Cloud adoption has fundamentally reshaped security operations, bringing flexibility and scalability, but also complexity. In this session from the Take Command 2025 Virtual Cybersecurity Summit, Rapid7’s product leaders discussed how today’s SOC and MDR capabilities must evolve to keep up. Hosted by Ellis Fincham, the panel featured Dan Martin and Tyler Terenzoni, who shared real-world insights on what cloud detection and response truly requires, what CNAPP can and can’t solve, and how to bridge the growing gap between alerts and actionable context.

The cloud has changed the rules

Traditional SOC tooling often struggles to keep up with cloud-native architectures. Dan Martin opened the discussion by highlighting a key shift:

“Detection doesn’t start at the endpoint anymore. It starts with understanding your architecture.”

The panel emphasized that while cloud offers flexibility and scale, it also introduces operational complexity. From short-lived containers to decentralized ownership, cloud environments require a different approach.

Visibility is the starting point

Tyler Terenzoni spoke to the importance of understanding what’s running and who owns it:

“There’s always a disconnect between what engineering thinks is in the environment and what security actually sees.”

He noted that cloud visibility isn’t just about logs, but also understanding user behavior, policy changes, and asset configuration in near real-time. Without this, SOC teams are often reacting to alerts without enough context.

This issue was reflected in the post-event survey, where 35% of respondents listed lack of visibility across the environment as a primary challenge in their threat detection efforts.

CNAPP isn’t the answer - but it helps

The panel clarified that Cloud-Native Application Protection Platforms (CNAPPs) are useful, but not a complete solution. According to Dan Martin:

“CNAPP is great for giving you coverage, but it doesn’t give you the operational context your SOC needs.”

Integrating CNAPP data into SIEM, XDR, and MDR platforms enables richer investigations and tighter correlation across sources.

The shift from alerts to contextual action

Rather than focusing on the volume of alerts, the speakers urged security leaders to ask: can we act on this alert quickly and with confidence?

Dan Martin shared:

“It’s not about reducing alerts, it’s about giving your analysts the context to know what matters and what to do about it.”

Tyler Terenzoni added that turning alerts into action requires better integrations and unified telemetry. Without that foundation, even advanced detections can lead to noise and inefficiency.

AI will play a role, but not alone

While the session didn’t center on AI, the panel acknowledged its growing role in detection workflows. Dan Martin noted:

“AI helps with triage and correlation, but your success still depends on how well your tools talk to each other.”

The emphasis was on automation that supports analysts, not replaces them, especially in cloud environments where missteps can be costly.

Watch the full session on demand

If your team is looking to strengthen cloud detection, improve response times, or better align MDR with cloud operations, this session offers real-world insights and practical guidance.

Watch the Full Session

As India's economy rapidly digitizes, cybersecurity challenges are becoming increasingly complex. This May, Rapid7 launched our inaugural Global Security Day series across India, bringing together top security leaders in Mumbai, Delhi, and Bengaluru to address the most pressing cyber threats facing organizations in 2025.

Key insights that emerged

Across all three cities, several critical themes emerged that are shaping India's cybersecurity landscape:

AI is No Longer Optional: Organizations recognize that AI has become essential for threat detection, exposure management, and SOC operations. The question is no longer whether to adopt AI, but how to implement it effectively.

Attack Surface Explosion: Cloud misconfigurations, insecure APIs, and identity misuse are driving today's biggest risks. Organizations are struggling to maintain visibility and control across increasingly complex environments.

SOC Modernization is Urgent: Traditional Security Operations Centers need fundamental transformation, with automation and AI at their core to handle the volume of modern threats.

Talent Gap Challenges: Upskilling and reskilling initiatives are critical to closing the cybersecurity talent gap that's affecting organizations globally, but particularly acutely in India's booming tech sector.

Regulatory Evolution: India's evolving cybersecurity regulatory landscape is shaping how organizations approach their security investments and strategy development.

A journey across India's cyber capital cities

Our three-city roadshow, organized in collaboration with Information Security Media Group (ISMG), focused on the theme "2025 Cyber Threat Predictions: AI-Driven Attacks, Ransomware Evolution, and Expanding Attack Surface." The response from India's cybersecurity community was overwhelming, with 138 security leaders and delegates participating across all three cities.

