/modern-iam-architecture</guid>
      <category>Identity &amp; Access</category>
      <pubDate>Thu, 12 Mar 2026 00:00:00 GMT</pubDate>
      <description>A reference architecture for the modern IAM stack: IdP, CIAM, PAM, IGA, ITDR — what each owns, the integration backbone that ties them together, and the workload + agent identity tier most programs still ignore.</description>
    </item>
    <item>
      <title>Incident Response — The First 72 Hours That Decide Outcomes</title>
      <link>https://alexasecurity.net/blog/incident-response-the-first-72-hours</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/incident-response-the-first-72-hours</guid>
      <category>Threat Intelligence</category>
      <pubDate>Wed, 11 Mar 2026 00:00:00 GMT</pubDate>
      <description>Most of an incident&apos;s outcome is determined in the first 72 hours. Here is the disciplined cadence that makes them count.</description>
    </item>
    <item>
      <title>Geopolitics and Cyber in 2026 — A Practitioner&apos;s Briefing</title>
      <link>https://alexasecurity.net/blog/geopolitics-cyber-2026</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/geopolitics-cyber-2026</guid>
      <category>Threat Intelligence</category>
      <pubDate>Tue, 10 Mar 2026 00:00:00 GMT</pubDate>
      <description>How current geopolitical patterns translate to specific cyber threats your program should consider in the next 12 months.</description>
    </item>
    <item>
      <title>Alexa Research — Engineering a Useful Threat Feed</title>
      <link>https://alexasecurity.net/blog/alexa-threat-feed-engineering</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-threat-feed-engineering</guid>
      <category>Threat Intelligence</category>
      <pubDate>Mon, 09 Mar 2026 00:00:00 GMT</pubDate>
      <description>What we have learned producing high-signal threat feeds for our customers, and what makes a feed worth subscribing to.</description>
    </item>
    <item>
      <title>Purple Team as a Cycle, Not an Event</title>
      <link>https://alexasecurity.net/blog/purple-team-as-a-service</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/purple-team-as-a-service</guid>
      <category>Threat Intelligence</category>
      <pubDate>Sun, 08 Mar 2026 00:00:00 GMT</pubDate>
      <description>Purple-team exercises produce maximum value when they run on a cycle: hypothesis, exercise, gap, fix, re-test.</description>
    </item>
    <item>
      <title>Deception Technology — Modern Honeypots That Earn Their Keep</title>
      <link>https://alexasecurity.net/blog/deception-technology-honeypots</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/deception-technology-honeypots</guid>
      <category>Threat Intelligence</category>
      <pubDate>Sat, 07 Mar 2026 00:00:00 GMT</pubDate>
      <description>Modern deception is a high-signal detection layer. Here is how to deploy it without becoming the team that maintains 1000 fake servers.</description>
    </item>
    <item>
      <title>Indicators vs Behaviors — Building a Detection Strategy That Survives</title>
      <link>https://alexasecurity.net/blog/indicators-vs-behaviors</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/indicators-vs-behaviors</guid>
      <category>Threat Intelligence</category>
      <pubDate>Fri, 06 Mar 2026 00:00:00 GMT</pubDate>
      <description>Indicator-based detection rots fast. Behavior-based detection scales. Here is how to balance them in a real program.</description>
    </item>
    <item>
      <title>APT Tradecraft Evolution — What&apos;s Different in 2026</title>
      <link>https://alexasecurity.net/blog/apt-tradecraft-evolution</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/apt-tradecraft-evolution</guid>
      <category>Threat Intelligence</category>
      <pubDate>Thu, 05 Mar 2026 00:00:00 GMT</pubDate>
      <description>Three concrete shifts in advanced persistent threat tradecraft over the past 18 months, and what defenders should change.</description>
    </item>
    <item>
      <title>STIX/TAXII — When Open Threat Intelligence Sharing Pays Off</title>
      <link>https://alexasecurity.net/blog/stix-taxii-when-its-worth-it</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/stix-taxii-when-its-worth-it</guid>
      <category>Threat Intelligence</category>
      <pubDate>Wed, 04 Mar 2026 00:00:00 GMT</pubDate>
      <description>STIX and TAXII give us interoperable threat intel. Here is when to use them, and when to stick with vendor feeds.</description>
    </item>
    <item>
      <title>Ransomware in 2026 — The Economics That Drive the Attacks</title>
