Mateo Durango

𝗜𝘀 𝘆𝗼𝘂𝗿 𝗰𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝘀𝘁𝗿𝗮𝘁𝗲𝗴𝘆 𝗷𝘂𝘀𝘁 𝗰𝗵𝗲𝗰𝗸𝗶𝗻𝗴 𝗮 𝗯𝗼𝘅? ❌ It's difficult to map vulnerabilities to specific compliance controls. ❌ Periodic scans can't provide continuous proof of security. ❌ Manual evidence collection is slow and error-prone. It's time for a new approach. Contrast Security helps you build compliance into your software, not bolt it on afterward. ✅ Provide auditors with verifiable, real-time proof. ✅ Automate evidence collection for key mandates. ✅ Map vulnerabilities directly to controls (PCI, HIPAA, NIST). Move from periodic checks to automated, continuous compliance. https://lnkd.in/ev4Xp4i9 #AppSec #Compliance #GRC #Fintech #DevSecOps #ContrastSecurity

5

1 Comment

Is your vendor risk program more reactive than strategic? You’re not alone—and it’s not for lack of effort. Most TPRM teams are navigating without a clear framework. The Vendor Risk Management Maturity Model (VRMM) offers a structured way to assess where you are, where you need to go, and how to get there. 📌 Use it to benchmark your program, identify blind spots, and build a more resilient risk posture. 👉 https://lnkd.in/gmw8x55C #VendorRisk #TPRM #RiskManagement #Compliance #Smarsh

1

Purple Teaming turns assumptions into evidence. By emulating real adversaries, security teams validate SIEM and EDR detections, expose telemetry blind spots, and pressure-test incident response under live conditions. The result isn’t more alerts, it’s measurable detection quality and faster response where it actually breaks. Measure what you detect. Fix what you miss. 🛡️ #PurpleTeaming #DetectionEngineering #SOC #Seccureops #IncidentResponse #CyberSecurity #ThreatEmulation #SecurityMetrics

4

1 Comment

Deepfakes and AI-powered social engineering are making cyberattacks more sophisticated than ever. 🤖 Okta's new article dives into these evolving threats and how organizations can build a "human firewall" to protect against them. Learn more about staying secure in the age of advanced deception.

5

Still relying on annual pen tests and hoping for the best? Bug bounty programs flip the script. - Real hackers. Real attacks. Real results. - Continuous coverage, not once-a-year checkboxes. - Pay for validated risk You don’t need more tools, you need better outcomes. Bugcrowd delivers them. Always happy to walk through what this could look like for your org.

15

Revenue Builders Podcast always hits! Great episode with John McMahon & John Kaplan sitting down the Mike Earnest from Wiz. Why should we always be recruiting? It's almost a guarantee that someone on your team is: 1) in the process of promotion 2) being managed out of the business 3) OR WILL SURPRISE YOU. I'd highly recommend this episode to GTM Recruitment or Sales Leadership. Some other highlights from the episode: 🔁 Recruiting is Continuous, Not Cyclical Mike emphasized that recruiting isn’t just a quarterly hiring plan — it’s a daily conversation. It shows up in 1:1s, forecast calls, and leadership meetings. Talent risk is treated just like pipeline risk. And the key question leaders are asked is: “If you had to promote someone tomorrow, who’s ready? If someone left today, who’s next in line?” This mindset shifts recruiting from being a reactive chore to a proactive advantage. 🔎 Defining and Finding Top Talent Top talent is measurable!! If you’re not screening for these traits in interviews — through storytelling, adversity examples, or behavioral simulations — you’re likely to get burned six months in. Because it’s rarely the skills that trip you up. It’s the traits. -> Curiosity – A hard-to-coach quality that combines emotional intelligence with genuine interest in people and problems. -> Grit – “Doing the hard things when no one’s watching.” The quiet consistency that creates long-term success. -> Coachability, intelligence, and character – Not buzzwords, but foundational behaviors that show up in both wins and losses. 🎯 Ideal Candidate Profiles Are Built, Not Imagined A strong recruiting strategy starts with a real, grounded Ideal Candidate Profile (ICP). It should be based on actual people in your company who are thriving — not a unicorn wishlist. And when hiring managers say, “These people don’t exist,” that’s a signal to get specific, not to settle. 💬 Creativity Wins in Sourcing Mike was blunt: if you're relying on recruiters alone to fill your pipeline, you're doing it wrong. Great leaders own their pipeline, just like they own their deals. Link to episode: https://lnkd.in/gTVurnT3 #Leadership #Recruiting #Retention #SalesLeadership #TalentStrategy #HiringTopTalent #datadog #SaaS #ForceManagement #CareerDevelopment

