Learn how GitGuardian helps boards and CISOs align on cyber risk, operational resilience, and the rising impact of unmanaged workload identities at scale.
The post Boards Focus On Risk, Resilience, and Operational Realities: Where NHI Governance Fits In appeared first on Security Boulevard.
Author: Paula Januszkiewicz, CEO of CQURE & CQURE Academy, Cybersecurity Expert, MVP & RD, MCT
Intro
Cybersecurity used to have a relatively shared vocabulary. Firewalls. Antivirus. Patching. Perimeter defense. These concepts once formed a common language understood not only by security teams, but also by IT, leadership, and even non-technical stakeholders. Security discussions were simpler, threat models were narrower, and defensive responsibilities were more clearly defined.
Today, that language no longer exists in a simple or unified form.
Modern cybersecurity has evolved into a highly fragmented, deeply specialized, and fast-moving discipline that spans cloud architectures, identity-centric security, AI-driven threats, supply-chain exposure, regulatory pressure, and advanced incident response. The result is paradoxical: even cybersecurity specialists struggle to stay fully up to date.
This is not a failure of individuals. It is a structural shift in the industry.
And it has profound consequences for how organizations must think about talent, training, and resilience.
Before We Talk About Cybersecurity, Answer This
Before diving into market dynamics or strategic direction, take a moment to stop and ask yourself – honestly:
1. Do you feel that today your own, or your team’s, cybersecurity skills are truly up to date?
2. When you look at current cybersecurity challenges and long-term security strategy, do you genuinely feel that you “have this under control”?
From my perspective, more and more often across our enterprise and SMB clients, I hear significant hesitation. There used to be more confidence when this language was simpler, even though confidence does not always equal readiness, and familiarity does not guarantee fluency. The industry has changed faster than most organizations realize – not only in terms of threats and technologies, but in the very language used to describe, detect, and defend against them.
The Language of Cybersecurity Has Changed – And Most Organizations Can’t Speak It
Cybersecurity isn’t what it used to be. Today, even experienced cybersecurity professionals struggle to stay current with the breadth and pace of change. It almost feels that if you do not keep yourself intensively up to date, you are not only downgrading yourself from the skills perspective but also it’s hard to think about ideas, while we are not familiarized with new terms. How can we grow then, if we
get stuck in language? This is not a matter of perception – the data ((ISC)² Cybersecurity Workforce Study 2025) clearly shows an industry at a turning point, where cybersecurity talent is scarce and increasingly difficult to develop without deliberate internal investment.
In 2026, organizations will not be just short of cybersecurity professionals – they will be short of professionals with the right skills.
From the aforementioned global workforce research, in 2025 one trend is unmistakably clear: while cybersecurity workforce shortages continue to exist, the nature of the problem has fundamentally shifted. Organizations are no longer struggling solely to fill open positions – they are struggling to ensure that their teams can operate effectively in a rapidly evolving threat landscape. The research shows that nearly 60% of organizations report critical or significant cybersecurity skills shortages, while over 90% identify at least one key skills gap within their security teams. Importantly, many organizations acknowledge that filling open roles alone does not eliminate operational risk, as newly hired professionals often require substantial upskilling before they can function effectively in modern security environments.
This is truly a significant issue. To defend current threats we need to understand each other more than ever. How can we do that, as we keep using language that we may not always understand or even worse – speak through different definitions of concepts in cybersecurity.
Let me share with you common example that almost on a weekly basis I happen to encounter: we all speak about testing LLM models. Do we really know how to approach this and what is the expected outcome?
In my opinion, the implications of this skills gap extend far beyond staffing challenges. This is, in fact, huge operational risk that will hit us from behind if we do not address it today.
Crucially, IBM’s analysis (IBM: Cost of a Data Breach Report 2025) demonstrates that organizations experiencing significant cybersecurity skills shortages incur markedly higher breach costs, often millions of dollars more per incident than organizations with mature, well-trained security teams. This establishes a direct and measurable link between skills gaps and financial exposure, confirming that workforce capability is not a soft issue, but a core risk factor.
Broader breach investigations conducted at CQURE in 2025 reinforce this conclusion. Across sectors, human-driven factors – including misconfigurations, phishing attacks, and credential misuse – continue to rank among the most common root causes of security incidents. These findings highlight a critical reality: effective cybersecurity defense depends not only on advanced technology, but on people who can correctly interpret signals, understand modern attack patterns, and act decisively under pressure.
