Red Sentry

Red Sentry Human-led penetration testing that goes beyond compliance and simulates real attacks.

CMMC requirements are evolving fast, and many organizations are still trying to understand what actually applies to them...
05/28/2026

CMMC requirements are evolving fast, and many organizations are still trying to understand what actually applies to them, especially subcontractors and companies within the Defense Industrial Base.

To help cut through the confusion, Red Sentry is hosting a live AMA alongside Secureframe and Redspin focused on practical conversations around todayโ€™s CMMC landscape, common compliance challenges, and how organizations can realistically prepare.

Joining the discussion:
โ€ข Marc Rubbinaccio from Secureframe, a cybersecurity and compliance leader with extensive experience across CMMC, FedRAMP, SOC 2, PCI-DSS, and ISO 27001.
โ€ข Robert Teague from Redspin, a former U.S. Army leader and CMMC Certified Lead Assessor with more than 30 years of experience supporting federal cybersecurity and Defense Industrial Base initiatives.

No slides. No sales pitch. Just real answers and open discussion.

๐Ÿ“ June 11 at 1 PM EST

Registration link in the first comment.

๐—ช๐—ฒ๐—ฏ ๐—ฎ๐—ฝ๐—ฝ ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ถ๐˜€ ๐—ป๐—ผ ๐—น๐—ผ๐—ป๐—ด๐—ฒ๐—ฟ ๐—ฎ๐—ฏ๐—ผ๐˜‚๐˜ ๐—ณ๐—ถ๐˜…๐—ถ๐—ป๐—ด "๐—ฏ๐—ฎ๐—ฑ ๐—ฐ๐—ผ๐—ฑ๐—ฒ." ๐—œ๐˜โ€™๐˜€ ๐—ฎ๐—ฏ๐—ผ๐˜‚๐˜ ๐—ฑ๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ถ๐—ป๐—ด ๐—ฎ ๐—ฏ๐—ฟ๐—ผ๐—ธ๐—ฒ๐—ป ๐—ฒ๐—ฐ๐—ผ๐˜€๐˜†๐˜€๐˜๐—ฒ๐—บ.In 2026, the threat lands...
05/28/2026

๐—ช๐—ฒ๐—ฏ ๐—ฎ๐—ฝ๐—ฝ ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—ถ๐˜€ ๐—ป๐—ผ ๐—น๐—ผ๐—ป๐—ด๐—ฒ๐—ฟ ๐—ฎ๐—ฏ๐—ผ๐˜‚๐˜ ๐—ณ๐—ถ๐˜…๐—ถ๐—ป๐—ด "๐—ฏ๐—ฎ๐—ฑ ๐—ฐ๐—ผ๐—ฑ๐—ฒ." ๐—œ๐˜โ€™๐˜€ ๐—ฎ๐—ฏ๐—ผ๐˜‚๐˜ ๐—ฑ๐—ฒ๐—ณ๐—ฒ๐—ป๐—ฑ๐—ถ๐—ป๐—ด ๐—ฎ ๐—ฏ๐—ฟ๐—ผ๐—ธ๐—ฒ๐—ป ๐—ฒ๐—ฐ๐—ผ๐˜€๐˜†๐˜€๐˜๐—ฒ๐—บ.

In 2026, the threat landscape has fundamentally shifted. Attackers aren't hunting for isolated bugs in your proprietary code; they are exploiting the sheer interconnectedness of your digital supply chain.

Legacy scanners will call your code "clean", but they miss the architectural flaws that modern adversaries target.