140

2 Comments

What does it take to secure one of the largest and most high-profile sporting organizations in the world? We sat down with Tomás Maldonado, CISO of the NFL, to explore how he leads security across an incredibly complex ecosystem of 32 clubs, a league office, media properties, and global events. With over 25 years of experience spanning finance, media, manufacturing, and technology, Tomás shared his views on AI governance, proactive security, and what it really means to stay ahead in a constantly evolving threat landscape. This conversation is part of Bugcrowd’s latest report, Inside the Mind of a CISO, which features insights, data, and perspectives from security leaders around the world. 👉 Read the full interview and download the report here: https://lnkd.in/e8DvjUpE #CyberSecurity #CISO #AI #RiskManagement #InfoSec #NFL

7

1 Comment

The combination of Mimecast and Code42 provides organizations with a robust, multi-layered approach to data loss prevention. While Mimecast excels in email security and DLP, Code42's Incydr platform focuses on insider threat management and data exfiltration prevention. Together, they offer a comprehensive solution for organizations looking to protect their sensitive data from both external and internal threats. #Mimecast #DLP Mimecast's DLP solution includes: - Centralized policy management through a web-based console  - Secure messaging capabilities for sharing sensitive information externally  - Seamless integration with Microsoft Exchange  - Content control and encryption for data protection in transit  - Enhanced detection of risky user activities across multiple platforms  - Quick threat detection and response capabilities  - Comprehensive insider threat protection through Mimecast's human risk management platform - Real-time monitoring and instant alerts for preventing data loss - Real-time file activity monitoring across endpoints, cloud services, and email platforms 9 - Advanced user behavior analytics with risk scoring capabilities - Over 250 contextual risk indicators for threat prioritization - Automated response workflows for swift incident management Leave a comment or send a message to learn more and take a deeper dive!

8

Public sector agencies face increasing pressure to deliver secure, reliable digital services while navigating complex compliance requirements and evolving cyber threats. Traditional security approaches often struggle to keep pace with modern cloud-native environments, leaving critical applications exposed. 🎙️ Join us for a webinar on how Dynatrace Application Security empowers public sector organizations to proactively protect their applications and data. We’ll explore how Dynatrace’s AI-powered observability and runtime vulnerability detection provide real-time insights into risk exposure, enabling agencies to: ✔️ Identify and prioritize vulnerabilities based on actual runtime context and business impact ✔️ Accelerate compliance with frameworks like FedRAMP, NIST, and Zero Trust principles ✔️ Reduce operational overhead through automated detection and remediation workflows ✔️ Enhance resilience across hybrid and multi-cloud environments without slowing innovation 💡 Whether you’re responsible for securing mission-critical systems or ensuring compliance across distributed teams, this session will show you how Dynatrace helps agencies stay ahead of threats while meeting their unique regulatory and operational challenges. https://lnkd.in/g_H8XfnM

4

1 Comment

Imagine growing your cybersecurity team overnight with experts. Varonis’ MDDR can make it happen. Lean security teams often find themselves chasing alerts without rest. With Varonis' 24x7x365 incident response and alert monitoring, Wyndham Hotels & Resorts could focus their efforts on maintaining compliance and robust security. Learn more: https://lnkd.in/eX3rcnF5

4

SDRs/BDRs- if your messaging sounds like “we have 80% of the Fortune 100 as our customer base” you need to get a lot more specific. You’re using awareness content. You need conversion content. Weak content- “Why Security Posture Matters.” Strong content- “What your CISO will ask before approving a SaaS tool.” Your Marketing team should also be able to track which piece of content converted. Knowing your data and how to use it is just as important as knowing how to cold call and close. AI won’t replace SDRs, but it will replace those who don’t use all the tools available to them. #SDR #GTM #Hiring

14

4 Comments

The holidays bring heightened risk, so before you are your team take off, review some classic cyber hygiene pointers like: ✅ Enabling enhanced monitoring ✅ Establishing incident response protocols ✅ Briefing security teams on local ransomware and malware trends targeting your industry Stay safe this holiday season with CybelAngel!