Launching with impact in Mumbai (May 8)

Our Mumbai kickoff set the tone for the entire series, drawing 43 security leaders eager to dive into critical cybersecurity challenges. Rob Dooley, General Manager APJ, welcomed attendees before Regional CTO Robin Long delivered comprehensive insights on:

• Global and Asia-Pacific threat landscape trends
• The evolution of ransomware from double extortion to hybrid attacks
• Expanding attack surfaces driven by cloud misconfigurations and insecure APIs
• Next-generation defense strategies leveraging AI and continuous threat exposure management (CTEM)

The highlight was our fireside chat featuring Starlin Ponpandy, CISO of Orion Systems and Rapid7 customer, discussing ‘Building a New-Age SOC: Practical Applications of AI’. The conversation explored choosing the right SOC model, building effective teams, and navigating the complexities of AI trust and explainability.

The main focus of the Q&A was the evolving cyber threat landscape and how organizations can prepare for 2025's AI-driven, increasingly complex attack environment.

The conversation was dominated by leaders sharing insights on the rise of AI-powered threats, the shift in ransomware tactics to double and hybrid extortion and the urgent need for proactive threat exposure management. Rapid7's emphasis on real-time, AI-enabled defenses and automated risk management strategies sparked strong engagement.

Strategic dialogue in Delhi (May 13)

Our Delhi event brought together 43 delegates for candid, strategic discussions about 2025's top cyber threats. Security leaders engaged in deep conversations about AI-powered detection and defense, proactive exposure management, and building resilient SOCs with automation.

The panel discussion on ‘Building a New-Age SOC’ addressed critical challenges including the cybersecurity talent gap and integrating security into DevOps workflows, a thought-provoking conversation examining identity-centric security models and the shift from traditional SOCs to Managed Detection and Response solutions.

Attendees posed incisive questions about upskilling teams in an AI-driven environment, managing tool sprawl, and operationalizing security by design - highlighting the sophisticated thinking of India's cybersecurity leadership.

Tactical discussions in India’s Silicon Valley - Bengaluru (May 15)

Our Bengaluru finale drew the largest crowd with 52 delegates, including CISOs and cybersecurity executives from across South India. The discussions were highly tactical, focusing on:

• Modernizing SOCs through AI-led threat detection
• Countering double and triple extortion ransomware
• Risk automation and secure cloud transformation

Veteran industry speaker Satish Kumar Dwibhashi joined Robin Long for discussions that reinforced a clear theme: security strategy must evolve in lockstep with attacker innovation.

Building for the future

The success of our India Security Days reflects not just the hunger for cybersecurity knowledge in the region, but also Rapid7's commitment to supporting India's digital transformation journey. We're excited to announce that we're expanding our presence with a Global Capability Center (GCC) in Pune, which will serve as a hub for innovation and home to teams across engineering, business support, and our Security Operations Center (SOC).

This initiative represents more than just business expansion - it's about building cybersecurity capability and expertise right here in India, that will shape a secure digital future for organizations around the world.

The road ahead

The conversations, connections, and insights from our India Security Days have reinforced our belief that India's cybersecurity community is among the most forward-thinking globally. The challenges are significant - from AI-powered attacks to evolving ransomware tactics - but so is the talent, innovation, and determination to address them.

As we look toward 2025 and beyond, events like these remind us that cybersecurity is ultimately about people: the security leaders making tough decisions, the practitioners implementing defenses, and the communities sharing knowledge and supporting each other.

Thank you to all the security leaders who joined us in Mumbai, Delhi, and Bengaluru. Your engagement, questions, and insights made these events truly impactful. We look forward to continuing these conversations and supporting India's cybersecurity community as we navigate the challenges and opportunities ahead.

Interested in joining our growing team in India? Learn more about career opportunities at our new GCC in Pune.

At the Take Command 2025 Virtual Cybersecurity Summit, a standout session titled Risk Revolution brought together Rapid7 product leaders and ESG analyst Tyler Shields to unpack the evolution of exposure management — and how organizations can build more context-driven, proactive risk strategies.

Hosted by Ryan Blanchard, Senior Manager, Product Marketing at Rapid7, the panel featured:

• Jane Man, Senior Director of Product Management, Rapid7
• Jamie Douglas, Specialist, Rapid7
• Tyler Shields, Principal Analyst, Risk and Vulnerability Management, ESG

Here are the key takeaways from the discussion, along with supporting insights from the post-event attendee survey.

From vulnerability management to exposure management

The session opened by distinguishing exposure management from traditional vulnerability management. Tyler Shields explained:

“Exposure management is the maturation of vulnerability management… It's understanding risk, business context, and prioritizing accordingly.”