      <link>https://alexasecurity.net/blog/ransomware-2026-economics</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/ransomware-2026-economics</guid>
      <category>Threat Intelligence</category>
      <pubDate>Tue, 03 Mar 2026 00:00:00 GMT</pubDate>
      <description>Ransomware groups operate as businesses. Understanding their economics is the fastest way to understand which controls actually deter them.</description>
    </item>
    <item>
      <title>MITRE ATT&amp;CK v15 — What Changed, What It Breaks in Your Detections, and How to Recover Coverage</title>
      <link>https://alexasecurity.net/blog/mitre-attack-v15-changes</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/mitre-attack-v15-changes</guid>
      <category>Threat Intelligence</category>
      <pubDate>Mon, 02 Mar 2026 00:00:00 GMT</pubDate>
      <description>ATT&amp;CK v15 added cloud sub-techniques, refined ICS coverage, and renumbered enough content to silently break detection mappings. Here is the structural diff, the re-tagging discipline, and the coverage-as-code pattern that survives the next release.</description>
    </item>
    <item>
      <title>Alexa Research — Measuring Cloud Blast Radius at Scale</title>
      <link>https://alexasecurity.net/blog/alexa-research-cloud-blast-radius</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-cloud-blast-radius</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Sun, 01 Mar 2026 00:00:00 GMT</pubDate>
      <description>An Alexa Research methodology for quantifying blast radius across cloud environments — and what we found across 200 deployments.</description>
    </item>
    <item>
      <title>Edge Compute Security — A Model That Makes Sense</title>
      <link>https://alexasecurity.net/blog/edge-compute-security-model</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/edge-compute-security-model</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Sat, 28 Feb 2026 00:00:00 GMT</pubDate>
      <description>Edge compute platforms (Cloudflare Workers, Fastly, AWS Lambda@Edge) have unique security properties. Here is the mental model.</description>
    </item>
    <item>
      <title>Cloud Egress Controls — Worth the Operational Cost</title>
      <link>https://alexasecurity.net/blog/egress-controls-cloud-the-real-cost</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/egress-controls-cloud-the-real-cost</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Fri, 27 Feb 2026 00:00:00 GMT</pubDate>
      <description>Egress control is one of the most effective controls against data exfiltration. It is also one of the most operationally expensive.</description>
    </item>
    <item>
      <title>Data Residency — Real Controls vs. Marketing Claims</title>
      <link>https://alexasecurity.net/blog/data-residency-real-controls</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/data-residency-real-controls</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Thu, 26 Feb 2026 00:00:00 GMT</pubDate>
      <description>Cloud providers offer many data residency claims. Here is what they mean operationally — and what to verify in your contracts.</description>
    </item>
    <item>
      <title>Serverless Security — The Fundamentals That Still Apply</title>
      <link>https://alexasecurity.net/blog/serverless-security-fundamentals</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/serverless-security-fundamentals</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Wed, 25 Feb 2026 00:00:00 GMT</pubDate>
      <description>Serverless does not mean security-less. The IAM, secrets, dependency, and observability fundamentals shift but do not disappear.</description>
    </item>
    <item>
      <title>Multi-Cloud Security — The Honest Version</title>
      <link>https://alexasecurity.net/blog/multi-cloud-the-honest-version</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/multi-cloud-the-honest-version</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Tue, 24 Feb 2026 00:00:00 GMT</pubDate>
      <description>Multi-cloud is more often a fact than a strategy. Here is how to do security across clouds without doubling the team.</description>
    </item>
    <item>
      <title>IaC Security — The Pipeline That Doesn&apos;t Slow Engineers</title>
      <link>https://alexasecurity.net/blog/iac-security-real-pipeline</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/iac-security-real-pipeline</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Mon, 23 Feb 2026 00:00:00 GMT</pubDate>
      <description>Infrastructure-as-code security tooling has matured. Here is the pipeline configuration that catches issues without alert fatigue.</description>
    </item>
    <item>
      <title>Kubernetes Security in 2026 — The Controls That Matter Most</title>