Taken together, the evidence points to a clear conclusion:
When organizations lack professionals who speak the language of modern cybersecurity, the cost is paid repeatedly – in financial loss, operational disruption, reputational damage, and erosion of strategic trust in partnerships.
From One Discipline to Many: Why Cybersecurity Became So Hard to “Speak”
Cybersecurity didn’t suddenly become complex – it accumulated complexity over time.
In 2025, a single security role may be expected to understand:
– Cloud-native infrastructure and misconfiguration risk
– Identity and access management across hybrid environments
– AI-assisted attacks and AI governance risks
– DevSecOps pipelines and software supply-chain threats
– Detection engineering, threat hunting, and automation
– Regulatory obligations such as NIS2, DORA, or sector-specific frameworks
Each of these areas evolves independently – often faster than traditional education, certification, or hiring models can keep up. What was once a linear career path has become a multidimensional challenge requiring constant recalibration.
Conclusions are direct and clear:
– Skills shortages are now considered a larger risk than headcount shortages
– Nearly all organizations report missing critical, modern cybersecurity capabilities
– The gap is no longer “how many people we have” – but whether they understand today’s threat language
This explains a reality many CISOs quietly acknowledge: Teams are staffed, but not fully fluent. Sounds familiar?
The Modern Reality: Complexity Meets Scarcity
Research from (ISC)² estimates the global cybersecurity workforce gap may exceed ~4–4.8 million unfilled roles in 2025, even as hiring budgets compress and economic pressures rise.
This gap isn’t just numerical – it’s semantic and cognitive. Roles today require fluency across multiple domains (e.g., cloud security, identity management, AI governance, incident response automation, threat intel pipelines, DevSecOps integration). Many professionals struggle to keep pace with emerging attack surfaces (like Shadow AI) and the complex defensive measures needed to counter them.
As a result, organizations increasingly find themselves in a paradoxical situation: security teams exist, tools are deployed, but understanding is fragmented.
Why the Market Cannot Simply “Hire Its Way Out” of the Problem
The natural reaction to skills shortages is hiring. In cybersecurity, this approach is no longer sufficient.
1. Talent Is Scarce – and Competition Is Global
In 2025, millions of cybersecurity roles remain unfilled worldwide. Even when budgets exist, organizations compete for the same limited pool of specialists – often losing them to global players, consultancies, or vendors.
2. Experience ≠ Currency
Years in cybersecurity do not automatically translate into readiness for:
– Cloud identity attacks
– AI-enabled social engineering
– Modern breach response workflows
– Detection-driven security operations
Without continuous upskilling, even strong professionals fall behind.
3. Budget Pressure Limits External Hiring
Economic uncertainty and cost optimization mean many organizations cannot endlessly expand security teams. Instead, they must extract more value – and more capability – from the people they already have.
This is why internal development is no longer “nice to have.” It is the only scalable option.
When Teams Don’t Speak the Language, Costs Skyrocket
The business consequences of this linguistic divide are measurable and severe.
According to IBM’s 2025 Cost of a Data Breach Report, the global average cost of a data breach in 2025 reached USD 4.44 million. While this represents a modest decrease from previous record highs, it remains a substantial financial burden for organizations of all sizes. In the United States, breach costs escalated further, reaching an average of USD 10.22 million per incident – the highest level recorded to date. With the current trend, this is likely to worsen, as we step into a fake sense of security in a smaller or bigger scale. Critically, breaches in organizations with significant security skills shortages cost much more (often millions higher) than in organizations with better-resourced security teams – a direct indicator that talent and skills gaps translate into financial risk.
Data from wider industry analyses also show that human factors – including misconfigurations and phishing – remain major drivers of incidents, underscoring that both technical and human language fluency matters in defense.
The takeaway? When your team can’t understand and respond to modern attack vectors or technologies, your organization pays – in dollars, disruption, reputation, and strategic trust.
Training From Within: The Only Way Forward
If cybersecurity has a language, organizations must do two things:
1. Invest in Internal Skill Development
Training current staff – rather than just relying on external hiring – is now a strategic imperative.
Structured, continuous learning programs help teams stay current with evolving domains such as cloud security, threat intelligence frameworks, identity-first security, and AI risk governance. Skills development isn’t a one-off event: it’s an ongoing commitment that must evolve as fast as the threats themselves. An organization’s capacity to learn often becomes the differentiator between resilience and vulnerability.