Rather than focusing solely on patching, exposure management is about knowing what to fix, why it matters, and who owns it and doing it continuously.

Visibility gaps are slowing teams down

Visibility was a central theme throughout the session. Jane Man noted:

“A lot of the customers we talk to still struggle with just identifying what they have.”

This challenge was echoed in the post-event survey, where 53% of respondents cited identifying unknown assets as the top challenge in their exposure management programs.

Tyler added:

“You can’t protect what you don’t know about. And you certainly can’t prioritize it.”

Prioritization must be contextual

Prioritization remains a major hurdle for many organizations. Jamie Douglas stressed that severity alone isn’t enough:

“You can have a critical vulnerability on a printer, but if it’s segmented and not internet-facing, is it really a priority?”

The team emphasized the importance of integrating business impact, asset criticality, exploitability, and ownership into the prioritization process.

“If you don’t tie risk to business context, you’re just chasing numbers,” Tyler noted.

It’s time to break down silos

A powerful moment in the session came when the panel discussed collaboration across functions. Jane shared:

“Security doesn’t operate in a vacuum. You need buy-in from engineering, cloud, compliance - everyone has a role in risk reduction.”

Without shared language and unified dashboards, visibility doesn’t translate into action. The speakers urged teams to build bridges with IT and DevOps to ensure findings are actually resolved, not just reported.

Survey: risk prioritization is lagging behind

In the survey, only 18% of respondents said their organizations integrate threat intelligence into exposure management “very effectively”, highlighting a clear opportunity to improve how teams prioritize risk with real-time context.

This stat reinforces the panel’s broader message: that exposure management isn’t a point-in-time project — it’s a continuous, evolving practice.

Watch the full session on demand

For a deeper dive into the frameworks, real-world examples, and exposure strategies discussed in this session, watch Risk Revolution on demand.

Watch the Full Session

One of the most actionable sessions at the Take Command 2025 Virtual Cybersecurity Summit came directly from the field. In a panel hosted by Aniket Menon, VP of Product Management at Rapid7, security leaders from Cross Financial Corp, Phibro Animal Health Corporation, and Miltenyi Biotec shared how they’re evolving vulnerability management into a proactive exposure management strategy.

With real-world examples, team metrics, and shared challenges, the panel offered practical advice for teams ready to modernize their approach and reduce risk with more focus and confidence.

From VM to EM: A shift in mindset

Panelists agreed: traditional vulnerability management practices can’t keep up with today’s dynamic, hybrid environments. To stay ahead, security teams must shift toward continuous exposure assessment - building context around vulnerabilities and aligning efforts with business priorities.

As one attendee later shared in our post-event survey:

“Moving from vulnerability management to exposure management isn’t just a process change - it’s a mindset shift. It forces us to be more proactive.”

This takeaway aligns with broader findings from the summit survey, where 64% of respondents identified exposure management as a top priority for improving their detection and response strategies.

Prioritization requires business context

Volume isn’t the issue - context is. The panel emphasized that real risk reduction happens when teams align remediation priorities with asset value, exploitability, and operational relevance. That means:

• Building dashboards tailored for different stakeholders
• Connecting security and IT teams through shared language
• Using context to elevate urgency and drive action

You can’t fix what you can’t see

Despite tool investments, many organizations still struggle with asset discovery and visibility. In fact, 53% of survey respondents said identifying unknown assets is the most challenging part of exposure management.

As Edward Chang, Senior Manager of Cybersecurity and Compliance at Phibro Animal Health Corporation, explained during the panel:

“No one has 100% visibility. But if we can improve what we see and give that context to the right teams, we’re already ahead of where we were last year.”

The session encouraged using telemetry, automation, and unified data views to close gaps across environments.

Bridging the gap between security and operations

A recurring theme across the panel was the need for collaboration between security, infrastructure, and engineering teams. Effective exposure management doesn’t just rely on the right data — it depends on the right relationships.

Security teams must be integrated into how organizations build, deploy, and operate — not treated as a separate or downstream function. Building that alignment means treating security as an enabler, not a roadblock.

Ownership, accountability, and human risk

Beyond technology, the session also addressed ownership and accountability. Security leaders must not only flag risk — they must clearly assign and communicate responsibility. As attack surfaces expand and teams diversify, the ability to coordinate across functions becomes even more critical.

