Kathryn Renaud
@krenaud1.bsky.social
Cybersecurity analyst with a curiosity for AI and philosophy.
Building safer systems by day, exploring human systems by night.
💻 Security | 🌱 AI Hobbyist | 🧠 UPE Tech Chair | 👾 Gamer | 💬 Chronic Overthinker
Building safer systems by day, exploring human systems by night.
💻 Security | 🌱 AI Hobbyist | 🧠 UPE Tech Chair | 👾 Gamer | 💬 Chronic Overthinker
Hearing early, unconfirmed reports of a possible ransomware incident affecting a major behavior health provider. No public statement has been made yet, but I am monitoring for confirmation. Will be writing on this attack as soon as I have details available. #Cybersecurity #Healthcare #Ransomware
November 10, 2025 at 4:49 PM
Hearing early, unconfirmed reports of a possible ransomware incident affecting a major behavior health provider. No public statement has been made yet, but I am monitoring for confirmation. Will be writing on this attack as soon as I have details available. #Cybersecurity #Healthcare #Ransomware
Tech Diplomacy starts with empathy. As security pros, we must meet clients where they are, not where we wish they were. SMBs are facing breaches at staggering rates—we must ask better questions and stay accessible to protect those who need it most. #Cybersecurity #SMB #InfoSec #Empathy #Security
November 8, 2025 at 5:05 PM
Tech Diplomacy starts with empathy. As security pros, we must meet clients where they are, not where we wish they were. SMBs are facing breaches at staggering rates—we must ask better questions and stay accessible to protect those who need it most. #Cybersecurity #SMB #InfoSec #Empathy #Security
My latest article just went live — When Third-Party Risk Hits Home: The Allianz Breach. A look at how one phone call exposed thousands of records and why trust in vendors isn’t enough.
Read it here 👇
#Cybersecurity #Infosec #Risk #SupplyChain
Read it here 👇
#Cybersecurity #Infosec #Risk #SupplyChain
When Third-Party Risk Hits Home: The Allianz Breach
On a quiet Tuesday morning in July 2025, Allianz Life Insurance Company of North America discovered that it had been breached. But this wasn't the kind of attack their security teams had spent years p...
www.linkedin.com
November 7, 2025 at 5:33 PM
My latest article just went live — When Third-Party Risk Hits Home: The Allianz Breach. A look at how one phone call exposed thousands of records and why trust in vendors isn’t enough.
Read it here 👇
#Cybersecurity #Infosec #Risk #SupplyChain
Read it here 👇
#Cybersecurity #Infosec #Risk #SupplyChain
How feasible is iris-based MFA using a phone’s camera + AI? Instead of “something you have,” it becomes “something you are.” Curious what security folks think. #cybersecurity #MFA #biometrics
November 5, 2025 at 5:08 PM
How feasible is iris-based MFA using a phone’s camera + AI? Instead of “something you have,” it becomes “something you are.” Curious what security folks think. #cybersecurity #MFA #biometrics
Gatekeeping is not knowledge management. New staff are not unskilled, they just lack the hidden context others keep in their heads. Instead of “you should know this,” give them tools and clear notes so they can succeed. We rise by sharing knowledge.
#TechLife #SupportEachOther #Documentation #IT
#TechLife #SupportEachOther #Documentation #IT
November 1, 2025 at 5:09 PM
Gatekeeping is not knowledge management. New staff are not unskilled, they just lack the hidden context others keep in their heads. Instead of “you should know this,” give them tools and clear notes so they can succeed. We rise by sharing knowledge.