2. Ensure Fluency in the Latest Cybersecurity Concepts
Today’s security professionals must be literate not only in technical tools but in the language of current threats and defenses. This includes:
– AI-driven attacks and adversarial models
– Cloud and hybrid infrastructure risk models
– Secure software development lifecycles (DevSecOps)
– Identity-driven access and zero-trust frameworks
– Incident response automation and orchestration
Organizations that don’t cultivate this fluency internally are left with teams that can maintain legacy controls but cannot lead strategic defense.
Conclusion: Reclaiming the Language of Cybersecurity
Cybersecurity didn’t become complex because we wanted it to; it evolved because threats, technologies, and enterprises became more capable – and more vulnerable.
The reality in 2026 is undeniable:
– Cyber risks remain massive and growing – measured in trillions of dollars annually
– Breach costs remain multi-million dollar events with substantial operational fallout
– Skills gaps and talent shortages are fundamental risk multipliers
The solution isn’t just more hiring – it’s training, fluency, and lifelong learning within the organization.
To secure the digital enterprise of today and tomorrow, organizations must embrace internal talent development as a strategic defense, and ensure that their teams speak the language of modern cybersecurity – not yesterday’s vocabulary.
Cybersecurity didn’t lose its language by accident. The question is whether organizations are willing to relearn it – together.
Thank you for your time and reading this article! We would like to thank you by giving you a 25% Discount Code: 25DISCOUNT, to be used at the checkout for a training program that addresses that skills gap. Coupons can’t be applied to products already on sale. Valid until February 28, 2026.
Why the Cybersecurity Master Annual Program from CQURE Exists and how to address this gap?
We have done our homework to respond to the shifting market and we have created a fully customizable up to a year-long program that allows us to address the skills and language gap. We have called it Cybersecurity Master Annual Program, where you can attend 16 important classes throughout the year or pick ones that fit you and your Team.
This exact industry problem is why the Cybersecurity Master Annual Program (CMAP) was created by CQURE. CMAP was not designed as a single course. It was designed as a living program that evolves with the cybersecurity landscape. CMAP is not a single course. It is a living program that evolves with the cybersecurity landscape.
How CMAP Directly Addresses the Skills & Language Gap
Let me explain it, but first check out information about our training here: LINK and in case of questions reach out to us at: training@cqureacademy.com.
1. Continuous Learning Instead of One-Time Training
CMAP runs throughout the year, ensuring participants stay aligned with:
– Current attack techniques
– Evolving defensive strategies
– Real-world incident response practices
– Emerging technologies and regulations
This directly reflects how cybersecurity actually changes – continuously.
2. A Unified Cybersecurity Language
Rather than teaching isolated silos, CMAP connects:
– Identity, cloud, endpoints, and detection
– Offensive and defensive perspectives
– Strategy, operations, and execution
Participants don’t just “know more” – they think in modern cybersecurity terms.
3. Built for Working Professionals
The program is designed for professionals who:
– Cannot step away from work for long periods
– Need practical, applicable knowledge
– Want depth without losing strategic perspective
This makes CMAP ideal for internal talent development inside organizations.
Accessible by Design: Subscription & Financing Options
Recognizing that budgets and personal situations differ, CMAP offers:
– Multiple subscription models
– Flexible payment options
– Financing possibilities for those who cannot pay the full amount upfront
This ensures that access to modern cybersecurity education is not limited by cash-flow timing.
Download this article in PDF format
Sources (2025)
1. (ISC)² – Cybersecurity Workforce Study 2025
2. IBM Security – Cost of a Data Breach Report 2025
3. Verizon – Data Breach Investigations Report (DBIR) 2025
4. WEF – https://www.weforum.org/stories/2024/04/cybersecurity-industry-talent-shortage-new-report/
Want to know more?
The post Cybersecurity Lost Its Natural Language And Why Upskilling Is the Only Way to Bridge the Gap appeared first on CQURE Academy.
On behalf of the NASA Engineering and Safety Center (NESC), I am pleased to provide you with the 2025 NESC Technical Update. This annual report summarizes the technical work, engineering advancements, and knowledge capture efforts we made in FY25. With support provided by members of our NASA community from across the centers, we focused our efforts on performing value-added independent testing, analysis, and assessments of NASA’s high-risk projects to ensure safety and mission success.
We appreciate the opportunity to share our progress and highlight our FY25 accomplishments. This report and all other NESC knowledge products are available at nasa.gov/nesc. As always, we value your feedback and engagement. Thank you for your continuing support of the NESC.