Watch the full panel on demand

If you're looking to strengthen your vulnerability management program or build a more proactive exposure management strategy, this session offers a roadmap shaped by real-world experience.

Watch the Customer Panel On Demand

The Take Command 2025 Virtual Cybersecurity Summit wasn’t just about sharing insights, it was about listening. After the live sessions wrapped, we surveyed attendees to understand where their security programs stand today, what challenges they’re facing, and what they found most valuable during the event.

Now, we’re excited to share those insights in a new downloadable infographic - The Take Command: Pulse of the Industry Survey, capturing the state of exposure management, AI adoption, MDR maturity, and more.

Here are a few standout takeaways from the survey, and where to dive deeper in the sessions on demand.

Exposure management: confidence is growing — but challenges remain

80% of respondents said they have confidence in their ability to respond to cyber risks through their exposure management program, and 60% reported successful integration of EM into their broader security workflows.

But the day-of survey showed a more nuanced reality. More than half of respondents cited “identifying unknown assets” and “monitoring third-party risk” as the top challenges in their exposure programs.

To explore solutions and strategies, check out Risk Revolution: Proactive Strategies for Exposure Management.

MDR adoption is strong — but visibility still needs work

58% of respondents rated their detection and response capabilities at 4 or 5 out of 5, and most teams using MDR cited a need for 24/7 monitoring and support for under-resourced teams. But 21% rated their confidence at 3 or below, indicating that making the right choice in MDR partner is critical.

In sessions like Inside the SOC and Demystifying Cloud Detection & Response, Rapid7’s teams shared real-world threat hunting stories and cloud-centric detection tactics to help close the gap.

Generative AI is a double-edged sword

Generative AI was one of the most discussed topics across the day — and for good reason. 50% of respondents said they were “very” or “extremely concerned” about adversaries using AI to enhance cyber attacks. Yet 36% of respondents say they’re not currently using Generative AI in their own security operations, citing barriers like tool integration, cost, and lack of skilled personnel.

For those navigating this space, AI in Action and Rise of the Machines both delivered practical examples of how teams are using AI responsibly to improve triage, detection, and response — while setting the necessary guardrails for safe adoption.

What attendees found most valuable

Take Command 2025 drew more than 2,200 live attendees, with on-demand views continuing to grow — and the feedback was clear: the content delivered. 67% of survey respondents rated the speakers as “Excellent”, with similarly high marks for session content and delivery.

When asked about their biggest takeaways, attendees consistently highlighted:

• Exposure management and risk visibility are key
• SOC operations and real-world case studies
• AI’s role in transforming security strategy
• The importance of “thinking like a hacker” to improve defenses

Attendees also appreciated the balance of voices, with one noting:

“Good mix of internal and external resources that knew what they were talking about and how to deliver it to a wide audience.”

Another shared:

“I didn’t think Rapid7 could improve its ability to unify information — but the new Exposure Command solution has done just that.”

From the depth of expertise to the variety of session formats, the summit resonated with attendees across roles, regions, and industries.

Explore the full infographic

Want a deeper dive into the data? Download the full Take Command: Pulse of the Industry Survey infographic to explore:

• Where teams are seeing success with exposure management
• How GenAI is being used (or not) across security operations
• What MDR teams are prioritizing — and what’s holding them back
• The biggest technical and strategic challenges security leaders face in 2025

[Download the infographic]

Catch up or rewatch: all sessions on demand

Whether you missed the live event or want to explore specific topics in more detail, every session from Take Command 2025 is now available to watch on demand.

In one of the most anticipated sessions of Take Command 2025, Raj Samani, Chief Scientist at Rapid7, sat down with Trent Teyema, former FBI Special Agent and President of CSG Strategies, for a candid conversation on how threat actors are evolving and what defenders must do to keep up.

Moderated by Brian Honan, CEO of BH Consulting, the panel pulled no punches. From the economics of ransomware to the risks of overrelying on static indicators of compromise, Inside the Mind of an Attacker: Navigating the Threat Horizon served as both a wake-up call and a roadmap for modern security strategy.

Cybercrime is thriving — and getting smarter

It’s no longer about lone hackers. As Raj put it, “Ransomware has become a business.” Today’s threat actors are highly organized, well-resourced, and increasingly leveraging professional tools and affiliate networks.

One striking takeaway: groups like RansomHub are reportedly earning tens of millions of dollars per quarter, reinvesting that revenue into toolkits, infrastructure, and even “customer service” operations for negotiating with victims.