#TechLife #SupportEachOther #Documentation #IT
#TechLife #SupportEachOther #Documentation #IT
In my anti-hero era for #Halloween and I can’t wait to start working on some new content/articles. I hope everyone has a good day and enjoys the rest of the spooky season! #keepitspooky #lovehalloween
October 31, 2025 at 8:02 PM
In my anti-hero era for #Halloween and I can’t wait to start working on some new content/articles. I hope everyone has a good day and enjoys the rest of the spooky season! #keepitspooky #lovehalloween
Happy Halloween to the cybersecurity and technology experts of the world! I hope the day for everyone has been spectacular! #happyhalloween #gocybersecurity #gotechnology
October 31, 2025 at 7:59 PM
Happy Halloween to the cybersecurity and technology experts of the world! I hope the day for everyone has been spectacular! #happyhalloween #gocybersecurity #gotechnology
This is my theory: Auth abuse (like the F5 + Salesloft cases) triggered rushed identity hardening across the industry. Entra’s recent issues may be the growing pains. Tho if the security fixes break everything like this, can we really trust them?
#CyberSecurity #IAM #OAuth #ZeroTrust #Microsoft
#CyberSecurity #IAM #OAuth #ZeroTrust #Microsoft
October 29, 2025 at 5:27 PM
This is my theory: Auth abuse (like the F5 + Salesloft cases) triggered rushed identity hardening across the industry. Entra’s recent issues may be the growing pains. Tho if the security fixes break everything like this, can we really trust them?
#CyberSecurity #IAM #OAuth #ZeroTrust #Microsoft
#CyberSecurity #IAM #OAuth #ZeroTrust #Microsoft
Vendor OAuth is the hidden backdoor most orgs ignore. Salesloft-Drift proves incident response without systemic change fails. Monitoring + token discipline must become standard.
#CyberSecurity #APIsecurity #OAuth #SupplyChainRisk #Infosec #CISO #ZeroTrust
#CyberSecurity #APIsecurity #OAuth #SupplyChainRisk #Infosec #CISO #ZeroTrust
Two Months After Salesloft-Drift: What We Know Now and What's Still Broken
Two months ago, attackers compromised one vendor and accessed 700+ Salesforce instances. By October 28, 2025, the crisis response is complete.
www.linkedin.com
October 29, 2025 at 5:20 PM
Vendor OAuth is the hidden backdoor most orgs ignore. Salesloft-Drift proves incident response without systemic change fails. Monitoring + token discipline must become standard.
#CyberSecurity #APIsecurity #OAuth #SupplyChainRisk #Infosec #CISO #ZeroTrust
#CyberSecurity #APIsecurity #OAuth #SupplyChainRisk #Infosec #CISO #ZeroTrust
Cybersecurity isn’t failing from lack of tech — it’s failing from lack of maturity. My latest piece explores how MSPs could evolve from service delivery to capability building and reshape resilience itself.
#Cybersecurity #MSP #RiskManagement #Innovation #Resilience #SecurityMaturity #InfoSec
#Cybersecurity #MSP #RiskManagement #Innovation #Resilience #SecurityMaturity #InfoSec
The Maturity Divide: How Forward-Thinking MSPs Could Evolve
Cybersecurity isn't failing because of technology. It's failing because of organizational immaturity and because many leaders still view protection as an IT expense rather than a business foundation.
www.linkedin.com
October 26, 2025 at 10:05 PM
Cybersecurity isn’t failing from lack of tech — it’s failing from lack of maturity. My latest piece explores how MSPs could evolve from service delivery to capability building and reshape resilience itself.
#Cybersecurity #MSP #RiskManagement #Innovation #Resilience #SecurityMaturity #InfoSec
#Cybersecurity #MSP #RiskManagement #Innovation #Resilience #SecurityMaturity #InfoSec
When the guard falls, the ripple spreads. My latest piece dives into the F5 breach—how it happened, what it means for global supply chains, and how IRF Theory could’ve changed the outcome.
Read here 👉 www.linkedin.com/pulse/when-g...
#CyberSecurity #F5 #IRFTheory #DataBreach #Resilience
Read here 👉 www.linkedin.com/pulse/when-g...
#CyberSecurity #F5 #IRFTheory #DataBreach #Resilience
When the Guard is Breached: The F5 Incident and Lessons for the Supply Chain
Executive Overview On October 15, 2025, F5 disclosed a cybersecurity breach that compromised portions of its internal systems, including source code and vulnerability data related to its flagship BIG-...
www.linkedin.com
October 21, 2025 at 4:06 PM
When the guard falls, the ripple spreads. My latest piece dives into the F5 breach—how it happened, what it means for global supply chains, and how IRF Theory could’ve changed the outcome.
