Co-founder & Contract Principal

Kayne Naughton

Kayne Naughton is a technologist and security researcher with over 20 years of experience across the education, government and finance industries. Since leaving the banking sector Kayne has provided advice, consulting, solutions and training to most of Australia’s leading banks. Kayne is a regular speaker at security events, covering both the offensive and defensive perspectives.

Kayne Naughton

Posts by

Kayne Naughton
Browse all posts
Company News

Cosive Claims First Bounty on the Bluehat Threat Detection Platform

Cosive co-founder and Managing Director Kayne Naughton has claimed the first ever threat detection bounty on the recently launched Bluehat Platform, brainchild of Australian cybersecurity startup Illuminate Security.

Podcast

Episode #001: What Goes Wrong in Threat Intel Programs with Kayne Naughton, MD & Co-founder at Cosive

In this interview Cosive’s Managing Director Kayne Naughton shares what he’s learned about threat intelligence programs throughout his career in vulnerability development, SysAdmin and working on threat intel in the financial sector. Kayne is one of the co-founders of Cosive. Founded in 2015, Cosive specialises in trying to solve the difficult problems in security for Australian and New Zealand organisations.

Threat Intelligence

What Goes Wrong in Threat Intel Programs

In this interview Cosive’s Managing Director Kayne Naughton shares what he’s learned about threat intelligence programs throughout his career in vulnerability development, SysAdmin and working on threat intel in the financial sector.

Cybersecurity

Watching Them Watching You: Opsec for Security Investigators

This post is about how to protect your identity and cover your tracks when conducting security investigations. The recommendations here are part of on operational security (opsec) approach, conducting investigations in a way that denies your targets information about you and your activities and, ultimately, helps to keep you, and others, safe.

Cybersecurity

Don't Shoot The Messenger: Security.txt and Collaborating Effectively With Security Researchers

Security.txt is an effort to make life easier for security researchers and incident responders, and to increase the likelihood that the right people will get notified about security issues. The premise of the idea is that organisations add a ‘security.txt’ document under the ‘.well-known’ directory of websites so that people concerned about your organisation’s security know who to contact. Generally, this will be coupled with a ‘security@’ email address which goes directly to the person or team responsible for security. Here are reasons why adding a security.txt file to your website is probably a good idea.

SOAR

Running Your SOC Playbooks as Code: Use Cases, a.k.a. Don’t Start With Phishing

The first thing that everyone wants to do when they get their brand new SOAR out of the shrinkwrap is solve phishing. I hate to be the one to break it to you, but if we were going to solve phishing, there wouldn’t be six or so anti-phishing vendors out there right now. (Technically malware was the first computer security problem that we struck, with the Morris worm, but in terms of things that face regular users, phishing is the first problem. Paul Graham first started applying bayesian analytics and machine learning to this stuff in the 90s, or something crazy, and we still haven’t solved it yet.)

SOAR

Running Your SOC Playbooks as Code: Getting Started

You know when you run into someone you haven’t seen in for a while, and you’re like: “How’s that car you’re rebuilding?” And then for the next two hours they excitedly tell you about it? That’s pretty much what I’m like with SOAR at the moment (Security Orchestration, Automation, and Response). I’ve been living and breathing SOAR for the last two or three months. It’s a really interesting area, and probably the only thing in security that I think everyone should do.