๐—ง๐—ต๐—ฒ ๐Ÿฏ ๐—ฏ๐—ถ๐—ด๐—ด๐—ฒ๐˜€๐˜ ๐—ฏ๐—น๐—ถ๐—ป๐—ฑ ๐˜€๐—ฝ๐—ผ๐˜๐˜€ ๐—ถ๐—ป ๐˜†๐—ผ๐˜‚๐—ฟ ๐—ฒ๐—ฐ๐—ผ๐˜€๐˜†๐˜€๐˜๐—ฒ๐—บ ๐—ฟ๐—ถ๐—ด๐—ต๐˜ ๐—ป๐—ผ๐˜„:

- ๐—”๐—ฃ๐—œ ๐—–๐—ต๐—ฎ๐—ผ๐˜€: Modern apps are fragments held together by APIs. Attackers skip the front door and exploit weak authentication on minor backend services.
- ๐—–๐—œ/๐—–๐—— ๐—ฃ๐—ถ๐—ฝ๐—ฒ๐—น๐—ถ๐—ป๐—ฒ๐˜€: Fast deployment speeds create massive targets. If an attacker compromises a pipeline tool or developer credentials, they compromise your entire build process.
- ๐—ง๐—ต๐—ถ๐—ฟ๐—ฑ-๐—ฃ๐—ฎ๐—ฟ๐˜๐˜† ๐—–๐—ผ๐—ฑ๐—ฒ: Most of your app wasn't written by your team. Open-source libraries and external scripts create a fragile web where one hijacked package compromises thousands of apps overnight.

Move away from once-a-year compliance checks. To survive, you need continuous, ecosystem-centric pe*******on testing that evaluates your APIs, CI/CD pipelines, and supply chain dependencies as a unified whole.

Read the full article below.

05/27/2026

Final part of our RSAC mini mics ๐ŸŽค

During the happy hour we co-hosted with Rippling and Johanson Group LLP at RSAC Conference, the conversation somehow turned into:
โ€“ mustaches in IT
โ€“ why โ€œIโ€™m not trying to sell you anythingโ€ immediately sounds suspicious
โ€“ the importance of keeping humans in the loop in cybersecurity
โ€“ and AI bots intentionally programmed to tell terrible jokes

Honestly, probably the most accurate summary of RSAC possible ๐Ÿ˜ญ

One of the best parts of this series was seeing people drop the polished conference mode for a minute and just have real conversations. Thatโ€™s exactly the vibe we wanted.

Huge shoutout to our very own Max Turner for hosting the mini mic chaos all week long.

And big thanks to everyone who stopped by to share a thought, a hot take, or just a laugh with us โค๏ธ

"๐—•๐˜‚๐˜ ๐—ผ๐˜‚๐—ฟ ๐—ฐ๐—น๐—ถ๐—ฒ๐—ป๐˜ ๐—ฝ๐—ผ๐—ฟ๐˜๐—ฎ๐—น ๐—ถ๐˜€ ๐—ฒ๐—ป๐—ฐ๐—ฟ๐˜†๐—ฝ๐˜๐—ฒ๐—ฑ!"Relying solely on encryption (HTTPS) is like locking your front door but leaving th...
05/20/2026

"๐—•๐˜‚๐˜ ๐—ผ๐˜‚๐—ฟ ๐—ฐ๐—น๐—ถ๐—ฒ๐—ป๐˜ ๐—ฝ๐—ผ๐—ฟ๐˜๐—ฎ๐—น ๐—ถ๐˜€ ๐—ฒ๐—ป๐—ฐ๐—ฟ๐˜†๐—ฝ๐˜๐—ฒ๐—ฑ!"

Relying solely on encryption (HTTPS) is like locking your front door but leaving the back window wide open. Encryption creates a secure tunnel to stop eavesdroppers, but it ๐—ฑ๐—ผ๐—ฒ๐˜€ ๐—ป๐—ผ๐˜ ๐˜ƒ๐—ฒ๐—ฟ๐—ถ๐—ณ๐˜† ๐˜๐—ต๐—ฒ ๐˜€๐—ฎ๐—ณ๐—ฒ๐˜๐˜† ๐—ผ๐—ณ ๐˜๐—ต๐—ฒ ๐—ณ๐—ถ๐—น๐—ฒ๐˜€ ๐—ฝ๐—ฎ๐˜€๐˜€๐—ถ๐—ป๐—ด ๐˜๐—ต๐—ฟ๐—ผ๐˜‚๐—ด๐—ต ๐—ถ๐˜. In fact, it actually hides malicious traffic from basic security tools.