Read here 👉 www.linkedin.com/pulse/when-g...
#CyberSecurity #F5 #IRFTheory #DataBreach #Resilience
Read here 👉 www.linkedin.com/pulse/when-g...
#CyberSecurity #F5 #IRFTheory #DataBreach #Resilience
Remember folks! Keep up with the #hustle and don’t let the lack of immediate #motivation get in the way of your success. This goes from inside the cybersecurity space all the way to everyday life!
October 20, 2025 at 1:28 PM
Remember folks! Keep up with the #hustle and don’t let the lack of immediate #motivation get in the way of your success. This goes from inside the cybersecurity space all the way to everyday life!
Your data got exposed? You’re not powerless.
Traceless put together a great guide on what to do after a breach — from enabling MFA to securing every account you have. Check it out here:
👉 traceless.com/so-your-pers...
#Cybersecurity #DataBreach
Traceless put together a great guide on what to do after a breach — from enabling MFA to securing every account you have. Check it out here:
👉 traceless.com/so-your-pers...
#Cybersecurity #DataBreach
So your Personal Data's Been Stolen - Traceless.com
Learn how to turn on MFA on over 100 services to ensure you're safe in the event of a corporate data breach!
traceless.com
October 16, 2025 at 8:56 PM
Your data got exposed? You’re not powerless.
Traceless put together a great guide on what to do after a breach — from enabling MFA to securing every account you have. Check it out here:
👉 traceless.com/so-your-pers...
#Cybersecurity #DataBreach
Traceless put together a great guide on what to do after a breach — from enabling MFA to securing every account you have. Check it out here:
👉 traceless.com/so-your-pers...
#Cybersecurity #DataBreach
FYI for anyone seeing the cold takes about CISA “extending” F5 patch timelines — the directive calls the threat imminent and sets tight deadlines (Oct 22 & 31). No mention of shutdowns or staffing. Cyber defense roles are legally excepted — they can’t be furloughed or left unpaid.
#FYI #CISA #F5
#FYI #CISA #F5
The timelines in this CISA directive to patch F5 vulnerabilities are not grounded in the relative risk posed. The required remediation timelines have been artificially extended to ensure there's a possibility for compliance given staff impacted by the shutdowns.
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
ED 26-01: Mitigate Vulnerabilities in F5 Devices | CISA
Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information security
www.cisa.gov
October 16, 2025 at 5:51 PM
🚨CISA’s latest malware analysis 🚨exposes Ivanti EPMM exploits (CVE-2025-4427 & -4428) used for persistent code injection. MDMs remain one of the most overlooked threat surfaces—patch fast, monitor deeper.
#CyberSecurity #CISA #Ivanti #ThreatIntel #IncidentResponse #MDM #InfoSec
#CyberSecurity #CISA #Ivanti #ThreatIntel #IncidentResponse #MDM #InfoSec
Redirect to https://www.cisa.gov/news-events/analysis-reports/ar25-261a
go.dhs.gov
October 16, 2025 at 2:25 PM
🚨CISA’s latest malware analysis 🚨exposes Ivanti EPMM exploits (CVE-2025-4427 & -4428) used for persistent code injection. MDMs remain one of the most overlooked threat surfaces—patch fast, monitor deeper.
#CyberSecurity #CISA #Ivanti #ThreatIntel #IncidentResponse #MDM #InfoSec
#CyberSecurity #CISA #Ivanti #ThreatIntel #IncidentResponse #MDM #InfoSec
My top 5 horror movies this season: 🫦Killer Crush, 💀Death Becomes Her, 🖤 Only Lovers Left Alive, 🌺 Don’t Worry Darling, and 🌙 B’twixt Now and Sunrise.
Beautiful people making terrible choices under moody lighting - my favorite.