      <link>https://alexasecurity.net/blog/kubernetes-security-2026</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/kubernetes-security-2026</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Sun, 22 Feb 2026 00:00:00 GMT</pubDate>
      <description>Kubernetes security has matured. Here are the controls that consistently catch real attacks across our customer base.</description>
    </item>
    <item>
      <title>CNAPP vs CSPM vs CWPP — Cutting Through the Cloud Security Acronyms</title>
      <link>https://alexasecurity.net/blog/cnapp-vs-cspm-vs-cwpp</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/cnapp-vs-cspm-vs-cwpp</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Sat, 21 Feb 2026 00:00:00 GMT</pubDate>
      <description>Cloud-Native Application Protection Platforms consolidate CSPM, CWPP, CIEM, and more. Here&apos;s how to evaluate them honestly.</description>
    </item>
    <item>
      <title>SASE Architecture — A Buying Guide That Doesn&apos;t Read Like Marketing</title>
      <link>https://alexasecurity.net/blog/sase-architecture-buying-guide</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/sase-architecture-buying-guide</guid>
      <category>Cloud &amp; SASE</category>
      <pubDate>Fri, 20 Feb 2026 00:00:00 GMT</pubDate>
      <description>Cutting through the SASE marketing fog: what is actually in a defensible SASE architecture, how to evaluate each leg on its own merits, the integration tests that separate fabric from billing-bundle, and the contract terms you must insist on.</description>
    </item>
    <item>
      <title>Alexa Research — The Real Economics of Shift-Left</title>
      <link>https://alexasecurity.net/blog/alexa-research-shift-left-economics</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-research-shift-left-economics</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Thu, 19 Feb 2026 00:00:00 GMT</pubDate>
      <description>From a survey of 142 enterprise programs: the actual cost-per-vulnerability across SAST, IAST, DAST, and runtime detection.</description>
    </item>
    <item>
      <title>WebAssembly Security — The New Frontier in Sandboxing</title>
      <link>https://alexasecurity.net/blog/wasm-security-frontier</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/wasm-security-frontier</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Wed, 18 Feb 2026 00:00:00 GMT</pubDate>
      <description>WebAssembly is no longer just a browser technology. Its sandboxing properties are reshaping how we run untrusted code.</description>
    </item>
    <item>
      <title>Passkeys in Production — A Deployment Story</title>
      <link>https://alexasecurity.net/blog/webauthn-passkeys-deployment</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/webauthn-passkeys-deployment</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Tue, 17 Feb 2026 00:00:00 GMT</pubDate>
      <description>Passkeys are ready for general production deployment. Here is the rollout pattern that has worked across our customer base.</description>
    </item>
    <item>
      <title>GraphQL Security — The Issues That Surface After Production</title>
      <link>https://alexasecurity.net/blog/graphql-security-real-world</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/graphql-security-real-world</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Mon, 16 Feb 2026 00:00:00 GMT</pubDate>
      <description>GraphQL inherits the API Top 10 and adds its own. Here are the issues that surface only after real production traffic.</description>
    </item>
    <item>
      <title>Software Supply Chain — Lessons From the 2024 Wave</title>
      <link>https://alexasecurity.net/blog/supply-chain-attack-2024-lessons</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/supply-chain-attack-2024-lessons</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Sun, 15 Feb 2026 00:00:00 GMT</pubDate>
      <description>The 2024 supply-chain attacks (XZ, Polyfill, GitHub Actions tag mutation) reshaped the threat model. Here is what to do.</description>
    </item>
    <item>
      <title>Secrets Management — From Vault to Workload Identity</title>
      <link>https://alexasecurity.net/blog/secrets-management-modern</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/secrets-management-modern</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Sat, 14 Feb 2026 00:00:00 GMT</pubDate>
      <description>Modern secrets management has moved from vaults to workload identity. Here is the migration story most teams should follow.</description>
    </item>
    <item>
      <title>Content Security Policy in 2026 — The Hash and Nonce Era</title>
