Jorge Monteiro's Linkedin Analytics

Breach Attack Simulation is dead. Most BAS tools are just smoke machines. Why? They need a simulated environment to operate. They simulate attacks based on patterns. They follow scripts. They give the illusion of control. But attackers don’t play by your rules, and your simulated environment will not be the same as your production one. That’s the problem. BAS ≠ Automated Pentesting → They can’t discover unknown assets. → They don’t validate risk with real exploits. → They don’t adapt to new vulnerabilities as they appear. They tell you what could happen. We tell you what would happen. That’s why Ethiack is here ✅ We combine AI-powered automation with elite ethical hackers. ✅ We continuously discover, exploit, and validate real risks. ✅ We provide Proof-of-Exploit for every finding. No more simulations. Real attacker behavior. At scale. Don’t let them fool you. They are Not Like Us

CTEM - Continuous Threat Exposure Management Is it just another Gartner buzzword? This time, I don't believe so. I strongly believe this is the future of security, and most companies are still failing at the basics. Why? Because the biggest challenge with CTEM isn’t understanding the theory. It’s operationalizing it. So we built ETHIACK from the ground up to map directly to the 5 pillars of CTEM. From theory to practice—here’s how we help: 🔍 Scoping → Continuous asset discovery (from external to internal assets) → Attack Surface Management Dashboard → Shadow IT Detection → Continuous Change Detection 🎯 Discovery → Vulnerability Detection → AI-Powered Pentesting Engine → Beacon for internal network coverage and testing → CI/CD integration 📊 Prioritization → Proof-of-Exploit for every finding → Risk Exposure Management Score → Grouping, Tagging, and Asset Criticality Mapping → Vulnerability Severity and Prioritization 🛠️ Validation → AI-based exploit attempts → Elite Ethical Hacking Events for custom attack paths → Manual validation by Triagers → Retesting 📈 Mobilization → Real-time Dashboards & Alerts → Executive, Technical and Customer-facing Reporting → Compliance Reporting → Jira, Slack, and other Integrations → Dedicated Customer Security Manager We didn’t retrofit into CTEM. We built Ethiack with it in mind. Because security posture without validation is just… hope. How familiar are you with CTEM?

3 reasons why pentesting is broken in fintech: 1. Point-in-time tests miss fast-moving risk   2. Reports don’t validate real exploitability   3. Compliance ≠ security Instead, use continuous AI-based testing with real exploit validation. That’s what Ethiack does.

In Fintech and Financials, regulation is speeding up. Your pentesting shouldn’t be stuck in 2020. Regulators expect: 👉 Proactive vulnerability detection 👉 Proof of remediation 👉 Evidence of continuous coverage Annual pentests won’t cut it anymore. Ethiack gives you: ✅ Continuous testing ✅ Real exploit proof ✅ Compliance-ready reports on demand It’s not just about checking the box. It’s about proving you’re in control.

Worried about the DORA deadline (April 30, 2025)? Do you truly understand your CTPP landscape? Understanding the Critical Third-Party Providers (CTPPs) landscape is crucial to enhancing business security. The one issue I have with these regulations though are the way many people treat them: only focussing on ticking the boxes of regulatory requirements. Whilst Ethiack supports DORA compliance in some aspects, there is more for you to consider as attackers won’t be stopped by compliance. What you really need is a complete view of your digital assets, both internal and external. Doing this once a year though to stay compliant is super-risky considering our fastly evolving attack surfaces and evolving threats. By testing your attack surface continuously with AI-powered pentesting you will be able to exploit vulnerabilities with the highest level of accuracy at speed and scale. You can still add some human testing for your most critical and complex assets! Don't just be compliant, be secure with Ethiack! Find out more at ethiack.com

Bug bounty programs are changing. Are you ready? Here is my prediction. BB have long relied on human researchers to find security flaws. There are two types of researchers: farmers and hunters But AI Hackbots are changing the game: 🔹 AI can make recon 10x better 🔹 AI can automate vulnerability discovery at scale 🔹 AI will be faster and more precise 🔹 AI will replace 99% of farmers Rather than replacing human researchers, AI enhances capabilities, making bug bounty programs more effective and scalable, and allowing hunters to really hunt the creative and complex vulnerabilities. However, if you are just a farmer, good luck

Sales outbound is painfully for inboxes but do you know what is even worse? VC outbound! It’s incredible the number of VC outbound emails I get every single week! Is that a standard thing? If you are a CEO, do you answer all these emails? If not, do you have any spam rules for cleaning inboxes? 😅 IMO, I find it humanly impossible to focus on the business and be always connecting with VCs.