Panelists discussed the trend toward secondary extortion tactics, where attackers threaten to notify regulators like the SEC if ransom demands aren’t met — a calculated move to increase pressure without deploying additional payloads.

From indicators to context: why threat intelligence must evolve

One of the biggest challenges facing defenders today is the lack of actionable, context-rich intelligence. While threat intel feeds are abundant, the signal-to-noise ratio is still too high.

“We don’t just need more data. We need better context,” Raj emphasized.

The panel discussed how defenders must move beyond static IOCs and invest in behavioral analysis, context-aware detection, and real-time telemetry to truly stay ahead of threats.

A recent stat from the post-event survey reflects this shift: only 18% of respondents said their organizations integrate threat intelligence into exposure management very effectively.

To beat an attacker, think like one

The message came through clearly: organizations that adopt a proactive, attacker-informed mindset are better equipped to defend against modern threats. That means:

• Red teaming with real-world attacker playbooks
• Understanding how ransomware operators stage and execute campaigns
• Practicing lateral movement detection before it happens

Trent Teyema, drawing on his FBI experience, pointed out that too many organizations still rely on legacy thinking: “They treat cyber like IT, when they should be treating it like crime.”

Paying ransoms: a business risk, not a moral judgment

Both speakers addressed the uncomfortable reality: sometimes ransoms are paid. And while this remains a contentious topic, the panel framed it clearly - it’s a business decision, not a moral one.

Raj urged teams to have ransomware playbooks and decision frameworks defined in advance. This includes:

• Knowing legal constraints (especially around sanctions and OFAC-listed entities)
• Understanding the implications of payment
• Engaging with experienced negotiation partners if needed

Visibility still reigns supreme

From attack surface awareness to SOC visibility gaps, the theme of visibility was woven throughout the session.

As Raj noted, "You can't protect what you don't know about."

The panel closed with a call to action: unify your data, reduce siloed tools, and build detection and response around context, not just coverage.

Watch the full session on demand

If you missed this conversation — or want to rewatch it with your team — the full session is now available.

[Watch Inside the Mind of an Attacker On Demand]

At Take Command 2025, bold ideas and fresh thinking took center stage — in particular in our opening talk From Zero to Hero: Building the Perfect Defense.

Led by Ted Harrington, Executive Partner at ISE, and hosted by Thom Langford, EMEA CTO at Rapid7, this session challenged security leaders to think beyond traditional defenses and imagine a future where cybersecurity is smarter, faster, and proactive by design.

Here’s a quick look at the key insights from the conversation.

Security needs a reset, not a retrofit

Ted kicked things off with a fundamental question: if we could rebuild cybersecurity from scratch, what would we do differently?
Instead of layering on more tools or chasing compliance checklists, today’s most resilient organizations are rethinking their architectures, embedding security principles like Zero Trust from the ground up, and designing systems to stop threats before they strike.

Think like an attacker to build defenses that work

The best defenders don’t just react, they anticipate. Ted emphasized the importance of adopting a hacker mindset within security teams. Creativity, curiosity, and a willingness to question assumptions are critical to staying ahead of adversaries who constantly innovate.
Security strategies must evolve to disrupt attacker workflows, not just patch known vulnerabilities.

Security is a business enabler, not a roadblock

One of the biggest missed opportunities in cybersecurity is the failure to connect security outcomes to business success.
Ted encouraged security leaders to speak the language of the boardroom, framing security initiatives as drivers of trust, resilience, and competitive advantage — not just cost centers or necessary evils.

Burnout and broken structures hold security back

Ted didn’t shy away from real talk about the internal challenges many security teams face.
Burnout, underfunded initiatives, and misaligned CISO roles are slowing progress across the industry.
Organizations must empower security leadership with proper funding, executive visibility, and a seat at the table if they want to build truly resilient programs.

Ready to take command? Watch the full session

Ted’s message was clear: the future of cybersecurity won’t be built on incremental improvements. It will be shaped by organizations bold enough to rethink, reframe, and rebuild from a position of strength.

Want to dive deeper? Catch the full session on demand and explore how you can take command of your defenses today.

Watch Now.

The live sessions may be over, but with every talk now available on demand, it’s the perfect time to reflect on the biggest takeaways from this year’s summit—and how they can help security teams move faster, act smarter, and take control of their attack surface.

From red teaming tactics to regulatory readiness, here are some of the standout lessons and ideas shared by speakers across the day.