      <link>https://alexasecurity.net/blog/csp-nonce-modern-web</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/csp-nonce-modern-web</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Fri, 13 Feb 2026 00:00:00 GMT</pubDate>
      <description>Modern CSP using strict-dynamic, nonces, and hashes is the practical XSS defense that survives modern frontends.</description>
    </item>
    <item>
      <title>Secure SDLC in 2026 — A Pipeline That Actually Catches Things</title>
      <link>https://alexasecurity.net/blog/secure-sdlc-modern-pipeline</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/secure-sdlc-modern-pipeline</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Thu, 12 Feb 2026 00:00:00 GMT</pubDate>
      <description>The modern Secure SDLC is six controls deep in the pipeline. Here is the configuration that catches issues without slowing engineering.</description>
    </item>
    <item>
      <title>API Discovery — The Shadow and Zombie APIs You Don&apos;t Defend</title>
      <link>https://alexasecurity.net/blog/api-discovery-shadow-zombie</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/api-discovery-shadow-zombie</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Wed, 11 Feb 2026 00:00:00 GMT</pubDate>
      <description>You cannot defend an API you do not know about. Here are the discovery techniques that find shadow and zombie APIs.</description>
    </item>
    <item>
      <title>OWASP API Security Top 10 (2023) — Authorization Is the Whole Game</title>
      <link>https://alexasecurity.net/blog/owasp-api-security-top-10-2023</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/owasp-api-security-top-10-2023</guid>
      <category>API &amp; Application Security</category>
      <pubDate>Tue, 10 Feb 2026 00:00:00 GMT</pubDate>
      <description>The 2023 OWASP API Security Top 10 sharpened the focus on authorization and business-logic abuse. A practitioner&apos;s read with concrete BOLA/BOPLA test cases, the discovery pattern that finds shadow APIs, and the four KPIs that prove the program works.</description>
    </item>
    <item>
      <title>Alexa Research — Deterministic AI for Defensive Decisions</title>
      <link>https://alexasecurity.net/blog/alexa-x-platform-deterministic-ai</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/alexa-x-platform-deterministic-ai</guid>
      <category>AI &amp; Adversarial ML</category>
      <pubDate>Mon, 09 Feb 2026 00:00:00 GMT</pubDate>
      <description>Inside the Alexa X-Platform&apos;s deterministic AI core: why we use rule-derived and constraint-bound models for security decisions.</description>
    </item>
    <item>
      <title>Content Provenance with C2PA — The Format That&apos;s Winning</title>
      <link>https://alexasecurity.net/blog/ai-content-provenance-c2pa</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/ai-content-provenance-c2pa</guid>
      <category>AI &amp; Adversarial ML</category>
      <pubDate>Sun, 08 Feb 2026 00:00:00 GMT</pubDate>
      <description>C2PA gives generated and edited media a verifiable provenance chain. Adoption has crossed the line — and your platform has a stake in it.</description>
    </item>
    <item>
      <title>Red Teaming LLM Applications — A Repeatable Methodology</title>
      <link>https://alexasecurity.net/blog/red-teaming-llm-applications</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/red-teaming-llm-applications</guid>
      <category>AI &amp; Adversarial ML</category>
      <pubDate>Sat, 07 Feb 2026 00:00:00 GMT</pubDate>
      <description>Red teaming AI is qualitative work that needs quantitative discipline. Here is a methodology that produces comparable results.</description>
    </item>
    <item>
      <title>AI Bill of Materials — The Provenance Discipline We Need</title>
      <link>https://alexasecurity.net/blog/ai-bom-model-bill-of-materials</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/ai-bom-model-bill-of-materials</guid>
      <category>AI &amp; Adversarial ML</category>
      <pubDate>Fri, 06 Feb 2026 00:00:00 GMT</pubDate>
      <description>An AI Bill of Materials gives downstream consumers the provenance and risk picture they need. The format conversation is now real.</description>
    </item>
    <item>
      <title>Agentic AI — Designing Permissions That Survive Contact With Reality</title>
      <link>https://alexasecurity.net/blog/agentic-ai-permissions</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/agentic-ai-permissions</guid>
      <category>AI &amp; Adversarial ML</category>
      <pubDate>Thu, 05 Feb 2026 00:00:00 GMT</pubDate>