Timmy R. Wilson
Director, NASA Engineering and Safety Center
Ross and Katherine Marquette were service industry veterans when the COVID-19 pandemic left them both jobless. They maintained a connection to their old lives by delivering DoorDash orders. “We found a way to survive and make enough money,” Ross said. But it was their next move that proved to have staying power. Using a refurbished smoker they already owned, the couple began a series of barbecue pop-ups at local breweries in the DFW area under the name Smoke & Bone.In 2023, they decided that, after a few years of roaming with their tent and tables, a stable address was required to grow the business. David Slaughter of Slaughter’s BBQ was moving into a stand-alone space in Sulphur Springs and told them he was selling his…The post A Small Fort Worth BBQ Trailer Puts Stunning Variety on Its Menu appeared first on Texas Monthly.
Sabar BBQ, a Texas Monthly Top 50 barbecue joint in Fort Worth, has closed for good. Earlier this month, owner Zain Shafi announced on Instagram that Saturday, December 20, would be its final day of service. But Shafi isn’t done with barbecue. He recently bought an ownership share in Goldee’s, also in Fort Worth, where he first began his journey as a pitmaster. The joint’s other owners include Jalen Heard, Lane Milne, and Nupohn Inthanousay.“If this opportunity wouldn’t have happened, we were going to take the next step [with Sabar],” Shafi said. After two years of running Sabar BBQ out of a small trailer in a parking lot, Shafi felt the business was at an inflection point. His first instinct was to expand by opening…The post A Former Goldee’s Pitmaster Returns as an Owner appeared first on Texas Monthly.
What were the most memorable dishes you grilled in 2025? I know my favorites. And we also know what you liked. Every year, a handful of recipes stand out from the rest. They’re the recipes that our readers—you—request again and again. As the year wraps up, we scanned the data to see which Barbecuebible.com recipes you actually cooked the most. From sizzling steaks to comfort classics. From low and slow smoking to spectacular side dishes, these are the ten recipes that defined grilling this year.
What will you grill next year? Stay tuned for Steven Raichlen’s end of the year Grilling Trends for 2026!
These slow-cooked beans are smoky, sweet, and deeply savory—the kind of side dish that quietly steals the show. They’re rich, comforting, and perfect for feeding a crowd.
Best time to cook this: Backyard cookouts, potlucks, or anytime the grill is already hot.
Sweet, smoky, and glazed to perfection, this salmon candy hits that irresistible sweet-salty balance. It’s a reader favorite for good reason—and dangerously snackable.
Best time to cook this: Weekend smoking sessions or as a make-ahead appetizer.
Juicy beef, soaked in savory jus, piled high on a crusty roll—this is comfort food with attitude. It’s bold, messy, and completely satisfying.
Best time to cook this: Game days, casual gatherings, or anytime you’re feeding hungry guests.
This low-and-slow classic delivers deep, beefy flavor with a touch of elegance. Smoking transforms an old-school dish into something truly memorable.
Best time to cook this: Cool-weather weekends when you want to linger by the smoker.
Once you try making corned beef yourself, it’s hard to go back. The flavor is cleaner, beefier, and far more rewarding than store-bought.
Best time to cook this: Late winter, early spring, or when you’re planning ahead for a special meal.
Crispy skins, fluffy interiors, and endless filling options make this a sleeper hit. It’s comfort food done the barbecue way.
Best time to cook this: As a hearty side dish or a casual main for weeknight grilling.
Homemade bacon is a project—but one that pays off big. The flavor, texture, and pride factor are on a whole different level.
Best time to cook this: When you have a free weekend and a little patience.
This recipe focuses on technique, delivering tender slices without over complicating the process. It’s a go-to for cooks looking to sharpen their brisket skills.
Best time to cook this: Long weekend cooks or overnight smoking sessions.
Simply seasoned meat and a bright, fresh sauce let the grill do the talking. It’s proof that great barbecue doesn’t need to be complicated.
Best time to cook this: Summer grilling nights when you want big flavor with minimal prep.
Smoky, hearty, and deeply satisfying, this chili has become a repeat cook for many readers. It’s a bowl you’ll want seconds of.
Best time to cook this: Fall and winter, or anytime you want comfort food with fire.
Looking back, what stands out isn’t just what we cooked—it’s what we kept coming back to. These recipes earned their place by delivering every time, whether it was a weeknight dinner or a long weekend cook. If you’re planning your next round of grilling, this list is a solid place to start—and you’ll find plenty more inspiration waiting across the site and in the Up in Smoke newsletter.
Check out our 1000+ Recipes section here on Barbecue Bible.ComAlso, sign up for our Up in Smoke newsletter so you don't miss any blogs and receive some special offers! PLUS get Raichlen's Burgers! PDF for free!
