[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcKRR3SfbOLHvFL35zbeY_dh9VaBBYYLBnwgDQHi99g0":3,"$ft4qGIAeWr32jw3gFA7TAvkbx_89Og_Kq7II3UnkaALM":29},{"items":4},[5,13,21],{"id":6,"name":7,"slug":8,"description":9,"icon":10,"color":11,"sort_order":12},"32466918-d4bd-415a-a55e-a0a7bd282064","AI & Prompt Engineering","ai-prompt-engineering","Practical prompt patterns and AI workflows for security research, triage, and detection engineering.","smart_toy","cyan",10,{"id":14,"name":15,"slug":16,"description":17,"icon":18,"color":19,"sort_order":20},"18e06ab5-cd15-4029-ba40-56effb9ebc3d","Frameworks & Compliance","frameworks-compliance","Short, high-signal guidance for mapping controls to real-world evidence (NIST CSF, ISO 27001, SOC 2, etc.).","gavel","purple",20,{"id":22,"name":23,"slug":24,"description":25,"icon":26,"color":27,"sort_order":28},"a1700a4d-aa3d-4918-81b2-7d5b0d3e28c7","Operational Tactics","operational-tactics","Hardening, incident response, and day-to-day security operations tactics that reduce time-to-detect and time-to-contain.","military_tech","orange",30,{"items":30},[31,45,56],{"id":32,"title":33,"body":34,"tags":35,"author_name":40,"featured":41,"created_at":42,"updated_at":43,"category":44},"a93a00d5-6ca2-4219-86a8-4056d5ca8cf7","ISO 27001 practical guide for SMEs. Worth knowing about.","ISO published a practical guide for SMEs implementing ISO\u002FIEC 27001:2022. If you are at a small or mid-size company and think ISO 27001 is only for large enterprises, this guide is for you.\n\n**What it covers:**\n- How to set up an Information Security Management System (ISMS) with limited resources\n- Clause-by-clause walkthrough of ISO 27001 tailored for smaller organizations\n- Real examples and case studies from SMEs\n- How to integrate security into daily business processes without a dedicated security team\n- FAQ on certification: what it costs, how long it takes, and whether you need a consultant\n\n**Why this matters for SMEs:**\n- Customers and partners increasingly require ISO 27001 as a baseline\n- The guide shows you can do this without a massive budget or a team of consultants\n- Implementing even part of the framework significantly reduces your risk exposure\n- It builds a security culture that scales with your company\n\n**Practical steps:**\n1. Check out the guide from ISO: [iso.org\u002Fpublication\u002FPUB100484.html](https:\u002F\u002Fwww.iso.org\u002Fpublication\u002FPUB100484.html)\n2. Start with Clause 4 (Context) and Clause 6 (Planning). These set the foundation.\n3. Use the risk assessment template approach from the guide rather than buying expensive GRC tools\n4. Focus on the Annex A controls that actually apply to your business. You do not need all 93.\n5. Consider certification only after you have been running the ISMS for 6+ months\n\nSurprisingly readable for an ISO document.",[36,37,38,39],"iso-27001","compliance","sme","frameworks","Marcus Lenngren",true,"2026-04-04T13:26:39.798236+00:00","2026-04-04T15:35:33.077564+00:00",{"id":14,"icon":18,"name":15,"slug":16,"color":19,"description":17},{"id":46,"title":47,"body":48,"tags":49,"author_name":40,"featured":41,"created_at":53,"updated_at":54,"category":55},"95fa2e67-7bcd-4c70-b063-80d78dc74624","Use MITRE ATLAS to threat model your AI systems","If your organization is deploying LLMs, ML pipelines, or agentic AI, you need a threat model built for AI. MITRE ATLAS is the ATT&CK equivalent for AI systems.\n\n**What it covers:**\n- 16 tactics mapping the full AI attack lifecycle\n- 85+ techniques specific to AI\u002FML systems\n- 57 real-world case studies\n\n**Two tactics are unique to ATLAS (not in ATT&CK):**\n- **AI Model Access**: how attackers reach your model (API probing, direct inference, physical access)\n- **AI Attack Staging**: preparation for AI-specific attacks (crafting adversarial inputs, poisoning training data)\n\n**Key techniques to know:**\n- Data Poisoning: injecting malicious data into training sets\n- Prompt Injection: biasing LLMs to produce harmful outputs\n- Model Inversion: extracting training data from a model\n- AI Supply Chain Compromise: tampering with models or datasets before deployment\n- LLM Jailbreaking: bypassing safety guardrails\n\n**Practical steps:**\n1. Map your AI assets against ATLAS tactics\n2. Identify which techniques apply to your deployment model (API, on-prem, fine-tuned)\n3. Run AI-focused tabletop exercises using ATLAS case studies\n4. Integrate ATLAS into existing threat modeling alongside ATT&CK\n\nOnly about 50 techniques have been observed in the wild so far. The attack surface is growing faster than the threats. Get ahead of it.\n\nStart here: [atlas.mitre.org](https:\u002F\u002Fatlas.mitre.org\u002F)",[50,51,52,39],"ai-security","threat-modeling","mitre","2026-04-04T07:57:05.189442+00:00","2026-04-04T15:35:46.190096+00:00",{"id":14,"icon":18,"name":15,"slug":16,"color":19,"description":17},{"id":57,"title":58,"body":59,"tags":60,"author_name":64,"featured":65,"created_at":66,"updated_at":66,"category":67},"1934800e-de70-4ee9-a027-4d5c5858fee3","Use an LLM as a “translation layer” between a CVE and your asset inventory","### Workflow\n1) Paste the CVE advisory text (or vendor bulletin).\n2) Ask the model to extract **affected product names + version ranges**.\n3) Ask it to generate **inventory matching rules** (package names, CPE hints, file paths, service names).\n4) Validate those rules against **one known affected host** before running at scale.\n\n### Prompt\n\"Extract affected products and version ranges. Then propose 5–10 concrete ways to identify exposure in an enterprise (package names, registry keys, service names, binary versions, config flags).\"\n\n### Caution\nAlways treat the output as a hypothesis—verify against authoritative sources and a known host.\n",[61,62,63],"cve","vulnerability-management","inventory","ThreatNoir",false,"2026-03-25T19:33:45.057187+00:00",{"id":6,"icon":10,"name":7,"slug":8,"color":11,"description":9}]