Sophia McCall is a rising force in cybersecurity and a leading cyber security speaker. She is a cyber security professional who co-founded Security Queens, a platform created to break down barriers in a sector that has struggled with representation. Her work focuses on improving capability, access and visibility for underrepresented groups while helping organisations strengthen their approach to security.

Sophia has built a reputation for combining technical skill with a commitment to inclusion. She challenges outdated perceptions of the industry and shows companies how diverse teams contribute to better decision making and stronger defences. Her advocacy for mentorship has also helped many new entrants navigate a field that can often feel inaccessible. In this exclusive interview with the Cyber Security Speakers Agency, Sophia McCall discusses diversity, mentorship, hidden cyber threats and the cultural changes businesses need to make security truly effective.

Q: In practical terms, how does diversity strengthen a company’s security posture?

Sophia McCall: “So I think diversity brings a perspective of thought to your security teams. I think the more varied thought that you have within your defence teams, you’re less likely to fall into something like group think.

“And the more backgrounds you can bring in, the more different angles and perspectives you can bring in from different people, the better you’re able to kind of try to solve that problem.”

Q: What do you see as the main reasons the cyber security sector still struggles with diversity?

Sophia McCall: “So I think we have quite a big stereotype problem in cyber security, particularly with the news media portraying a hacker as a sweaty teenage boy hiding in a basement in a hoodie.

“We still have this image issue that persists within the industry. I’ve had to previously tell people that I’m not the diversity pick. You know, I’m here because I know what I’m doing. I’m very skilled at what I’m doing.

“But that kind of gatekeeping is quite exhausting, and even though we’re a little bit better, we still have a little bit further to go.

“So that’s why I co-founded Security Queens, a platform where we can welcome diversity and anyone can have that content to be accessible as much as they can.

“And it’s not just about that, but it’s about improving capability, access, and representation within the industry and trying to break down those barriers and toxic norms.”

Q: You speak often about mentorship. Why is it such a crucial part of building a stronger cyber workforce?

Sophia McCall: “So I’m a really big believer in mentorship. I really think it bridges the gap between potential and opportunity. Growing up, it was really nice to have female role models in the cyber security industry.

“Just seeing someone succeed and do well. I think having that form of mentorship is really good for someone that perhaps is a bit nervous or has quite a lot of self-doubt.

“Especially for something like cyber, which everyone thinks, “Oh, it’s really technical, it’s not for me.” There are loads of different career routes that you can go down that don’t mean you have to be a techie as such. And it’s all about passing that knowledge and actually building a community in cyber as well.”

Q: What cyber threats are business owners facing today that often go completely unnoticed?

Sophia McCall: “So I think one of the biggest risks that a lot of companies face is third-party risk. You can make your internal systems as secure as possible, but unfortunately if your suppliers or your supply chain is exposed, that’s definitely a way in for adversaries.

“Another thing that we’ve seen rise in recent years, especially with hybrid working, is things like bring-your-own-device or people working from home. So again, that adds another layer of exposure for companies.

“But also, something that’s particularly forgotten sometimes is insider risk as well. Not necessarily a malicious insider, but perhaps people that are less informed with security practice and clicking on phishing links, falling for scams, that kind of thing, which again leaves organisations exposed.”

Q: From your perspective, what remains the single biggest vulnerability inside most businesses?

Sophia McCall: “So there’s a saying that goes humans are the weakest link, and unfortunately, I think I am a little bit inclined to believe in that. You can invest millions in your firewalls and your defence technologies, but if you do not train your employees and your staff to spot a phishing email or how to spot a scam or a bit of fraud, it’s unfortunately all for nothing.

“So human error is still quite a big cause of major breaches and I’m always a big believer that security training is more of a culture that needs to be embedded in an organisation rather than a chore. So that’s something we can definitely work on, and particularly larger businesses that have those kinds of threats.”

Q: What common employee mistakes continue to put organisations at risk?

Sophia McCall: “So a lot of people think, “Oh, security is not my problem, that’s the IT department or the security team.” And I think one of the biggest things we need to make sure people know is that security is everyone’s responsibility.

“As I previously mentioned, phishing is a really big cause of breaches in many organisations and that’s something that we definitely need to address, but it’s all about empowering your employees with the right knowledge and making sure they are trained and have that awareness.

“And so, things like simulated phishing campaigns, things like that, help bring up that security barrier for them.”

Q: When you speak publicly, what do you most hope audiences carry forward?

Sophia McCall: “So I’m a really big believer in learning and not gatekeeping knowledge. Whenever I deliver a talk, I really want people to feel empowered and curious and wanting to learn more in a way.