For law firms managing digital paperwork, this blind spot is a goldmine for hackers.
Without strict validation, a client portal is vulnerable to ๐—จ๐—ป๐—ฟ๐—ฒ๐˜€๐˜๐—ฟ๐—ถ๐—ฐ๐˜๐—ฒ๐—ฑ ๐—™๐—ถ๐—น๐—ฒ ๐—จ๐—ฝ๐—น๐—ผ๐—ฎ๐—ฑ, allowing cybercriminals to disguise malicious scripts as PDFs.

Once inside your server, attackers can:

- ๐——๐—ฒ๐—ฝ๐—น๐—ผ๐˜† ๐—ฅ๐—ฎ๐—ป๐˜€๐—ผ๐—บ๐˜„๐—ฎ๐—ฟ๐—ฒ: Freeze your operations entirely.
- ๐—˜๐˜…๐—ณ๐—ถ๐—น๐˜๐—ฟ๐—ฎ๐˜๐—ฒ ๐——๐—ฎ๐˜๐—ฎ: Steal M&A plans, IP, and privileged communications.
- ๐—œ๐—ป๐—ณ๐—ถ๐—น๐˜๐—ฟ๐—ฎ๐˜๐—ฒ ๐—ก๐—ฒ๐˜๐˜„๐—ผ๐—ฟ๐—ธ๐˜€: Gain a permanent backdoor into your billing and email systems.

Law firms hold the "keys to the kingdom." To protect your reputation and your clients, you must move beyond the basic padlock icon.

๐Ÿฏ ๐—ฆ๐˜๐—ฒ๐—ฝ๐˜€ ๐˜๐—ผ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ฒ ๐—ฌ๐—ผ๐˜‚๐—ฟ ๐—™๐—ถ๐—ฟ๐—บ:
- ๐—ฆ๐˜๐—ฟ๐—ถ๐—ฐ๐˜ ๐—™๐—ถ๐—น๐—ฒ ๐—ฉ๐—ฎ๐—น๐—ถ๐—ฑ๐—ฎ๐˜๐—ถ๐—ผ๐—ป: Scan and verify files before they hit your server.
- ๐—Ÿ๐—ฒ๐—ฎ๐˜€๐˜ ๐—ฃ๐—ฟ๐—ถ๐˜ƒ๐—ถ๐—น๐—ฒ๐—ด๐—ฒ ๐—ฃ๐—ฒ๐—ฟ๐—บ๐—ถ๐˜€๐˜€๐—ถ๐—ผ๐—ป๐˜€: Restrict web app capabilities to stop unauthorized code ex*****on.
- ๐—–๐—ผ๐—ป๐˜๐—ถ๐—ป๐˜‚๐—ผ๐˜‚๐˜€ ๐—ฃ๐—ฒ๐—ป๐—ฒ๐˜๐—ฟ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐—ง๐—ฒ๐˜€๐˜๐—ถ๐—ป๐—ด: Find the flaws before a hacker does.

Stop guessing if your legal tech is secure.

Read our full breakdown below.

05/18/2026

Most companies treat SOC 2 like a stressful annual scavenger hunt.
But what happens when compliance becomes operational instead of manual?

Tomorrow, weโ€™re dropping a new episode of Ctrl-Alt-Secure with Emma Lawler and AJ Yawn from Rippling, where we dive into:
โ€ข Why traditional compliance drains teams
โ€ข How automation changes the audit experience
โ€ข The role of first-party data in modern GRC
โ€ข Why auditor independence still matters
โ€ข What it looks like to engineer compliance instead of chasing screenshots

A really interesting conversation on where compliance and security operations are headed next.

Full episode drops tomorrow. Stay tuned!

At some point, every founder hears:โ€œYou need SOC 2 before we can move forward.โ€And suddenly, youโ€™re spending more time s...
05/15/2026

At some point, every founder hears:
โ€œYou need SOC 2 before we can move forward.โ€

And suddenly, youโ€™re spending more time screenshotting compliance than actually building.