3

Your CTEM program can’t succeed if it becomes a game of chasing vulnerabilities. Too many findings. No proof of exploitability. No clear ownership. Teams get busier chasing vulnerabilities rather than reducing risk. This whitepaper shows you how to make CTEM work in practice. Download it to learn how to: Map your entire external attack surface ✅ Continuously validate exploitability [not findings here] across every asset ✅ Reclaim team hours by prioritizing real-world risk ✅ Identify and route issues to the right owners ✅ Define KPIs that leadership actually cares about Download the whitepaper: https://gag.gl/LgsHCH #CTEM #AttackSurfaceManagement #ExposureManagement #CyberSecurity #RiskManagement

2

When vs where? Why proactive hiring with a niche sales headhunter who knows how to set expectations is the ONLY way be intentional with your time and career This is the BEST time to network & build connections with your ideal teammates ✅Passive & performing talent looking ✅Founders looking too End of Quarter/ year, vc rounds make people feel like it’s time for a new chapter 📖 Money being paid or expected 💲 People are planning trips, time off Now is the time sellers and founders consider "what is next" (depending on their current scenario/this can be in the next 2 - 6 months) Since we lead with candidates - Questions passive reps ask: "when (and where) should I apply?" "what have you heard about x company?" "do you know when y company is forecasting headcount?" 2 things start happening around this time of year when it comes to top talent that may be open to exploring what is out there and HOW companies get access to this type of proactive seller 1️⃣ Reps stay at their current org: Passive reps just don't apply to anything & commit to another quarter/ year in their current org because it can be "hard" to determine what companies are "worth" looking at and the jobs that are open, the timeline won't match up (in their mind, if they want to take a quick trip before they start a new gig/quota most companies wont be able) so they just keep building their pipeline and enjoy their time off 2️⃣ Sexy reps start applying to the openings they see, or engage w/ internal execs proactively (going on the data they have that it is worth the leg work) Often, leaving their next stepup to chance- what job they happen to SEE is open, or have heard is worth their time to engage with, leaving a HUGE opp for GREAT orgs to create openings for these *hard to attract* type of sellers Companies miss out on the BE$t because they are focused on IMMEDIATE hires vs building proactive connections/value with reps at their competitors PROACTIVLY for future headcount This eliminates their chances of "meeting the best reps" because if every party had an idea of *when* they could plan accordingly that is where It's Destiny Recruiting comes in <3 Neutral 3rd party headhunters solve these problems for both performer & b2b company 💞 we provide intel to candidates on who is hiring (and when) eliminating the chances of "missed connections" while curating gigs that are qualified (we trust our b2b orgs, we know you, we know your timeline/the amount of flexibility) 💞 we support our #gtmstartups that are building their org chart and may be open to seeing someone who is "too good to pass up on" without running an ad 💞 we give our reps a neutral space to talk about their goals, timelines & boundaries + we rep hundreds of b2b orgs so they are not limited to 1 org, providing freedom to discuss what works/doesn't - giving b2b brands access to reps who may have not seen or considered them All we need to know is your expectations and we will fill in the gaps

19

6 Comments

Every SDR leader knows the pain. You finally get your top performer humming, and next quarter you’re backfilling them with someone brand new. That new SDR is learning everything: product, personas, competitors, tools. All before they even get to the hard part…figuring out what to say. Smart leaders bake this ramp into their pipeline models. Some even add “phantom” headcount to cover the gap between fully-ramped reps and the reality that 30% of the team is still learning the basics. The new SDRs heads are spinning as they bounce between six different systems of truth. So it’s no wonder new reps move at a glacial pace. That’s where Roomie AI Spark changes everything. Common Room already brings all your GTM signals into one place. Spark takes it further by turning those signals into natural-language insights that tell reps exactly what’s been happening at an account. Picture this: A champion joins a target account. In the old world, your SDR digs through Salesforce, hunting for context from their last company and stitching together context about the target account. Then they try to Hemingway it into a relevant messsage. It takes 20-30 min per message. In the new world, they hover over the contact in Common Room and Spark instantly surfaces everything — who they are, what’s happened, even Gong call insights from their previous employer. If I’d had this when I led SDR teams, I wouldn’t have needed to model ramp time because ramp time would be cut in half.

29

3 Comments