“So cyber security isn’t just for the elite technical folks in the room. It is for everyone. Whether I’m speaking at a bank or a school, my goal is to demystify the subject so it can be accessible for everyone, quite exciting almost and actually quite impactful.

“I hope people don’t see diversity as a buzzword but actually as a strength to their team, and that mentorship and inclusion can help that journey and process as well.”

In 2025, Sophia McCall was named amongst the Top 20 Most Inspiring Women in Cyber.

The post Q&A: How Diversity and Mentorship Are Reshaping the Future of Cybersecurity appeared first on IT Security Guru.

A new industry report by KnowBe4 suggests that organisations are facing a sharply escalating human-centred risk landscape as artificial intelligence becomes embedded in everyday work. The State of Human Risk 2025: The New Paradigm of Securing People in the AI Era, based on survey responses from 700 cybersecurity leaders and 3,500 employees who experienced an employee-involved incident in the past year, highlights a 90% surge in incidents linked to the human element.

The findings point to a widening attack surface driven by social engineering, unsafe employee behaviour and simple mistakes. According to the report, 93% of surveyed leaders experienced incidents in which cybercriminals exploited employees directly. Email continues to dominate as the primary battleground, with a 57% rise in email-related incidents and 64% of organisations reporting external attacks delivered through email. Human error remains a major weak point, with 90% of organisations facing incidents caused by employee mistakes, while malicious insiders accounted for issues at 36% of organisations.

Budget pressures are mounting too, as nearly all (97%) of the cybersecurity leaders asked said they need increased investment to strengthen the human-security layer.

AI’s rapid infiltration into workplace tools is introducing a new tier of risk. AI-related security incidents climbed 43% in the past 12 months—the second-largest increase across all channels surveyed. Despite 98% of organisations taking steps to address AI-related threats, security leaders ranked AI-powered attacks as their top concern, with 45% citing the constant evolution of AI-driven threats as their biggest challenge in managing behavioural risk. Deepfake-related incidents are also rising, affecting 32% of organisations.

Tensions around workplace AI use appear to be contributing to emerging “shadow AI” behaviours. While most organisations have implemented AI-risk measures, 56% of employees expressed dissatisfaction with their employer’s approach to AI tools, potentially driving them towards unsanctioned platforms.

The report suggests email will remain the highest-risk channel for several years, but warns that attackers are increasingly shifting to multi-channel campaigns, including messaging apps and voice phishing. The growing use of AI by threat actors to craft convincing, scalable attacks is expected to accelerate this trend.

 Javvad Malik, lead CISO advisor at KnowBe4, said: “The productivity gains from AI are too great to ignore, so the future of work requires seamless collaboration between humans and AI. Employees and AI agents will need to work in harmony, supported by a security programme that proactively manages the risk of both. Human risk management must evolve to cover the AI layer before critical business activity migrates onto unmonitored, high-risk platforms.”

The post Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds appeared first on IT Security Guru.

Over the past decade, overall funding in Israeli cybersecurity companies has increased by more than 500%, according to YL Ventures. 

The post Israeli Cybersecurity Funding Hits $4.4 Billion Record High appeared first on SecurityWeek.

So far the attacks, which compromise virtual network computing (VNC) connections in OT systems, have not been particularly destructive, but this could change as they evolve.

Black Duck today announced the launch of Black Duck Signal, a new agentic AI platform designed to secure software at the same speed it’s now being developed with AI coding tools.

As AI-driven development accelerates, traditional security testing methods have struggled to keep pace. Black Duck Signal aims to bridge that gap by combining two decades of the company’s software security expertise with large language model (LLM)-powered software analysis to autonomously detect and remediate vulnerabilities across source code, binaries, supply chain components, and running applications.

The rise of AI coding assistants and autonomous agent workflows has transformed how software is built. Still, it has introduced new challenges in ensuring the security of AI-generated code. Signal is purpose-built for this era, working natively within AI-enabled development environments to identify, prioritise, and fix vulnerabilities in real time.

Unlike generic AI tools, Signal blends advanced multi-model LLM technology with human-labeled application security intelligence from the Black Duck KnowledgeBase, a vast repository built over years of analysis of both open-source and commercial software. The result is a system that provides accurate, context-aware insights without the noise, hallucinations, or false positives that often plague automated code analysis.

Signal’s agentic architecture enables both developers and security teams to work more efficiently by integrating directly with AI coding assistants such as Google Gemini, GitHub Copilot, Claude Code, and Cursor, as well as with other Black Duck security products. The platform’s real-time analysis capabilities allow it to scan new and modified code as it’s written, ensuring continuous protection without slowing down the development process.

