From Friends Friday to Black Hat Europe: What Security Teams Should Focus on Next Software supply chain vulnerabilities are becoming one of the most unsettling challenges in modern cybersecurity with increasingly creative attackers. To explore these issues, our founder, Daniel DeCloss, sat down with Jonathan Leitschuh, an open source security researcher known for uncovering high-impact vulnerabilities, advancing responsible disclosure practices, and pushing the industry toward more secure-by-default software. READ ARTICLE
The Missing Link Between Pentest Findings and Fixes Why Every Security Program Needs a Mobilization Coordinator Pentests rarely fail because testers miss something critical. In fact, that part usually goes pretty well. The breakdown almost always happens after the report is delivered. Findings sit untouched. Some get half-fixed. Others disappear under the weight of sprint deadlines, operational noise, or the vague hope that… READ ARTICLE
The Automation Imperative: Why Pentest Delivery Must Catch Up With Continuous Testing Security feels a lot like Whac-A-Mole these days. Between cloud-native architectures, microservices, APIs, and rapid deployment cycles, cybersecurity threats are constantly popping up and redefining how software is built and delivered. Yet penetration testing, which is a proven method for identifying exploitable weaknesses, remains a point-in-time snapshot.In some cases, annual penetration tests don’t even happen…. READ ARTICLE
Cisco Vulnerability Management (formerly known as Kenna) Is Going Away: PlexTrac Can Help Teams Move Forward If you’ve been around vulnerability management for a while, you probably saw the news: Cisco is sunsetting Cisco Vulnerability Management (fka Kenna Security). This may come as a surprise to some, but it reflects a broader shift already underway. Risk-based vulnerability management is no longer just about scoring vulnerabilities—it’s about understanding exposure, orchestrating remediation, validating fixes, and continuously aligning teams around what actually matters. READ ARTICLE
Automate Pentest Findings Delivery in Real-Time Take the Pain Out of Pentest Delivery With Automation For many security teams, traditional pentest delivery still relies on static PDFs, spreadsheets, and email threads. Findings sit idle while reports are compiled, manually entered into Jira or ServiceNow, and passed between teams. Meanwhile, critical vulnerabilities remain unaddressed. As testing frequency increases and organizations adopt continuous… READ ARTICLE
Spooky Supply Chains & Researcher Reality: A Conversation with Jonathan Leitschuh Software supply chain vulnerabilities are becoming one of the most unsettling challenges in modern cybersecurity with increasingly creative attackers. To explore these issues, our founder, Daniel DeCloss, sat down with Jonathan Leitschuh, an open source security researcher known for uncovering high-impact vulnerabilities, advancing responsible disclosure practices, and pushing the industry toward more secure-by-default software. READ ARTICLE
Friends Friday Recap: Building a Continuous Purple Teaming Program with Paul Nieto III On a recent PlexTrac Friends Friday Podcast, our founder, Daniel DeCloss, sat down with Paul Nieto III, a seasoned red team operator at Royal Caribbean, to unpack how his organization built and scaled a purple teaming program that runs continuously, not just once a year. READ ARTICLE
PlexTrac Named in the Gartner® Magic Quadrant™ for Exposure Assessment Platforms Today I’m excited to share that PlexTrac has been named as a Niche Player in the latest Gartner Magic Quadrant for Exposure Assessment Platforms (EAP). I couldn’t be prouder of our team for this recognition. I wanted to share why this is important for PlexTrac and our customers, as well as why we believe this… READ ARTICLE
Friends Friday Recap: How AI Is Reshaping Offensive Security And Why Humans Still Matter The latest PlexTrac Friends Friday podcast episode brought together host Dan DeCloss, PlexTrac’s founder and CEO, and returning guest Rey Bango, a seasoned penetration tester and educator from a Fortune 100 telecommunication company. Dan and Rey revisited a topic from their last podcast episode, over 18 months ago, on how artificial intelligence is reshaping offensive… READ ARTICLE
The Great Exposure Management Shift: From Point-in-Time Scans to Continuous Resilience For years, security teams have relied on point-in-time scans and assessments to gauge their organization’s security posture. The results from these efforts, like quarterly vulnerability scans, annual pentests, and compliance audits, have served as the backbone of most vulnerability management programs. But the landscape has changed. Today, assets spin up and disappear in hours, new… READ ARTICLE
Qilin Ransomware Surge: Lessons Learned and the PlexTrac Advantage The buzz around Continuous Threat Exposure Management (CTEM) is everywhere right now, and for good reason. Organizations are realizing that traditional vulnerability management, built around periodic scans and reports, can’t keep up with today’s attack surfaces. READ ARTICLE
5 Signs Your Vulnerability Management Program Isn’t Ready for Continuous Threat Exposure Management (CTEM) The buzz around Continuous Threat Exposure Management (CTEM) is everywhere right now, and for good reason. Organizations are realizing that traditional vulnerability management, built around periodic scans and reports, can’t keep up with today’s attack surfaces. READ ARTICLE