Follow Steven on Facebook, Instagram, YouTube, TikTok, Reddit, and Pinterest!
Check out our store powered by BBQGuys!
The post The Top 10 Barbecue Bible Recipes of the Year appeared first on Barbecuebible.com.
Back in 2020, two retired couples from Paris, Brad and Christi Coe and Greg and Penny Skidmore, were discussing their futures. “We were talking about getting a camper and traveling across the world,” Penny recalls. Soon after, an ad popped up on Facebook for a used Airstream trailer in nearby Clarksville, in the far northeastern corner of Texas. They all drove down together to take a look and decided to buy it. As they were renovating it, the idea of a commercial kitchen supplanted the bedroom layout. “I don’t know how that part happened,” Penny admits, but the plan shifted to realize her husband’s lifelong dream of running a restaurant. Along with help from the Coes’ daughter Catelin and granddaughter MaryAnn, the couples opened Fireside…The post Two Retired Couples Bought an Airstream to Travel. Now It’s a Barbecue Joint. appeared first on Texas Monthly.
Three years ago, Gregg and Casey Lee Ring watched as a building burned uncontrollably in Flatonia, a town about midway between Houston and San Antonio. Once the damage was cleared, the owner put the empty lot up for sale. Gregg, a budding barbecue cook at the time, saw the potential of the prominent location along Main Street and bought it to set up the trailer for Casey Lee’s Family Craft BBQ. Casey, noticing that locals had criticized the volunteer fire department online about the incident, joined Flatonia Fire & Rescue.“That unfortunate day spurred on a lot of things in our life,” Gregg said. It also allowed Flatonia to get some remarkably good barbecue.Don’t expect smoked brisket every time you visit the Saturdays-only joint. Gregg said…The post One of the Best New Small-Town BBQ Joints Is Open Saturdays Only appeared first on Texas Monthly.
Decades ago, the late Hubert Green began an annual tradition of cooking a Thanksgiving meal for free at the Euless Senior Center. This year’s feast, on November 12, was the last served by the Green family.Hubert founded North Main BBQ just down the street from the senior center in 1981. A black-and-white pig statue greeted diners outside the front door, and the pitmaster would fire up an armadillo-shaped smoker around back. Both are now gone. Hubert and his second wife, Shari McKay Green, passed away in 2017. The business went to the McKay side of the family, was sold twice, and eventually closed.When Hubert died, his son Don Green had already opened his own barbecue trailer in Euless, the Saturdays-only Green’s Texas Bar-B-Que. He took…The post A North Texas Barbecue Family Serves Its Last Charity Thanksgiving Meal appeared first on Texas Monthly.
Tifany Swulius and Antonio Guevara originally partnered to seek glory at the State Fair of Texas. In a shift that surprised both of them, they ended up opening a barbecue joint instead. Now they’re serving some of the best breakfast tacos in Dallas.Swulius and Guevara had worked together at Lakewood Landing, a Dallas institution that describes itself as “an upscale dive.” Swulius was a bartender who often brought in home-baked treats for coworkers and customers. Guevara ran the kitchen while also operating his own barbecue and taco pop-up, Tejas BBQ & Tacos, which became Tejas Brisket Co. after a similarly named Texas barbecue restaurant sent him a cease-and-desist letter. “I wasn’t making any money, but I was getting my name out there,” he said.While working…The post These New Dallas Barbecue Joint Owners Are Not Giving Up on Their State Fair Dream appeared first on Texas Monthly.
When Jereis Khawaja launched Truboy BBQ with nationwide shipping in 2020, he wrote a mission statement for the website that promised to give everyone in the U.S. the opportunity to enjoy Texas barbecue. The Houston native read the statement every day, but he eventually realized it wasn’t true for many Muslim and Jewish customers because of cross contamination with Truboy’s most popular item, pulled pork. “By eliminating one product from my menu, my mission statement could become a true statement,” Khawaja says. In March 2021, he switched to only smoking halal meats, including brisket, lamb, and chicken.Last month brought the next big transformation of Khawaja’s business. Truboy BBQ Market, the first physical location for the brand, opened in Missouri City, outside Houston. Inside, a wall…The post Head Straight to This Market’s Barbecue Counter for a Brisket Melt and Tallow-Fried Corn Ribs appeared first on Texas Monthly.