“AI is revolutionizing how software is built—and with Signal, Black Duck is redefining how you secure it by completely eliminating the noise of legacy tools,” said Jason Schmitt, CEO of Black Duck. “Developers are moving faster than ever, embracing AI to build and deliver software at unprecedented speed. Signal is the first programming language-agnostic security analysis product to combine the power of LLM-based code analysis with petabytes of human-labeled security data curated over our decades of analysing real-world commercial and open-source software. Signal is designed to give developers the clarity, confidence, and control they need to innovate securely—without slowing down.”

In addition to real-time code analysis, Signal automates the remediation process with verified code fixes and library patching, reducing manual effort while maintaining developer control. It also brings advanced exploitability analysis to reduce alert fatigue and focuses attention on the vulnerabilities that matter most. Beyond traditional vulnerability scanning, Signal’s AI-driven detection of business logic flaws gives teams visibility into application-level zero-days that typically evade rule-based systems.

The post Black Duck launches Signal™, bringing agentic AI to application security appeared first on IT Security Guru.

The cybersecurity world loves a simple solution to a complex problem, and Gartner delivered exactly that with its recent advisory: “Block all AI browsers for the foreseeable future.” The esteemed analyst firm warns that agentic browsers—tools like Perplexity’s Comet and OpenAI’s ChatGPT Atlas—pose too much risk for corporate use. While their caution makes sense given..

The post Gartner’s AI Browser Ban: Rearranging Deck Chairs on the Titanic appeared first on Security Boulevard.

2026 is going to be a strange year in cybersecurity. Not only will it be more of the same, but bigger and louder. It stands to bring about a structural shift in who is attacking us, what we are defending, exactly where we are defending, and hopefully, who will be held accountable when things go …

The post Cybersecurity Predictions for 2026 appeared first on Security Boulevard.

Our research team recently discovered an exploitable pattern in GitHub Actions that lets attackers exploit seemingly fixed vulnerabilities.

The post Zombie Workflows: A GitHub Actions horror story appeared first on Security Boulevard.

Join to access sessions aimed at educating, inspiring, and provoking new ways of thinking about the hype and promise surrounding AI-powered enterprise security solutions and the threats posed by adversarial use of AI.

The post Virtual Event Today: Cyber AI & Automation Summit appeared first on SecurityWeek.

Victoria Dubranova faces over 25 years in prison for links to Russia-backed CARR and NoName hacktivist groups.

The post US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups appeared first on SecurityWeek.

GeminiJack is a zero-click Gemini attack that could have been exploited using specially crafted emails, calendar invites, or documents.

The post Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data  appeared first on SecurityWeek.

Model Context Protocol (MCP) is quickly becoming the backbone of how AI agents interact with the outside world. It gives agents a standardized way to discover tools, trigger actions, and pull data. MCP dramatically simplifies integration work. In short, MCP servers act as the adapter that grants access to services, manages credentials and permissions, and..

The post Securing MCP: How to Build Trustworthy Agent Integrations appeared first on Security Boulevard.

OWASP unveils its GenAI Top 10 threats for agentic AI, plus new security and governance guides, risk maps, and a FinBot CTF tool to help organizations secure emerging AI agents.

The post OWASP Project Publishes List of Top Ten AI Agent Threats appeared first on Security Boulevard.

The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled.

The post Fortinet Patches Critical Authentication Bypass Vulnerabilities appeared first on SecurityWeek.

The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges.

The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek.

Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution.

The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek.

Dozens of vulnerabilities have been patched by the industrial giants across their products.

The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Rockwell, Schneider appeared first on SecurityWeek.

Organizations are encouraged block agentic browsers. 

The PCIe flaws, found by Intel employees, can be exploited for information disclosure, escalation of privilege, or DoS.

The post Intel, AMD Processors Affected by PCIe Vulnerabilities appeared first on SecurityWeek.

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

• Adobe ColdFusion is a rapid web application development platform that uses the ColdFusion Markup Language (CFML).
• Adobe Experience Manager (AEM) is a content management and experience management system that helps businesses build and manage their digital presence across various platforms.
• The Adobe DNG Software Development Kit (SDK) is a free set of tools and code from Adobe that helps developers add support for Adobe's Digital Negative (DNG) universal RAW file format into their own applications and cameras, enabling them to read, write, and process DNG images, solving workflow issues and improving archiving for digital photos.
• Adobe Acrobat is a suite of paid tools for creating, editing, converting, and managing PDF documents.
• The Adobe Creative Cloud desktop app is the central hub for managing all Adobe creative applications, files, and assets.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.