Weโ€™ll be talking about exactly that with Rippling and Johanson Group LLP at Salesforce Tower on June 3: How startups can become enterprise-ready without slowing everything down.

And since weโ€™ll already be in SFโ€ฆ weโ€™re also co-hosting a happy hour that same week ๐Ÿธ

Matias Donnet and Michael Shelton from our team will be there - come say hi!

๐Ÿ“ SF | June 2 & 3
๐Ÿ‘‰ Links in the first comment.

05/14/2026

Part 2 of our RSAC mini mics ๐ŸŽค

Back at RSAC Conference during the happy hour we co-hosted with Rippling and Johanson Group LLP, we kept asking people whatโ€™s actually happening in cybersecurity right now.

Some of the takes this round:
โ€“ Computer science students are getting more into writing
โ€“ Mostly because everyoneโ€™s trying to get better at AI prompting
โ€“ AI is powerful, but definitely comes with risks
โ€“ And apparently, a โ€œfree tripโ€ email is still a pretty convincing phishing lure ๐Ÿ‘€

Honestly, these were some of our favorite moments from RSAC. Just real conversations, real opinions, and people having fun with it.

Big thanks to everyone who jumped in to share thoughts and laughs with us!

Last part coming soon ๐Ÿ‘€

๐—ฌ๐—ผ๐˜‚๐—ฟ ๐— ๐—™๐—” ๐—ถ๐˜€๐—ปโ€™๐˜ ๐˜๐—ต๐—ฒ "๐—ฆ๐—ถ๐—น๐˜ƒ๐—ฒ๐—ฟ ๐—•๐˜‚๐—น๐—น๐—ฒ๐˜" ๐˜†๐—ผ๐˜‚ ๐˜๐—ต๐—ถ๐—ป๐—ธ ๐—ถ๐˜ ๐—ถ๐˜€.The old "castle and moat" strategy is dead. Today, ๐—œ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐˜๐˜† ๐—ถ๐˜€ ๐˜๐—ต๐—ฒ ๐—ป๐—ฒ...
05/12/2026

๐—ฌ๐—ผ๐˜‚๐—ฟ ๐— ๐—™๐—” ๐—ถ๐˜€๐—ปโ€™๐˜ ๐˜๐—ต๐—ฒ "๐—ฆ๐—ถ๐—น๐˜ƒ๐—ฒ๐—ฟ ๐—•๐˜‚๐—น๐—น๐—ฒ๐˜" ๐˜†๐—ผ๐˜‚ ๐˜๐—ต๐—ถ๐—ป๐—ธ ๐—ถ๐˜ ๐—ถ๐˜€.

The old "castle and moat" strategy is dead. Today, ๐—œ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐˜๐˜† ๐—ถ๐˜€ ๐˜๐—ต๐—ฒ ๐—ป๐—ฒ๐˜„ ๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—บ๐—ฒ๐˜๐—ฒ๐—ฟโ€”and the wall is cracking.

While MFA blocks 99% of bulk attacks, sophisticated attackers aren't "breaking" your security anymore. Theyโ€™re simply riding the wave of your successful login.

๐—›๐—ผ๐˜„ ๐˜๐—ต๐—ฒ๐˜† ๐—ฏ๐˜†๐—ฝ๐—ฎ๐˜€๐˜€ ๐˜๐—ต๐—ฒ ๐˜€๐—ต๐—ถ๐—ฒ๐—น๐—ฑ:

- ๐—”๐—ถ๐—ง๐—  ๐—”๐˜๐˜๐—ฎ๐—ฐ๐—ธ๐˜€: Intercepting session tokens in real-time to "clone" your authenticated state.
- ๐— ๐—™๐—” ๐—™๐—ฎ๐˜๐—ถ๐—ด๐˜‚๐—ฒ: Weaponizing human psychology through push-notification spam until a user hits "Approve."
- ๐—ฆ๐—ฒ๐˜€๐˜€๐—ถ๐—ผ๐—ป ๐—›๐—ถ๐—ท๐—ฎ๐—ฐ๐—ธ๐—ถ๐—ป๐—ด: Using malware or XSS to steal cookies, bypassing the login process entirely.