Wanalee “Nan” Gorelick grew up without electricity in the town of Rangsit, outside Bangkok, in Thailand. She moved to the U.S. in 2008 with just $100 to her name, eventually making her way to Cypress, northwest of Houston, where she met her now-husband, Adam Gorelick. When the subject of marriage came up, Nan demanded Adam spend some time in the Thai countryside living like a local. “I wanted to make sure he knows who he [is marrying] and where I came from,” she explained.Besides making a request for a window-unit air conditioner (which Nan’s family mercifully granted), Adam rose to the challenge. He took showers with a bucket of warm water poured over his head and lived with few of his usual comforts. While still…The post A Personal Connection Brings the Thai Heat to This New Barbecue Joint appeared first on Texas Monthly.
The Experiment Setup
Our test environment was configured for maximum network security, with both the server (SRV01) and the client (WIN11-01) explicitly set to support and require SMB signing.
The Critical Finding
Despite having SMB signing enforced on both endpoints, our packet capture yielded a critical, visible finding: the entire contents of the file, “SMB signing test,” were successfully captured and clearly readable in the Wireshark packets.
The conclusion is clear: SMB signing does not protect data from a passive traffic sniffer in a man-in-the-middle scenario.
The Security Takeaway: Signature ≠ Encryption
The reason for this failure is simple: A signature is not the same as encryption.
While SMB signing is vital for protecting the integrity of the communication, it does not automatically encrypt the data being transferred. As a result, an attacker who successfully performs an ARP spoofing attack can still read the unencrypted SMB traffic.For true confidentiality and to protect your data from passive snooping, SMB encryption must also be implemented alongside SMB signing.
Check out the Advanced Windows Security Course for 2026 offer >>
Hi and welcome back to another episode of CQURE Hacks.
Today we will observe how packet sniffing behaves when SMB signing is enabled.
We begin in Kali Linux, the attacker’s machine.
The first step is to enable IP forwarding using the echo 1 command,
and that allows Kali to act as an intermediary for network traffic.
Next, we ensure the necessary tools are installed by checking for that dsniff package.
And with dsniff confirmed our environment is ready, we move to our target systems.
On the 1st system, SRV01 (at 10.10.10.20), we check the SMB configuration.
The settings confirm that the system supports and requires SMB signing.
We perform the same check on the client system, WIN11-01 (at 10.10.10.40).
From the client side we see it also supports and requires signing.
The connection we will test will run from the client, so .40 to the server .20.
Now we’ll launch the attack from our Kali machine.
We execute the ARP Spoofing attack.
The goal is to make the Kali host the intermediary.
The traffic flowing from host .40 to host .20 will be intercepted by Kali.
We poison the ERP cache in both directions, telling host .40 we are host .20 and telling host .20 we are host 40.
This establishes a bi-directional Man-in-the-Middle attack.
Next, we launch Wireshark to capture the traffic passing through our machine.
We’ll begin to capture on our active network interface and apply a display filter for SMB2 traffic.
On the Windows client, so .40 we initiate that file access by navigating to the server share and that is \SRV01\CertEnroll.
We then create a new text file and input the content:
SMB signing test.
We return to Kali. As we confirmed signing was enabled on both the server and the client.
Now we search the captured packets in Wireshark for the content we just wrote.
We search that packet bytes for the word signing.
The critical finding is visible.
We successfully capture the entire content of the file.
SMB signing test.
This demonstrates that signing does not protect against man in the middle attacks.
The reason is super simple.
A signature is not the same as encryption.
How good is the signature if a communication is not encrypted while the attacker can still read the unencrypted SMB traffic after performing an ARP spoofing attack?
While SMB signing prevents session spoofing and relay attacks, it does not automatically encrypt data being transferred.
Signing and encryption are two distinct mechanisms.
For true confidentiality, SMB encryption must also be implemented.
SMB signing does not provide encryption and fails to protect data from a passive traffic sniffer in a man in the middle scenario.
Thank you so much for watching our Secure Hacks episodes.
And as always, in order to continue this serial, please don’t forget to support us by hitting the subscribe button.
And as always, stay secure.
The post CQURE Hacks #69: SMB Signing – Why It Won’t Save Your Data from a Passive Traffic Sniffer appeared first on CQURE Academy.
This story was originally published in January 2022 and has been updated. No Texas city has Austin beat for its sheer volume of worthy barbecue destinations. Sure, the Houston area’s widespread suburbs might be richer in excellent smoked meats, and the Fort Worth scene is hot and new, but the amount of world-changing barbecue within our capital’s limits is staggering. In the June 2025 issue, we published our list of the top fifty barbecue joints, along with fifty more honorable mentions, but our barbecue recommendations don’t stop there. You can get a great meal at any one of these barbecue joints in Austin and its suburbs.In the City of AustinB. Cooper BarbecueThis unassuming trailer can be easy to miss when driving past. In the city…The post Where to Find the Best Barbecue in Austin appeared first on Texas Monthly.