1. Red Teaming Isn’t Just About Getting In—It’s About What Happens Next

In Outpacing the Adversary, Aaron Herndon, Senior Director, Sales Engineering at Rapid7 and Will Hunt, Co-Founder of In.security, reminded us that red teaming isn’t just about proving a breach is possible. It’s about helping teams understand how attackers think, where they’re likely to go, and whether detection and response controls actually work in practice.

From creative simulations to critical discussions on ethical boundaries and scope, the message was clear: red teaming is most valuable when it drives real organizational learning.

2. You Can’t Prioritize What You Can’t See

In Risk Revolution: Proactive Strategies for Exposure Management, panelists from Rapid7 and ESG made it clear that visibility remains the top challenge for most teams. Fragmented data, sprawling assets, and misaligned priorities are slowing teams down.

The solution? A unified, risk-aware approach to exposure management—one that considers cloud, identity, data, and application risk in context. Prioritization must reflect business reality, not just vulnerability severity.

3. Cloud Security Requires Context

In Demystifying Cloud Detection & Response, panelists shared how traditional tools aren’t built for dynamic, cloud-native environments. Logs are short-lived, workloads are ephemeral, and identity is often the weakest link.

To respond effectively, SOC teams need visibility, automation, and integrations that bring context across systems. The modern attack surface starts well before the endpoint.

4. Compliance Is Evolving. It's Not a Checkbox Exercise

From Chaos to Compliant brought practical guidance for navigating frameworks like NIS2, DORA, and SEC cyber rules, among others. The takeaway? Compliance and security are strongest when they work together.

With the right tools, processes, and internal alignment, compliance can become a strategic advantage—not just a box to tick.

5. AI Is Here. Use It Thoughtfully

AI was a recurring theme throughout the day, especially in AI in Action. Rapid7’s engineering and product teams showcased how they’re applying AI across triage, prioritization, and detection, while keeping responsible deployment top of mind.

The takeaway: AI can boost speed and scale, but human oversight and thoughtful governance are still essential.

6. Visibility Gaps Are Where Attackers Thrive

In Inside the SOC, Rapid7 threat hunters shared stories of real-world breaches where attackers operated undetected due to logging gaps, missing coverage, or misconfigured systems.

Whether it’s credential theft through Microsoft Teams impersonation attacks or ransomware in unmanaged environments, the message was clear: you need full visibility to stay ahead.

7. Security Is a Team Sport

Across sessions—from exposure management to cloud strategy to customer-led discussions—one thing was clear: effective security requires collaboration.

Security teams, IT, engineering, and compliance all need shared context and coordinated goals to defend today’s growing attack surface.

Catch Up or Rewatch: All Sessions On Demand

Every session from Take Command 2025 is now available to watch. Whether you missed one or want to revisit a discussion with your team, you can dive back in anytime.

Watch on demand here.

Take Command 2025 is officially in the books. From the opening sessions to the final takeaways, the summit delivered a full day of high-impact discussions, fresh research, and powerful stories from across the cybersecurity spectrum.

This year’s event brought together cybersecurity leaders, researchers, red teamers, and policy experts for an honest look at the challenges we’re facing—and the tools, tactics, and mindsets helping us take command in a complex threat landscape.

We’re grateful to everyone who joined us and proud of the conversations that unfolded throughout the day. If you missed any sessions or want to rewatch key moments, every session is now available on demand.

A Day of Firsts: New Research, New Tools, Real Stories

One of the standout moments came during Inside the Mind of an Attacker: Navigating the Threat Horizon session, where Raj Samani and Trent Teyema previewed findings from Rapid7’s latest ransomware intelligence. Based on data from Q1 2025, the discussion touched on shifting attacker tactics, the growing professionalism of ransomware groups, and the need for visibility and response readiness at every level.

Another highlight was Ted Harrington’s keynote, From Zero to Hero: Building the Perfect Defense, which challenged us to reimagine security architecture from the ground up. Ted emphasized bold thinking, Zero Trust foundations, and security’s role as a business enabler—not a roadblock.

Technical Deep Dives and Practical Playbooks

This year’s agenda wasn’t just aspirational—it was tactical. The SOC team took us inside real-world threats in Expert Stories from the Frontlines of Threat Hunting and Malware Detection, sharing lessons from active ransomware and MFA-bypass investigations.