      <description>Agentic AI systems combine LLMs with tools and autonomy. The permission model is the security model.</description>
    </item>
    <item>
      <title>RAG Security — The Architecture That Doesn&apos;t Leak</title>
      <link>https://alexasecurity.net/blog/rag-security-architecture</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/rag-security-architecture</guid>
      <category>AI &amp; Adversarial ML</category>
      <pubDate>Wed, 04 Feb 2026 00:00:00 GMT</pubDate>
      <description>Retrieval-Augmented Generation introduces three new failure modes. Here is the architecture that respects entitlements.</description>
    </item>
    <item>
      <title>Data Poisoning — Defenses for Training and Continual Learning</title>
      <link>https://alexasecurity.net/blog/data-poisoning-defenses</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/data-poisoning-defenses</guid>
      <category>AI &amp; Adversarial ML</category>
      <pubDate>Tue, 03 Feb 2026 00:00:00 GMT</pubDate>
      <description>Data poisoning is the rarer cousin of prompt injection but the higher-blast-radius one. Here are practical defenses.</description>
    </item>
    <item>
      <title>Securing the Model Supply Chain — From Hugging Face to Production</title>
      <link>https://alexasecurity.net/blog/model-supply-chain-integrity</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/model-supply-chain-integrity</guid>
      <category>AI &amp; Adversarial ML</category>
      <pubDate>Mon, 02 Feb 2026 00:00:00 GMT</pubDate>
      <description>Open-source model weights are now part of your software supply chain. Here is the integrity discipline they require.</description>
    </item>
    <item>
      <title>Prompt Injection Defenses That Actually Work in Production</title>
      <link>https://alexasecurity.net/blog/prompt-injection-defenses-that-work</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/prompt-injection-defenses-that-work</guid>
      <category>AI &amp; Adversarial ML</category>
      <pubDate>Sun, 01 Feb 2026 00:00:00 GMT</pubDate>
      <description>After two years of trying, what defenses against prompt injection have held up? A field report from real LLM production systems.</description>
    </item>
    <item>
      <title>OWASP LLM Top 10 (2025) — Reading It Like a Builder, Briefing It Like a CISO</title>
      <link>https://alexasecurity.net/blog/owasp-llm-top-10-2025</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/owasp-llm-top-10-2025</guid>
      <category>AI &amp; Adversarial ML</category>
      <pubDate>Sat, 31 Jan 2026 00:00:00 GMT</pubDate>
      <description>The 2025 OWASP Top 10 for LLM Applications reorders the threats that matter. A pragmatic CISO/engineer breakdown — with controls, KPIs, and a 90-day roadmap.</description>
    </item>
    <item>
      <title>Reporting Zero Trust to the Board — Metrics That Resonate</title>
      <link>https://alexasecurity.net/blog/zero-trust-and-the-board</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/zero-trust-and-the-board</guid>
      <category>Zero Trust Architecture</category>
      <pubDate>Fri, 30 Jan 2026 00:00:00 GMT</pubDate>
      <description>Zero Trust progress is hard to communicate to a board. Here are the metrics that survive a 10-minute board slot.</description>
    </item>
    <item>
      <title>Zero Trust for Data — Beyond Identity and Network</title>
      <link>https://alexasecurity.net/blog/zero-trust-data-protection</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/zero-trust-data-protection</guid>
      <category>Zero Trust Architecture</category>
      <pubDate>Thu, 29 Jan 2026 00:00:00 GMT</pubDate>
      <description>The data pillar of Zero Trust is the least mature. Here are the controls that actually move the needle.</description>
    </item>
    <item>
      <title>Microsegmentation Without the Pain — A Brownfield Recipe</title>
      <link>https://alexasecurity.net/blog/microsegmentation-without-pain</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/microsegmentation-without-pain</guid>
      <category>Zero Trust Architecture</category>
      <pubDate>Wed, 28 Jan 2026 00:00:00 GMT</pubDate>
      <description>Microsegmentation projects fail when started at the wrong scale. Start where it matters and grow outward.</description>
    </item>
    <item>
      <title>Policy-as-Code for Zero Trust — Getting Past the Honeymoon</title>
      <link>https://alexasecurity.net/blog/policy-as-code-zero-trust</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/policy-as-code-zero-trust</guid>
      <category>Zero Trust Architecture</category>
      <pubDate>Tue, 27 Jan 2026 00:00:00 GMT</pubDate>
