CMD+CTRL Security Blog

Securing the Digital Connective Tissue: Best Practices for API Security

CMD+CTRL Security — Tue, 12 May 2026 13:30:00 GMT

What Is API Security?

API security is the practice of protecting Application Programming Interfaces from unauthorized access, data exposure, misuse, and exploitation.

Building a Secure Foundation: Core Cybersecurity Practices for Developers

CMD+CTRL Security — Tue, 07 Apr 2026 13:00:05 GMT

Security is not a final checklist item. It is a mindset that must be integrated into every step of the development process.

Turning MITRE ATT&CK v18 into Behavior-Driven Defense

CMD+CTRL Security — Mon, 09 Mar 2026 12:30:00 GMT

The MITRE ATT&CK^® framework remains one of the most influential tools for understanding real-world adversary behavior. With the release of ATT&CK v18, MITRE has introduced some of the most consequential changes in the framework’s history—changes that directly impact how organizations design detections, instrument applications, and align security strategy across teams.

For AppSec leaders, developers, and CISOs, this update is less about learning a new matrix and more about adapting to a behavior-driven security model that better reflects modern attack paths.

Agentic AI and the Next Wave of Security Risk

CMD+CTRL Security — Tue, 06 Jan 2026 13:00:00 GMT

As organizations race to integrate agentic AI into their development and operations workflows, a critical pattern is emerging. AI autonomy is outpacing security maturity. While agentic systems promise productivity and speed, they also introduce entirely new pathways for misuse and exploitation.

But here’s the real story: agentic AI isn’t just “new.” It mirrors an old challenge in a more dangerous form.

Securing the Cloud: Tame the Chaos of Cloud Misconfigurations

Jose Lazu — Mon, 29 Dec 2025 13:00:03 GMT

If this year has taught us anything, it’s that cloud security isn’t just an infrastructure problem. It’s a human one.

Organizations are rapidly migrating to multi-cloud environments, but security teams are still playing catch-up with IAM complexity, policy drift, and configuration debt. That’s why we’re offering two new courses designed to tackle the problem head-on:

How the CMD+CTRL Data API and Smart Catalog Power Smarter Secure Code Training

Jose Lazu — Mon, 22 Dec 2025 18:27:43 GMT

Turning Training Insight into Action with the CMD+CTRL Data API

If you’ve ever tried to get real clarity from training data, you know the feeling: multiple spreadsheets and reports that tell you “Who took what,” but not “what it means.” That’s about to change.

The new CMD+CTRL Data API gives teams the power to unlock learning insights in real-time directly in your own dashboards, analytics platforms, and compliance systems. Whether you live in Power BI, Tableau, or a custom compliance portal, your data now moves with you, not against you.

The New Age of API Security Training

Jose Lazu — Thu, 18 Dec 2025 15:13:10 GMT

APIs are everywhere, and so are attackers. If your API strategy hasn’t evolved since the OWASP 2017 era, the fact of the matter is that you are behind.

OWASP Top 10 2025: A Product Leader's Guide for CISOs, GRC, and Training Owners

Jose Lazu — Tue, 16 Dec 2025 13:00:00 GMT

Last month, the OWASP Foundation announced the release of the 8th installment of the OWASP Top 10, as it typically does every few years. This release forces folks in AppSec, Product, and GRC roles to pause and assess whether they are training people on what causes breaches today.

Stop Relying on Quantum Fixes: Build Secure Realities from the Start with Proactive Training

CMD+CTRL Security — Fri, 12 Dec 2025 13:00:01 GMT

Security in cloud-native, high-velocity development environments is about more than avoiding failure. In today’s threat landscape, it’s about preventing avoidable mistakes from cascading into costly incidents.

Beyond Developers: Why Proactive Security Training Must Reach the Entire SDLC

CMD+CTRL Security — Tue, 09 Dec 2025 19:12:32 GMT

One of the most persistent misconceptions in AppSec is that secure development is a problem exclusive to developers. However, vulnerabilities don’t originate solely from code; decisions, trade-offs, and misalignments across the entire lifecycle also contribute to errors and exposure.