In Risk Revolution: Proactive Strategies for Exposure Management, speakers laid out practical frameworks for prioritizing risk across cloud, identity, data, and application layers. And in Demystifying Cloud Detection & Response, panelists explored how SOC teams can bridge traditional and cloud-native security gaps using the right integrations and context-rich telemetry.

We also heard from customer leaders during Expert Tips to Future-Proof Your VM Program, where panelists from Cross Financial, Miltenyi Biotec, and Phibro Animal Health discussed the shift from vulnerability management to exposure-led strategies.

Compliance, Resilience, and Looking Ahead

With global regulations evolving fast, From Chaos to Compliant session offered clear, actionable guidance for navigating global compliance legislations, such as SEC, NIS2, and DORA amongst many others—without compromising operational efficiency. Sabeen Malik and Lara Sunday reminded us that compliance, done right, can be a catalyst for organizational resilience.

And in one of the most engaging sessions of the day, The Tempest Two shared stories of adventure and mindset that resonated with security teams striving to adapt, overcome, and lead with purpose in high-pressure environments.

Now Streaming: All Sessions On Demand

Couldn’t attend live—or want to revisit a key session? Every session from Take Command 2025 is now available to watch on demand. Whether you’re catching up or sharing with your team, this is your chance to revisit the insights and strategies shaping the future of cybersecurity.

Watch now, on demand

Take Command 2025 is just two days away, and there’s still time to secure your spot. Whether you’ve already registered or are building your agenda now, there’s plenty to look forward to — and it all starts this Wednesday, April 9.

In the lead-up to the live summit, two new on-demand sessions are already available for viewing, giving you a head start on key themes like attacker behavior and regulatory change. And during the event itself, you’ll get an exclusive look at findings from Rapid7’s latest ransomware research — pulled directly from Q1 threat activity and shared publicly for the first time.

This year’s event brings together top minds in cybersecurity for a full day of insights on exposure management, MDR, AI ,threat intelligence, red teaming, and more. It’s practical, high-impact content designed for practitioners, team leaders, and CISOs alike.

Hear the Latest Findings First at Take Command

If you want a pulse check on what’s happening across the threat landscape, don’t miss Inside the Mind of an Attacker: Navigating the Threat Horizon, led by Raj Samani, Chief Scientist at Rapid7.

Raj will be joined by Trent Teyema, Founder of CSG Strategies and former head of the FBI Cyber Division, for a panel that explores attacker methodologies, tactics, and trends. During the session, Raj will share key findings from Rapid7’s latest ransomware research, which will add depth to this important and insightful discussion. Attend this session and you’ll get a special research infographic and link to the detailed blog, which dives into

• Which ransomware groups are most active in 2025 so far
• How pressure tactics and extortion models are evolving
• Which industries are being targeted — and why
• What security teams can do now to reduce risk

Still Time to Register

There’s still time to register and experience Take Command 2025 as it happens. Attending live means you’ll:

• Ask your questions during real-time Q&As
• Hear fresh research and insights as they’re shared
• Connect with experts and peers across the industry

This is your chance to be part of the conversation — not just watch it later. And if your schedule shifts? All sessions will be available on-demand after the event, so you can catch up at your convenience.

Get Ready to Take Command

Take Command 2025 brings together frontline experience, original research, and actionable guidance — all in one virtual event. If you haven’t registered yet, now is the time.

Whether you’re joining live, watching on-demand, or getting a head start with early sessions, this is your opportunity to learn what today’s threats really look like — and how to stay ahead of them.

Register now.

Take Command 2025 is packed with insights from cybersecurity experts, threat intelligence leaders, and hands-on practitioners. But you don’t have to wait until April 9 to start learning. Two exclusive sessions are now available on-demand — giving you early access to critical content designed to help you think like an attacker, respond like a pro, and prepare for what’s next.

Whether you’re in the trenches of daily operations or shaping security strategy at the executive level, here’s what’s in it for you — and why attending Take Command 2025 is a must.

Start Learning Now: Two Must-Watch Sessions, Now On-Demand

Demo: How Hackers Think – The Anatomy of a Real-World Attack.

Want to see how attackers operate in the real world — and how to stop them? In this hands-on demo, Zachary Jones, Senior Security Solutions Engineer at Rapid7, walks through the anatomy of a real-world cyberattack.

You’ll follow the attacker’s journey from initial access to exploitation, seeing how vulnerabilities are identified and used — and how proactive defenses can stop them in their tracks. This session is a great primer ahead of the event for teams looking to better understand attacker behavior and refine detection strategies.