      <description>Policy-as-code is exciting at first and then quickly becomes a maintenance burden. Here is how to keep it durable.</description>
    </item>
    <item>
      <title>Non-Human Identity — The Largest Identity Problem You Don&apos;t Track</title>
      <link>https://alexasecurity.net/blog/non-human-identity-explosion</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/non-human-identity-explosion</guid>
      <category>Zero Trust Architecture</category>
      <pubDate>Mon, 26 Jan 2026 00:00:00 GMT</pubDate>
      <description>Workload, service, and AI agent identities outnumber human identities by 50:1 in modern environments. Most are unmanaged.</description>
    </item>
    <item>
      <title>Device Trust — The Often-Missing Leg of Zero Trust</title>
      <link>https://alexasecurity.net/blog/device-trust-as-the-other-leg</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/device-trust-as-the-other-leg</guid>
      <category>Zero Trust Architecture</category>
      <pubDate>Sun, 25 Jan 2026 00:00:00 GMT</pubDate>
      <description>Identity gets attention; device trust gets shortchanged. Here&apos;s how to make device posture a real input to access decisions.</description>
    </item>
    <item>
      <title>ZTNA Replacing VPN — A Migration Plan That Doesn&apos;t Stall</title>
      <link>https://alexasecurity.net/blog/ztna-vs-vpn-migration</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/ztna-vs-vpn-migration</guid>
      <category>Zero Trust Architecture</category>
      <pubDate>Sat, 24 Jan 2026 00:00:00 GMT</pubDate>
      <description>Migrating from VPN to ZTNA fails most often on application discovery and contractor access. Here&apos;s the practical sequence.</description>
    </item>
    <item>
      <title>Service Mesh mTLS — The Easy Half of East-West Zero Trust</title>
      <link>https://alexasecurity.net/blog/service-mesh-mtls-zero-trust</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/service-mesh-mtls-zero-trust</guid>
      <category>Zero Trust Architecture</category>
      <pubDate>Fri, 23 Jan 2026 00:00:00 GMT</pubDate>
      <description>Mutual TLS in a service mesh handles workload identity and encryption. It does not handle authorization. Here&apos;s the gap to close.</description>
    </item>
    <item>
      <title>CISA Zero Trust Maturity Model 2.0 — A Useful Yardstick</title>
      <link>https://alexasecurity.net/blog/zero-trust-maturity-model-cisa</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/zero-trust-maturity-model-cisa</guid>
      <category>Zero Trust Architecture</category>
      <pubDate>Thu, 22 Jan 2026 00:00:00 GMT</pubDate>
      <description>The CISA Zero Trust Maturity Model 2.0 gives federal civilian agencies (and everyone else) a defensible scoring scheme.</description>
    </item>
    <item>
      <title>Zero Trust Architecture — Reading NIST SP 800-207 Like an Architect, Not a Vendor</title>
      <link>https://alexasecurity.net/blog/zero-trust-architecture-nist-800-207</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/zero-trust-architecture-nist-800-207</guid>
      <category>Zero Trust Architecture</category>
      <pubDate>Wed, 21 Jan 2026 00:00:00 GMT</pubDate>
      <description>NIST SP 800-207 is the most-cited Zero Trust document and the most-misread. The engineering-relevant interpretation: design principles, three deployment patterns, the PDP as the program, and the questions 800-207 deliberately leaves to you.</description>
    </item>
    <item>
      <title>EU AI Act — The Cybersecurity Obligations Most Teams Miss</title>
      <link>https://alexasecurity.net/blog/eu-ai-act-cybersecurity-impact</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/eu-ai-act-cybersecurity-impact</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Tue, 20 Jan 2026 00:00:00 GMT</pubDate>
      <description>The EU AI Act creates explicit cybersecurity obligations for high-risk AI systems. Here&apos;s the engineering work that is required.</description>
    </item>
    <item>
      <title>SWIFT CSCF — The Controls Banks Cannot Skip</title>
      <link>https://alexasecurity.net/blog/swift-cscf-controls</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/swift-cscf-controls</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Mon, 19 Jan 2026 00:00:00 GMT</pubDate>
      <description>The SWIFT Customer Security Controls Framework defines the minimum bar for participants in the global payments network.</description>
    </item>
    <item>
      <title>FedRAMP Moderate vs High — Choosing Without Overbuilding</title>
      <link>https://alexasecurity.net/blog/fedramp-moderate-vs-high</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/fedramp-moderate-vs-high</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Sun, 18 Jan 2026 00:00:00 GMT</pubDate>
