Trust is the Foundation

I'm Dmytro, a cybersecurity architect who believes that while technology is the tool, trust is the foundation. I spend my days securing digital landscapes – and my mission is to make the complex world of security accessible and manageable for everyone.

Dmytro - Cybersecurity Architect

Latest Blog Posts

Discover recent insights and updates

The Semantic Attack Surface: Defending LLMs Against Prompt Injection
AICybersecurity

The Semantic Attack Surface: Defending LLMs Against Prompt Injection

We are shifting from traditional code-based exploits to manipulating the semantic understanding of language models. Here is a look at why AI systems are inherently hard to secure and what we can actually do about it.
Feb 24, 2026
Read more
Why You Need Implement OWASP SAMM and DSOMM
DevSecOpsOWASP

Why You Need Implement OWASP SAMM and DSOMM

Navigating the world of Application Security can feel like choosing between rigid policies or chaotic automation. Let's explore the two essential frameworks that bridge this gap: OWASP SAMM and OWASP DSOMM (Governance and Execution). By comparing how both models handle critical issues like leaked credentials, you’ll learn how to align organizational governance with technical execution to build a truly resilient security program.
Jan 26, 2026Read more
CISO Assistant: Your Open Source GRC Powerhouse

CISO Assistant: Your Open Source GRC Powerhouse

Cyber threats are becoming more sophisticated and regulatory requirements are stricter than ever, effective Governance, Risk, and Compliance (GRC) management is shifting from a competitive advantage to a fundamental necessity. CISO Assistant is a powerful open-source GRC platform designed to be the single source of truth for your cybersecurity program.
Aug 21, 2025Read more
CISSP Ethics: Don't Let Sleeping Dogs Lie

CISSP Ethics: Don't Let Sleeping Dogs Lie

A core part of being a certified professional is the ongoing commitment to a strong code of ethics. Ultimately, it isn't a passive credential but an active, daily practice. Don't let the sleeping dogs of minor lapses or ignored issues lie. Address them, learn from them, and lead with integrity. It's what being a CISSP is all about.
Aug 05, 2025Read more

OTHER POSTS

05
Jun 2025

DefectDojo: Unified DevSecOps Security

DefectDojo stands out as a powerful and flexible platform for DevSecOps orchestration and vulnerability management. Born out of a deep understanding of the frustrations in cybersecurity, it provides a crucial solution for consolidating, automating, and intelligently managing security findings from a diverse ecosystem of tools.

02
Jun 2025

Living Off The Land (LOTL) Attacks: The Stealthy Threat Within

Living Off The Land attacks represent a fundamental challenge to traditional cybersecurity approaches, exploiting the trust relationships and legitimate tools that organizations depend on for daily operations. However, the combination of SIEM and SOAR technologies provides a powerful framework for detecting and responding to these sophisticated threats.

30
May 2025

Prowler: The Essential Cloud Security Tool

For organizations serious about cloud security, Prowler represents a practical, cost-effective solution that can significantly enhance security postures while reducing the operational burden on security teams. As the cloud security landscape continues to evolve, having tools like Prowler in your security arsenal isn't just recommended—it's essential.

27
May 2025

The Modern CISO: From Doer to Enabler

Edward Roffe’s vision of the CISO as an enabler rather than a doer reflects a pivotal shift in cybersecurity leadership. By empowering teams, shaping strategy, and focusing on metrics like team maturity, business alignment, and risk trends, CISOs can thrive in this role. Monitoring threats, regulations, and business needs keeps them impactful. While challenges persist in some settings, the modern CISO’s strength lies in building a capable team and leading from a strategic perspective.

25
May 2025

RSAC 2025: Key Trends and Emerging Niches

The overarching message from RSAC 2025 is clear: the cybersecurity industry needs to move beyond fragmented, reactive approaches. The future lies in holistic, automated, and context-aware solutions that address the foundational shifts in how organizations operate, particularly the centrality of identity and the pervasive nature of the browser.

18
May 2025

Top Open Source SIEM Tools in 2025

Security Information and Event Management (SIEM) systems are crucial for modern cybersecurity. Learn about the top open source SIEM solutions available in 2025, from established tools like Wazuh and OpenSearch to emerging platforms, helping you build a robust security monitoring infrastructure without breaking the budget.

08
May 2025

How to Measure Cybersecurity with KPIs

You can’t improve what you don’t measure. Cybersecurity KPIs aren’t just a compliance checkbox — they’re the foundation for building resilience, driving accountability, and enabling continuous improvement. They help transform incident response from reactive firefighting into a measurable, managed function.