๐—ง๐—ต๐—ฒ ๐— ๐—ผ๐˜ƒ๐—ฒ ๐˜๐—ผ ๐—ฃ๐—ต๐—ถ๐˜€๐—ต๐—ถ๐—ป๐—ด-๐—ฅ๐—ฒ๐˜€๐—ถ๐˜€๐˜๐—ฎ๐—ป๐—ฐ๐—ฒ

If identity is where attacks start and end, we need stronger materials:
- ๐—™๐—œ๐——๐—ข๐Ÿฎ/๐—ช๐—ฒ๐—ฏ๐—”๐˜‚๐˜๐—ต๐—ป: Hardware keys that make interception impossible.
- ๐—–๐—ผ๐—ป๐—ฑ๐—ถ๐˜๐—ถ๐—ผ๐—ป๐—ฎ๐—น ๐—”๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€: Evaluating device health and context, not just a password.
- ๐—–๐—ผ๐—ป๐˜๐—ถ๐—ป๐˜‚๐—ผ๐˜‚๐˜€ ๐— ๐—ผ๐—ป๐—ถ๐˜๐—ผ๐—ฟ๐—ถ๐—ป๐—ด: Because security shouldn't end once the "Login" button is clicked.

๐—ฆ๐˜๐—ผ๐—ฝ ๐˜„๐—ผ๐—ป๐—ฑ๐—ฒ๐—ฟ๐—ถ๐—ป๐—ด ๐—ถ๐—ณ ๐˜†๐—ผ๐˜‚๐—ฟ ๐— ๐—™๐—” ๐—ถ๐˜€ ๐—ฒ๐—ป๐—ผ๐˜‚๐—ด๐—ต. ๐—ฆ๐˜๐—ฎ๐—ฟ๐˜ ๐—ธ๐—ป๐—ผ๐˜„๐—ถ๐—ป๐—ด.

Our Web App pentesting services expose the logic flaws and authentication gaps that automated tools miss. Letโ€™s stress-test your perimeter before an attacker does.

Read the full article below.

05/11/2026

Everyone says they want to โ€œstreamline SOC 2.โ€

But most teams are still doing this:
- screenshot by screenshot
- spreadsheet by spreadsheet
- audit panic once a year
At some point, compliance became more about proving systems work than actually making them better.

In our upcoming ๐—–๐˜๐—ฟ๐—น-๐—”๐—น๐˜-๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ฒ episode with AJ Yawn and Emma Lawler from Rippling, weโ€™re talking about why GRC needs a mindset shift:

What if SOC 2 wasnโ€™t treated like a painful annual projectโ€ฆ but like a living product that continuously evolves?

We get into:
โ€“ Why the 1st and 5th SOC 2 are both painful
โ€“ Why audits shouldnโ€™t define your year
โ€“ How to move evidence collection to where the evidence already lives
โ€“ And why itโ€™s time to stop screenshotting compliance

Hereโ€™s a little sneak peek ๐ŸŽฅ

Full episode dropping soon - release date announcement coming shortly.

๐—œ๐˜€ ๐˜†๐—ผ๐˜‚๐—ฟ ๐—”๐—œ ๐—ฐ๐—ต๐—ฎ๐˜๐—ฏ๐—ผ๐˜ ๐—ฎ "๐—ต๐—ถ๐—ด๐—ต-๐˜€๐—ฝ๐—ฒ๐—ฒ๐—ฑ ๐—ต๐—ถ๐—ด๐—ต๐˜„๐—ฎ๐˜†" ๐—ณ๐—ผ๐—ฟ ๐—ต๐—ฎ๐—ฐ๐—ธ๐—ฒ๐—ฟ๐˜€?Organizations are racing to "bolt on" LLMs, but weโ€™re repeating th...
05/08/2026

๐—œ๐˜€ ๐˜†๐—ผ๐˜‚๐—ฟ ๐—”๐—œ ๐—ฐ๐—ต๐—ฎ๐˜๐—ฏ๐—ผ๐˜ ๐—ฎ "๐—ต๐—ถ๐—ด๐—ต-๐˜€๐—ฝ๐—ฒ๐—ฒ๐—ฑ ๐—ต๐—ถ๐—ด๐—ต๐˜„๐—ฎ๐˜†" ๐—ณ๐—ผ๐—ฟ ๐—ต๐—ฎ๐—ฐ๐—ธ๐—ฒ๐—ฟ๐˜€?