Hit the blinker as soon as you spot the trio of BBQ flags waving outside Kirby’s BBQ. The speed limit is 50 miles per hour on Loop 494, and there’s just a wide strip of gravel between the low-slung, metal-roofed shack and the two-lane road. Kirby’s may have the look of a long-standing establishment, but it opened in May, the newest barbecue joint in New Caney, just northeast of Houston.After the cloud of dust settled from my sudden stop in the makeshift parking lot, I walked up the steps to the screened-in porch, where employee Svea Bailey greeted me and took my order. The building only houses the kitchen, so the dining area is limited to the picnic tables lining the porch. I found a…The post If You Spot Three BBQ Flags on a Desolate Road, Pull Over appeared first on Texas Monthly.
Last week, an American-Israeli company that claims it’s developed proprietary technology to cool the planet announced it had raised $60 million, by far the largest known venture capital round to date for a solar geoengineering startup.
The company, Stardust, says the funding will enable it to develop a system that could be deployed by the start of the next decade, according to Heatmap, which broke the story.
MIT Technology Review’s guest opinion series, offering expert commentary on legal, political and regulatory issues related to climate change and clean energy. You can read the rest of the pieces here.
As scientists who have worked on the science of solar geoengineering for decades, we have grown increasingly concerned about the emerging efforts to start and fund private companies to build and deploy technologies that could alter the climate of the planet. We also strongly dispute some of the technical claims that certain companies have made about their offerings.
Given the potential power of such tools, the public concerns about them, and the importance of using them responsibly, we argue that they should be studied, evaluated, and developed mainly through publicly coordinated and transparently funded science and engineering efforts. In addition, any decisions about whether or how they should be used should be made through multilateral government discussions, informed by the best available research on the promise and risks of such interventions—not the profit motives of companies or their investors.
The basic idea behind solar geoengineering, or what we now prefer to call sunlight reflection methods (SRM), is that humans might reduce climate change by making the Earth a bit more reflective, partially counteracting the warming caused by the accumulation of greenhouse gases.
There is strong evidence, based on years of climate modeling and analyses by researchers worldwide, that SRM—while not perfect—could significantly and rapidly reduce climate changes and avoid important climate risks. In particular, it could ease the impacts in hot countries that are struggling to adapt.
The goals of doing research into SRM can be diverse: identifying risks as well as finding better methods. But research won’t be useful unless it’s trusted, and trust depends on transparency. That means researchers must be eager to examine pros and cons, committed to following the evidence where it leads, and driven by a sense that research should serve public interests, not be locked up as intellectual property.
In recent years, a handful of for-profit startup companies have emerged that are striving to develop SRM technologies or already trying to market SRM services. That includes Make Sunsets, which sells “cooling credits” for releasing sulfur dioxide in the stratosphere. A new company, Sunscreen, which hasn’t yet been announced, intends to use aerosols in the lower atmosphere to achieve cooling over small areas, purportedly to help farmers or cities deal with extreme heat.
Our strong impression is that people in these companies are driven by the same concerns about climate change that move us in our research. We agree that more research, and more innovation, is needed. However, we do not think startups—which by definition must eventually make money to stay in business—can play a productive role in advancing research on SRM.
Many people already distrust the idea of engineering the atmosphere—at whichever scale—to address climate change, fearing negative side effects, inequitable impacts on different parts of the world, or the prospect that a world expecting such solutions will feel less pressure to address the root causes of climate change.
Adding business interests, profit motives, and rich investors into this situation just creates more cause for concern, complicating the ability of responsible scientists and engineers to carry out the work needed to advance our understanding.
The only way these startups will make money is if someone pays for their services, so there’s a reasonable fear that financial pressures could drive companies to lobby governments or other parties to use such tools. A decision that should be based on objective analysis of risks and benefits would instead be strongly influenced by financial interests and political connections.
The need to raise money or bring in revenue often drives companies to hype the potential or safety of their tools. Indeed, that’s what private companies need to do to attract investors, but it’s not how you build public trust—particularly when the science doesn’t support the claims.
Notably, Stardust says on its website that it has developed novel particles that can be injected into the atmosphere to reflect away more sunlight, asserting that they’re “chemically inert in the stratosphere, and safe for humans and ecosystems.” According to the company, “The particles naturally return to Earth’s surface over time and recycle safely back into the biosphere.”