#halloween #spookyseason #horrormovies
Beautiful people making terrible choices under moody lighting - my favorite.
#halloween #spookyseason #horrormovies
October 15, 2025 at 5:20 PM
My top 5 horror movies this season: 🫦Killer Crush, 💀Death Becomes Her, 🖤 Only Lovers Left Alive, 🌺 Don’t Worry Darling, and 🌙 B’twixt Now and Sunrise.
Beautiful people making terrible choices under moody lighting - my favorite.
#halloween #spookyseason #horrormovies
Beautiful people making terrible choices under moody lighting - my favorite.
#halloween #spookyseason #horrormovies
🩸 A patient died waiting for a blood test that never came. When cyberattacks hit healthcare, the network becomes the patient. Read my latest analysis on the Synnovis NHS breach and why continuity must equal safety.
Check out below!
#CyberSecurity #Healthcare #IRF #NHS #CyberResilience
Check out below!
#CyberSecurity #Healthcare #IRF #NHS #CyberResilience
The Blood Test That Never Came
Executive Summary On June 7th, 2024, a patient at one of southeast London's major NHS hospitals died waiting for blood test results that would never arrive. The samples had been drawn and sent to Synn...
www.linkedin.com
October 11, 2025 at 6:29 PM
🩸 A patient died waiting for a blood test that never came. When cyberattacks hit healthcare, the network becomes the patient. Read my latest analysis on the Synnovis NHS breach and why continuity must equal safety.
Check out below!
#CyberSecurity #Healthcare #IRF #NHS #CyberResilience
Check out below!
#CyberSecurity #Healthcare #IRF #NHS #CyberResilience
I can’t stop laughing at the shock over how Americans are handling the #europeanpickpockets. Like… our jobs rob us every single day and we can’t fight back. You really think a pickpocket is gonna ruin the one international vacation someone gets in a lifetime? 😂
October 7, 2025 at 10:38 PM
I can’t stop laughing at the shock over how Americans are handling the #europeanpickpockets. Like… our jobs rob us every single day and we can’t fight back. You really think a pickpocket is gonna ruin the one international vacation someone gets in a lifetime? 😂
🚨 A single click shut down an ER. 28 minutes lost, 15% of a heart gone forever. My latest piece: how ransomware crippled a hospital & how IRF could have stopped it. 👉 www.linkedin.com/pulse/waitin...
#CyberSecurity #Healthcare #Ransomware #InfoSec #IRF #PatientSafety
#CyberSecurity #Healthcare #Ransomware #InfoSec #IRF #PatientSafety
The Waiting Room Massacre: When the ER Went Dark
Code Blue at County General At 2:47 AM on a Tuesday in March 2025, the emergency room at a 50-bed rural hospital went dark. Not the lights — the monitors, charts, and the hospital’s nervous hum of cli...
www.linkedin.com
October 2, 2025 at 10:09 PM
🚨 A single click shut down an ER. 28 minutes lost, 15% of a heart gone forever. My latest piece: how ransomware crippled a hospital & how IRF could have stopped it. 👉 www.linkedin.com/pulse/waitin...
#CyberSecurity #Healthcare #Ransomware #InfoSec #IRF #PatientSafety
#CyberSecurity #Healthcare #Ransomware #InfoSec #IRF #PatientSafety
Who’s really pulling the strings in cyber? 🎭 My new article dives into the hidden risks of outsourcing & third-party access. Check it out:
#Cybersecurity #Infosec #SupplyChain #ZeroTrust #ThreatIntelligence #CyberDefense #DataProtection #DigitalRisk #SecurityStrategy
#Cybersecurity #Infosec #SupplyChain #ZeroTrust #ThreatIntelligence #CyberDefense #DataProtection #DigitalRisk #SecurityStrategy
The Puppet Masters of Cybersecurity
The Puppet Masters of Cybersecurity Opening On the surface, every business likes to believe it is running the show with the spotlight firmly on its own stage. But look closer and you will see the stri...