Organizations are racing to "bolt on" LLMs, but weโ€™re repeating the mistakes of the SQL injection era. The new threat is ๐—ฃ๐—ฟ๐—ผ๐—บ๐—ฝ๐˜ ๐—œ๐—ป๐—ท๐—ฒ๐—ฐ๐˜๐—ถ๐—ผ๐—ป, where hackers use simple prose to hijack your system.

๐—ช๐—ต๐˜† ๐—ฑ๐—ผ๐—ฒ๐˜€ ๐—ถ๐˜ ๐—ต๐—ฎ๐—ฝ๐—ฝ๐—ฒ๐—ป:

- ๐—ฃ๐—ฟ๐—ผ๐˜€๐—ฒ ๐—ฎ๐˜€ ๐—–๐—ผ๐—ฑ๐—ฒ: Attackers use "polite" requests to trick AI into leaking data or bypassing auth.
- ๐—ช๐—”๐—™๐˜€ ๐—ฎ๐—ฟ๐—ฒ ๐—•๐—น๐—ถ๐—ป๐—ฑ: Traditional firewalls look for code, not natural language.
- ๐—ง๐—ต๐—ฒ "๐—–๐—ผ๐—ป๐—ณ๐˜‚๐˜€๐—ฒ๐—ฑ ๐——๐—ฒ๐—ฝ๐˜‚๐˜๐˜†": If your AI has API access, a hijacked prompt can trigger unauthorized actions.

๐—ง๐—ต๐—ฒ ๐—ฆ๐˜๐—ฟ๐—ฎ๐˜๐—ฒ๐—ด๐˜†:
- ๐— ๐—ถ๐—ป๐—ถ๐—บ๐—ถ๐˜‡๐—ฒ ๐—ฃ๐—ฟ๐—ถ๐˜ƒ๐—ถ๐—น๐—ฒ๐—ด๐—ฒ: Don't give an LLM "write" access it doesn't need.
- ๐—›๐˜‚๐—บ๐—ฎ๐—ป-๐—ถ๐—ป-๐˜๐—ต๐—ฒ-๐—Ÿ๐—ผ๐—ผ๐—ฝ: Confirm sensitive actions outside the AI interface.
- ๐—”๐—น๐˜„๐—ฎ๐˜†๐˜€-๐—ผ๐—ป ๐—ฃ๐—ฒ๐—ป๐˜๐—ฒ๐˜€๐˜๐—ถ๐—ป๐—ด: AI bypasses evolve daily; your testing must too.

๐—œ๐—ป๐—ป๐—ผ๐˜ƒ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜€๐—ต๐—ผ๐˜‚๐—น๐—ฑ๐—ปโ€™๐˜ ๐—บ๐—ฒ๐—ฎ๐—ป ๐—ฐ๐—ผ๐—บ๐—ฝ๐—ฟ๐—ผ๐—บ๐—ถ๐˜€๐—ฒ.

Secure your web apps and shut down vulnerabilities before theyโ€™re exploited.

Check the full article here: https://dub.sh/WXUdSab

Address

3490 Piedmont Road NE
Atlanta, GA
30305

Opening Hours

Monday 8am - 6pm
Tuesday 8am - 6pm
Wednesday 8am - 6pm
Thursday 8am - 6pm
Friday 8am - 6pm
Saturday 8am - 12pm
Sunday 8am - 12pm

Website

https://www.youtube.com/@redsentrysecurity, http://x.com/redsentry_tech, http://linkedin.com/comp

Alerts

Be the first to know and let us send you an email when Red Sentry posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Red Sentry:

Shortcuts

Share

Category