      <description>FedRAMP impact level selection drives years of cost. Here&apos;s the practical framework for choosing Moderate vs High the first time.</description>
    </item>
    <item>
      <title>HITRUST CSF — When the Investment Pays Back</title>
      <link>https://alexasecurity.net/blog/hitrust-csf-when-to-pursue</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/hitrust-csf-when-to-pursue</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Sat, 17 Jan 2026 00:00:00 GMT</pubDate>
      <description>HITRUST CSF is the heaviest of the major healthcare-relevant certifications. Here&apos;s when the cost is justified and when it isn&apos;t.</description>
    </item>
    <item>
      <title>PSD2 SCA — Practical Patterns That Actually Pass</title>
      <link>https://alexasecurity.net/blog/psd2-strong-customer-authentication</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/psd2-strong-customer-authentication</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Fri, 16 Jan 2026 00:00:00 GMT</pubDate>
      <description>Strong Customer Authentication under PSD2 has hard exemptions and harder edge cases. Here are the patterns that stand up to RTS scrutiny.</description>
    </item>
    <item>
      <title>CCPA/CPRA — The Operational Reality Three Years In</title>
      <link>https://alexasecurity.net/blog/ccpa-cpra-operational-impact</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/ccpa-cpra-operational-impact</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Thu, 15 Jan 2026 00:00:00 GMT</pubDate>
      <description>What we have learned actually operating CCPA/CPRA programs at scale: rights workflows, sensitive data, and ad-tech minefields.</description>
    </item>
    <item>
      <title>NIS2 — Are You In Scope, and What Do You Owe?</title>
      <link>https://alexasecurity.net/blog/nis2-directive-scope</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/nis2-directive-scope</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Wed, 14 Jan 2026 00:00:00 GMT</pubDate>
      <description>NIS2 dramatically expanded the EU cybersecurity baseline. Many organizations still do not realize they are in scope.</description>
    </item>
    <item>
      <title>DORA — The EU&apos;s Financial Sector Resilience Mandate</title>
      <link>https://alexasecurity.net/blog/dora-financial-resilience</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/dora-financial-resilience</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Tue, 13 Jan 2026 00:00:00 GMT</pubDate>
      <description>The Digital Operational Resilience Act is now in force across EU financial entities. Here&apos;s the operational reality.</description>
    </item>
    <item>
      <title>HIPAA Security Rule Modernization — What&apos;s Coming</title>
      <link>https://alexasecurity.net/blog/hipaa-security-rule-modernization</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/hipaa-security-rule-modernization</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Mon, 12 Jan 2026 00:00:00 GMT</pubDate>
      <description>HHS proposed the most substantial HIPAA Security Rule update in 20 years. Here&apos;s what to start preparing for now.</description>
    </item>
    <item>
      <title>GDPR After Schrems II — Transfer Impact Assessments That Hold Up Under EDPB Scrutiny</title>
      <link>https://alexasecurity.net/blog/gdpr-after-schrems-ii</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/gdpr-after-schrems-ii</guid>
      <category>Compliance &amp; Regulation</category>
      <pubDate>Sun, 11 Jan 2026 00:00:00 GMT</pubDate>
      <description>Schrems II made transfer impact assessments mandatory. Here is what a defensible TIA actually contains, the supplementary measures that move the residual-risk verdict, and the boilerplate that earns fines.</description>
    </item>
    <item>
      <title>CMMC 2.0 — What the Defense Supply Chain Actually Has to Do</title>
      <link>https://alexasecurity.net/blog/cmmc-2-0-defense-supply-chain</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/cmmc-2-0-defense-supply-chain</guid>
      <category>International Standards</category>
      <pubDate>Sat, 10 Jan 2026 00:00:00 GMT</pubDate>
      <description>CMMC 2.0 is now the binding standard for the U.S. defense industrial base. Here&apos;s the practical scoping every supplier needs.</description>
    </item>
    <item>
      <title>CSA CCM and STAR — Cloud Assurance Without the Theater</title>
      <link>https://alexasecurity.net/blog/csa-ccm-and-star</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/csa-ccm-and-star</guid>