www.linkedin.com
September 29, 2025 at 9:07 PM
Who’s really pulling the strings in cyber? 🎭 My new article dives into the hidden risks of outsourcing & third-party access. Check it out:
#Cybersecurity #Infosec #SupplyChain #ZeroTrust #ThreatIntelligence #CyberDefense #DataProtection #DigitalRisk #SecurityStrategy
#Cybersecurity #Infosec #SupplyChain #ZeroTrust #ThreatIntelligence #CyberDefense #DataProtection #DigitalRisk #SecurityStrategy
🔐 New article: Wedding Crashers — Cybersecurity & the Genea Fertility Clinic. Why patient trust + data protection in fertility care can’t be ignored. Read here ➡️ www.linkedin.com/pulse/weddin...
#Cybersecurity #HealthTech #DataPrivacy #Fertility
#Cybersecurity #HealthTech #DataPrivacy #Fertility
The Wedding Crashers of Cybersecurity - Genea Fertility Clinic Breach
Fun Analogy Picture a wedding in full swing. Music drifts across the hall, candles glow on every table, and the bride and groom move from guest to guest with that kind of joy that only comes once.
www.linkedin.com
September 27, 2025 at 7:44 PM
🔐 New article: Wedding Crashers — Cybersecurity & the Genea Fertility Clinic. Why patient trust + data protection in fertility care can’t be ignored. Read here ➡️ www.linkedin.com/pulse/weddin...
#Cybersecurity #HealthTech #DataPrivacy #Fertility
#Cybersecurity #HealthTech #DataPrivacy #Fertility
Buying a home is now framed as a ‘savvy hack.’ People used to just… have homes. Instead of cheering how good we’ve become at being poor, maybe pay what we’re worth & build the housing you promised.
#GenZHousing #AffordabilityCrisis #HousingForAll #PayWagesThatMatter #2008CrashEffects #ShoeboxLiving
#GenZHousing #AffordabilityCrisis #HousingForAll #PayWagesThatMatter #2008CrashEffects #ShoeboxLiving
I'm a 28-year-old Gen Zer who bought an apartment in NYC. It was easier than I expected.
Like many other Gen Z homeowners, I bought my NYC apartment as a single buyer. Affordability is a major issue for Gen Z, but here's how I handled it.
www.businessinsider.com
September 13, 2025 at 6:38 PM
Buying a home is now framed as a ‘savvy hack.’ People used to just… have homes. Instead of cheering how good we’ve become at being poor, maybe pay what we’re worth & build the housing you promised.
#GenZHousing #AffordabilityCrisis #HousingForAll #PayWagesThatMatter #2008CrashEffects #ShoeboxLiving
#GenZHousing #AffordabilityCrisis #HousingForAll #PayWagesThatMatter #2008CrashEffects #ShoeboxLiving
Governance failures aren’t “if” but “when” — Salt Typhoon & Jaguar breach show state-backed attacks exploit oversight gaps. Strong governance, intel sharing & risk management = resilience.
#CyberSecurity #Governance #InfoSec #RiskManagement #ZeroTrust #CyberResilience #AI #Leadership #TrendWatch
#CyberSecurity #Governance #InfoSec #RiskManagement #ZeroTrust #CyberResilience #AI #Leadership #TrendWatch
Salt Typhoon Attacks Jaguar: The Breach That Governance Could Have Prevented
The Breach that Stopped Jaguar When Salt Typhoon infiltrated Jaguar’s network, it didn’t use a zero-day exploit or cutting-edge malware. Instead, the breach occurred through a few forgotten vendor acc...
www.linkedin.com
September 12, 2025 at 6:23 PM
Governance failures aren’t “if” but “when” — Salt Typhoon & Jaguar breach show state-backed attacks exploit oversight gaps. Strong governance, intel sharing & risk management = resilience.
#CyberSecurity #Governance #InfoSec #RiskManagement #ZeroTrust #CyberResilience #AI #Leadership #TrendWatch
#CyberSecurity #Governance #InfoSec #RiskManagement #ZeroTrust #CyberResilience #AI #Leadership #TrendWatch