But it’s nonsense for the company to claim they can make particles that are inert in the stratosphere. Even diamonds, which are extraordinarily nonreactive, would alter stratospheric chemistry. First of all, much of that chemistry depends on highly reactive radicals that react with any solid surface, and second, any particle may become coated by background sulfuric acid in the stratosphere. That could accelerate the loss of the protective ozone layer by spreading that existing sulfuric acid over a larger surface area.
(Stardust didn’t provide a response to an inquiry about the concerns raised in this piece.)
In materials presented to potential investors, which we’ve obtained a copy of, Stardust further claims its particles “improve” on sulfuric acid, which is the most studied material for SRM. But the point of using sulfate for such studies was never that it was perfect, but that its broader climatic and environmental impacts are well understood. That’s because sulfate is widespread on Earth, and there’s an immense body of scientific knowledge about the fate and risks of sulfur that reaches the stratosphere through volcanic eruptions or other means.
If there’s one great lesson of 20th-century environmental science, it’s how crucial it is to understand the ultimate fate of any new material introduced into the environment.
Chlorofluorocarbons and the pesticide DDT both offered safety advantages over competing technologies, but they both broke down into products that accumulated in the environment in unexpected places, causing enormous and unanticipated harms.
The environmental and climate impacts of sulfate aerosols have been studied in many thousands of scientific papers over a century, and this deep well of knowledge greatly reduces the chance of unknown unknowns.
Grandiose claims notwithstanding—and especially considering that Stardust hasn’t disclosed anything about its particles or research process—it would be very difficult to make a pragmatic, risk-informed decision to start SRM efforts with these particles instead of sulfate.
We don’t want to claim that every single answer lies in academia. We’d be fools to not be excited by profit-driven innovation in solar power, EVs, batteries, or other sustainable technologies. But the math for sunlight reflection is just different. Why?
Because the role of private industry was essential in improving the efficiency, driving down the costs, and increasing the market share of renewables and other forms of cleantech. When cost matters and we can easily evaluate the benefits of the product, then competitive, for-profit capitalism can work wonders.
But SRM is already technically feasible and inexpensive, with deployment costs that are negligible compared with the climate damage it averts.
The essential questions of whether or how to use it come down to far thornier societal issues: How can we best balance the risks and benefits? How can we ensure that it’s used in an equitable way? How do we make legitimate decisions about SRM on a planet with such sharp political divisions?
Trust will be the most important single ingredient in making these decisions. And trust is the one product for-profit innovation does not naturally manufacture.
Ultimately, we’re just two researchers. We can’t make investors in these startups do anything differently. Our request is that they think carefully, and beyond the logic of short-term profit. If they believe geoengineering is worth exploring, could it be that their support will make it harder, not easier, to do that?
David Keith is the professor of geophysical sciences at the University of Chicago and founding faculty director of the school’s Climate Systems Engineering Initiative. Daniele Visioni is an assistant professor of earth and atmospheric sciences at Cornell University and head of data for Reflective, a nonprofit that develops tools and provides funding to support solar geoengineering research.
This story was originally published in March 2022 and has been updated. San Antonio barbecue is ever evolving, but it has deep roots, as evidenced by the old-school brick pits that are still operational around the city. Good tortillas aren’t hard to come by here, and neither is excellent smoked chicken. We have our favorites, of course. In the June 2025 issue, we published our list of the top fifty barbecue joints, along with fifty more honorable mentions, but our barbecue recommendations don’t stop there. You can get a great meal at any one of these San Antonio joints.In the City of San Antonio2M Smokehouse2025 Top 50This barbecue spot quickly became the best in town after it opened in 2016, helping usher in a San…The post Where to Find the Best Barbecue in San Antonio appeared first on Texas Monthly.
Finding a great deal at a barbecue joint these days is like scoring a shaded spot at H-E-B in the summer. So on an early August stop at Tyler’s Barbeque, in Amarillo, I was surprised to see beef short ribs on the specials board for only $16 per pound. Surely, that price for this Saturdays-only offering was for a half pound, a common gambit to delay customers’ sticker shock. I double- and triple-checked the board while in line, as I inched ever closer to the counter, then asked the cutter for one of those ribs, one on the smaller side if possible. It was rung up at just $1 an ounce, and I felt like I was getting away with something as I scurried off…The post This Cheap, Saturdays-Only Special Might Be the Best Deal in Texas Barbecue appeared first on Texas Monthly.
Login