      <category>International Standards</category>
      <pubDate>Fri, 09 Jan 2026 00:00:00 GMT</pubDate>
      <description>The Cloud Security Alliance&apos;s CCM and STAR registry give defensible cloud assurance. Here&apos;s how to use them as a buyer and a seller.</description>
    </item>
    <item>
      <title>ISO/IEC 27017 — Cloud-Specific Controls Worth Implementing</title>
      <link>https://alexasecurity.net/blog/iso-27017-cloud-controls</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/iso-27017-cloud-controls</guid>
      <category>International Standards</category>
      <pubDate>Thu, 08 Jan 2026 00:00:00 GMT</pubDate>
      <description>ISO/IEC 27017 supplements 27002 for cloud services. Here are the controls that consistently pay back in real cloud programs.</description>
    </item>
    <item>
      <title>FIPS 140-3 — When &apos;Validated&apos; Actually Means Something</title>
      <link>https://alexasecurity.net/blog/fips-140-3-cryptographic-modules</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/fips-140-3-cryptographic-modules</guid>
      <category>International Standards</category>
      <pubDate>Wed, 07 Jan 2026 00:00:00 GMT</pubDate>
      <description>Why FIPS 140-3 is overtaking 140-2, what &apos;validated module&apos; really proves, and how to source it without slowing engineering.</description>
    </item>
    <item>
      <title>ISO/IEC 27701 — Bolting Privacy onto Your ISMS</title>
      <link>https://alexasecurity.net/blog/iso-27701-privacy-extension</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/iso-27701-privacy-extension</guid>
      <category>International Standards</category>
      <pubDate>Tue, 06 Jan 2026 00:00:00 GMT</pubDate>
      <description>ISO/IEC 27701 extends ISO 27001 into a Privacy Information Management System. Here&apos;s how to add it without doubling your audit cost.</description>
    </item>
    <item>
      <title>IEC 62443 — The Standard That Actually Speaks OT</title>
      <link>https://alexasecurity.net/blog/iec-62443-ot-cybersecurity</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/iec-62443-ot-cybersecurity</guid>
      <category>International Standards</category>
      <pubDate>Mon, 05 Jan 2026 00:00:00 GMT</pubDate>
      <description>Why IEC 62443 is the right starting point for industrial cybersecurity programs, and how it interlocks with NIST and ISO.</description>
    </item>
    <item>
      <title>PCI DSS 4.0 — The Customized Approach Demystified</title>
      <link>https://alexasecurity.net/blog/pci-dss-4-0-customized-approach</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/pci-dss-4-0-customized-approach</guid>
      <category>International Standards</category>
      <pubDate>Sun, 04 Jan 2026 00:00:00 GMT</pubDate>
      <description>PCI DSS 4.0&apos;s &apos;Customized Approach&apos; lets you meet a control&apos;s intent with your own design. Here&apos;s how to use it without inviting a finding.</description>
    </item>
    <item>
      <title>Engineering Your Way Through a SOC 2 Type II</title>
      <link>https://alexasecurity.net/blog/soc-2-type-ii-engineering-evidence</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/soc-2-type-ii-engineering-evidence</guid>
      <category>International Standards</category>
      <pubDate>Sat, 03 Jan 2026 00:00:00 GMT</pubDate>
      <description>How modern engineering organizations turn a SOC 2 Type II audit from a paperwork exercise into a continuous evidence pipeline.</description>
    </item>
    <item>
      <title>NIST CSF 2.0 — The Govern Function and Why It Matters</title>
      <link>https://alexasecurity.net/blog/nist-csf-2-0-explained</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/nist-csf-2-0-explained</guid>
      <category>International Standards</category>
      <pubDate>Fri, 02 Jan 2026 00:00:00 GMT</pubDate>
      <description>NIST Cybersecurity Framework 2.0 introduced a sixth core function: Govern. Here&apos;s what it changes for boards, programs, and audits.</description>
    </item>
    <item>
      <title>ISO/IEC 27001:2022 — Every Control Change That Matters (and the Audit Evidence Behind Each One)</title>
      <link>https://alexasecurity.net/blog/iso-27001-2022-what-changed</link>
      <guid isPermaLink="true">https://alexasecurity.net/blog/iso-27001-2022-what-changed</guid>
      <category>International Standards</category>
      <pubDate>Thu, 01 Jan 2026 00:00:00 GMT</pubDate>
      <description>A deep dive into the 11 new controls, four restructured themes, the auditor heuristics for each — and the evidence-by-design pattern that makes recertification a 90-day project.</description>
    </item>
  </channel>
</rss>
