Insights

On October 8th, Critical Path Security CEO Patrick Kelley will lead a breakout session at GridSecCon 2025, focused on a challenge many cybersecurity professionals quietly face every day: burnout, imposter syndrome, and the toll of constant pressure in defending critical infrastructure. The Session: Copenhagen Burnout Inventory - Cybersecurity Edition The session, "Mental Health in Cybersecurity: Leveraging the Copenhagen Burnout Inventory," will explore both the personal and financial impact of burnout in the cybersecurity field. Unlike traditional assessments, the Copenhagen Burnout Inventory (CBI) has been adapted specifically for SOC and IR environments. Attendees will learn how the tool measures operational stress across three key dimensions: Emotional Exhaustion - the drain defenders feel after endless incidents and alerts. Cynicism & Detachment - when users or systems start to feel like "the enemy." Personal Accomplishment - whether the work feels meaningful and successful. By quantifying stress, teams can move past guesswork and take…

On October 2nd, Critical Path Security's Patrick Kelley will lead an important session at the Cooperative Technology Conference in Indiana, tackling a topic that hits close to home for every cybersecurity professional: mental health in cybersecurity. The Pressure Cooker of Cybersecurity This industry doesn't come with an off switch. Teams are understaffed, under-resourced, and often left to carry the weight when high-profile technology projects falter. The result is a cycle of overwork, constant vigilance, and mounting pressure that fuels burnout. Burnout and Imposter Syndrome Kelley's session, "Utilizing the Copenhagen Burnout Inventory - Cybersecurity Version," will address how burnout and imposter syndrome intersect. Many in our field feel that stress is theirs alone to manage, but burnout isn't about weakness-it's about conditions that force people beyond sustainable limits. He will outline how frenetic burnout takes hold when ambition collides with shrinking resources, and why those who care most deeply about their…

At Verizon's Boston offices, the CRISP Autumn Training ran over two days and featured two technical sessions led by Patrick Kelley and Jared Haviland of Critical Path Security. Their focus: how Léargas, Zeek, and OT/ICS protocol analyzers turn raw industrial traffic into precise, auditable detections that operators can act on fast. Why this workshop mattered Kelley and Haviland anchored the training in current realities: OT/ICS incidents aren't hypothetical, and the blind spot is often at the protocol layer. Their message was straightforward-pair Zeek's deep protocol visibility with CISA's ACID to surface behaviors traditional IT tools miss, then push those insights into workflows operators actually use. What they showed Zeek's evolution and deployment. The instructors walked through practical changes from Zeek 7 to Zeek 8-enhanced telemetry, storage improvements, broader analyzer coverage, and modern build requirements-then translated that into deployment choices (Dockerized OT builds, tuned workers, and packet-loss discipline) that matter in…

Google's Threat Intelligence team recently published findings on data theft campaigns exploiting integrations between Salesforce, Drift, and Salesloft. The research highlights a growing challenge in cybersecurity: the risk isn't always in the core application, but in the web of connections that tie platforms together. These integrations are designed to increase efficiency, but they can also silently expand the attack surface. A single OAuth token, once granted, may continue to live on even after an app is retired. If abused, that token can provide adversaries with broad access across business-critical platforms. Systemic Risks, Not Isolated Failures This incident is not about one company doing something wrong. It's a systemic problem. SaaS tokens are built for convenience, but they don't always align with the realities of secure lifecycle management. In one example, a token tied to an application decommissioned more than a year earlier was still active and later abused by attackers.…