COMMENTARY: At
Black Hat USA 2025 last week in Las Vegas I attended a panel on the need for deeper collaboration between agencies like CISA and private industry. Government and private-sector leaders agreed that true resilience requires not just technology, but trusted partnerships and open sharing of threat intelligence.
During the Q&A, an audience member asked whether suppliers should do more to share information and security capabilities with their customers.
[
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
Pat Opet, chief information security officer of JP Morgan Chase, responded by revisiting his open letter to suppliers, sharing the frustration of customers who must negotiate for access to critical logs during a breach, a topic I covered in a May 12
SC Media column.
As the
ShinyHunters Salesforce exploit unfolded, Pat’s comments were especially timely. But it was Nicole Perlroth’s Thursday
keynote that reframed these operational frustrations as part of a deeper challenge rooted in people, incentives, and culture.
Nicole Perlroth’s Keynote: The real scarcity is courage
Nicole Perlroth, the former New York Times cybersecurity correspondent turned advisor and investor, began by noting that attackers are innovating and collaborating faster than defenders can keep up. She described how criminal groups share tools, learn from each other, and leverage automation and AI at scale.
Her message was that the most limited resource in cybersecurity is not technology, but courage. She argued that fear of reputational harm or regulatory scrutiny too often leads organizations to delay disclosures or avoid raising difficult truths, which ultimately benefits adversaries.
She shared examples where courageous decisions changed outcomes: CISOs who insisted on early disclosure, incident responders who fought for transparency, and teams that exchanged threat intelligence during active attacks all helped stop threats before they could spread.
Perlroth challenged leaders to build environments where it’s safe to surface problems without fear of punishment. Just as attackers thrive on collaboration, she warned, defenders will continue losing ground if they work in isolation. “No one wins alone,” she said. “The adversaries are working together. If we don’t do the same, we will keep losing ground.”
Courage and transparency are scarce, but more essential than ever. The hesitation some organizations show in promptly sharing threat intelligence or surfacing breach details is often less about technical barriers and more about fear of reputational harm or regulatory scrutiny.
Perlroth’s keynote was more than a call to arms. It was a call for optimism and shared responsibility. The events of last week remind us that progress depends not just on technology, but on the courage to be transparent, collaborate, and treat security as a shared responsibility.
If we can rise to this challenge, we can make some real progress.
Amir Khayat, co-founder and CEO, VorlonSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