Watch the session on-demand now and come to Take Command 2025 with a sharper perspective on how to defend against what you’ll face next.

Watch Now.

From Chaos to Compliant: Demystifying Cyber Regulations

Cyber regulations aren’t just growing — they’re shifting fast. This session unpacks the global compliance landscape and explores how security leaders can turn policy change into security strength.

Led by Ellis Fincham, EMEA Threat & XDR Sales Specialist Lead at Rapid7, the panel features Lara Sunday, Product Manager at Rapid7, and Sabeen Malik, VP of Global Government Affairs & Public Policy. Together, they provide real-world context on evolving frameworks like NIS2 and DORA, how to adapt to ongoing regulatory pressure, and what global organizations should consider when it comes to regional SaaS deployments and data residency requirements.

If you’re a CISO, compliance lead, or just trying to stay ahead of the next policy shift — this is one to bookmark.

Watch now.

Why Attend Take Command 2025?

This year’s event is built to give you practical guidance you can apply right away — whether you're leading a security program, managing a team, or defending the frontlines.

Here’s what’s in store:

• Expert-led panels and technical sessions on AI, MDR, threat intelligence, exposure management, red teaming, and more
• Exclusive industry perspectives from Rapid7 researchers, product leaders, and global policy experts
• On-demand content before and after the event, so you can engage on your terms

It’s everything you need to command your attack surface with confidence.

Take Command Starts Now

Take Command 2025 goes live on April 9, but you can start learning today. Watch both sessions now on-demand and get ready for a full day of insights that will move your security strategy forward.

Register Now.

With Take Command 2025 just around the corner, we sat down with Raj Samani, Chief Scientist at Rapid7, for a preview of his upcoming session: Inside the Mind of an Attacker: Navigating the Threat Horizon.

Raj will be joined by Trent Teyema, Founder and President at CSG Strategies and former head of the FBI Cyber Division, and moderator Brian Honan, CEO of BH Consulting. Together, they bring decades of experience across cyber intelligence, national security, and frontline incident response.

So what can attendees expect from the session, and the day as a whole?

A Panel Built for Practical Impact

“This isn’t a talking shop,” Raj told us. “The people on this panel are practitioners. They do the job.”

Rather than focus on theory, the session aims to provide clear, actionable guidance rooted in real-world expertise. Raj describes the panel as a rare convergence of perspectives: vendors developing the tools, consultants advising organizations directly, and former government leaders who’ve pursued and prosecuted threat actors.

“We’ve got three legs of the solution represented,” he said. “And the audience is the fourth. Between us, we’re covering every side of the response equation.”

The Shift in Attacker Capabilities

While Raj didn’t give away too much ahead of the session, he offered a clear warning: attacker capabilities have evolved—rapidly.

“In the past, tools and techniques used by advanced nation-state actors were out of reach for most criminals,” he explained. “Now, even relatively inexperienced threat actors have access to those same capabilities. That changes everything.”

Organizations today face a constant flood of vulnerabilities, alerts, and data to prioritize - often without the context needed to make effective decisions.

“It’s not that we have a data problem,” Raj noted. “It’s that we have a context problem. We’re overwhelmed, and the inability to act quickly and decisively is putting organizations at risk.”

That’s where visibility and prioritization come into play—two capabilities central to Exposure Management and solutions like Rapid7’s Exposure Command.

Why This Session Matters

Raj emphasized that this session is about helping practitioners walk away with tangible answers to critical questions:

• How do I know if I’ve been compromised?
• Are adversaries still in my network?
• Which vulnerabilities actually matter?
• What can I do to reduce risk—today?

“These are the questions every security leader needs to be able to answer. Because if you can’t, how long will your executive team trust you to lead the charge?”

Why Attend Take Command 2025?

Raj was clear: this isn’t just another virtual event.

“Take Command is one of our most important moments of the year,” he told us. “It’s where we bring everything together, sharing the latest research, strategies, experiences and innovations from those on the front lines.and give people the chance to hear what’s actually happening on the front lines.”

He also noted that sessions like his don’t come around often, making this a rare opportunity to hear directly from experts working across national security, threat intelligence, and hands-on incident response.

Don’t Miss It

Take Command 2025 takes place April 9, 2025, and features a full day of virtual sessions covering AI, MDR, threat intelligence, red teaming, and more.

Raj Samani’s panel, “Inside the Mind of an Attacker,” is one you won’t want to miss.

Register now.