180% increase from 2023 to 2024 in Data Breaches that started with Vulnerability Exploitation reported by Verizon Let that sink in for a moment. In one year, the amount of Data Breaches from Vulnerabilities has almost tripled. Meanwhile, you are still doing one pentest a year. Good luck with that. Or if you don't want to keep playing with luck and would like know how to prevent this, just DM me

The digital is usually unseen.. This ends today! Visualiser is officially out This new feature is available to all our users from free trial to enterprise. This is Attack Surface Management as you have never seen before. Check it out now and give some feedback

Why you need Attack Surface Visualization — and how ETHIACK just leveled up ASM for you Seeing is understanding. You can't protect what you don't know 🆕 Attack Surface Management Visualizer shows you your digital footprint like never before. 👉 The Outcomes Full visibility of your external, internal, and cloud assets Real-time map of your attack surface — in 2D and 3D Prioritized vulnerabilities based on risk context Faster, more confident decisions on remediation ⚠️ The Cost of No Visibility Missed shadow IT assets → undetected entry points Manual asset tracking → outdated and incomplete Siloed tools → no unified view of your exposure and supply chain 🔧 The Problem We Solve Most Attack Surface Management (ASM) tools give you lists. We give you interactive visual maps—with real exploit data underneath. ✅ Asset discovery (external + internal) ✅ Live topology of your environment ✅ Visual overlays of vulnerabilities and risks ✅ Risk scoring based on exploitability Visibility is the first step, always Understanding your exposure is half the battle.

🚨 CVE Super Critical Alert Everyone is talking about this letter in Cybersecurity What is this all about? Is the game changing? MITRE’s support for the CVE program may expire today (April 16, 2025). The letter below was sent to CVE Board Members to warn them of a potential service break — a gap that would ripple through the entire vulnerability management ecosystem. Let’s connect the dots: 🔹 NVD (run by NIST) is already in trouble with delays, deferrals, and massive CVE backlogs 🔹 Now, MITRE, the upstream backbone for CVE creation and enrichment, is at risk 🔹 If MITRE’s role is paused or broken, the entire chain collapses: from scanners to advisories to national security infrastructure The impact will be tremendous. This is what will happen very fast: 👉 90% of Scanners will be outdated because they are just dependent on CVE/NVD feeds 👉 Lots of security teams will fly blind, without new vulnerability research 👉 Thousands of vulnerabilities will sit unenriched, unactioned 👉 Thousands of 0days will start being exploited in the wild And in the middle of this mess… AI is emerging. 🔥 The timing couldn’t be more ironic — or more critical. If traditional CVE pipelines crumble, AI hackbots and autonomous pentesting agents may thrive. No human team will keep up with the mess manually. No scanner will know what to look for without updated databases. ⚠️ This is a call to rethink how we do vulnerability discovery. We’ve over-centralised trust in fragile, bureaucratic systems. What is the turnaround here, in your opinion?

If you are a CISO, you need to start thinking about Continuous Exposure Management — Here is how Ethiack makes it real 👉 The Cost of No Action Shadow IT going undetected Unknown assets = unmonitored risks False positives burn your team’s time “Compliance” without real security Expensive pentests that go stale in weeks 👉 The Problem We Solve ✅ Continuous discovery ✅ Continuous testing ✅ Continuous validation ✅ Continuous mobilization 👉 The Outcomes Continuous attack surface visibility Real risk reduction, proven with evidence Faster remediation cycles (MTTD & MTTR slashed by 90%) Audit-ready reports and dashboards Ethiack is your engine We make exposure visible, verifiable, and actionable.

Imagine this:   A developer spins up a test instance.   It gets exposed.   No one knows.   30 days later, it’s exploited. Now imagine you had AI pentesting running continuously.   That instance gets flagged, exploited, and shut down in hours. That’s Ethiack.

Today ETHIACK is cooking something Are you ready?

“there are ALWAYS vulnerabilities” André Baptista, hacker, 2025 ALWAYS! So, if there are always vulnerabilities, why …do you think an occasional pentest is enough? … are you still afraid or embarrassed to say that you are vulnerable? … are you reliying on one provider to find all these vulnerabilities? … don’t you embrace them as your first priority on cybersecurity strategy? If you are interested to listen the perspective of this hacker go to Expresso Liga dos Inovadores Podcast (Portuguese) https://lnkd.in/dy_gNR6s

matosinhos.tech is organizing the most cosmic event in Porto - Hack the Planet 1st of April 2025 join me and let’s hack some stuff with Alex Olsen There is also a DJ, delicious food, and drinks afterward. I am super excited. Join us here https://lnkd.in/dq8y7q4T

Can you find what is big at FinAI? Comment it before you expand the post! … If you said João Freire de Andrade, you are 62% right! Yes, this guy is f*cking HUGE! Not only in size, but mostly in value. I need to take my hat off to him. Seriously, this giant has been showing me all his size these past months. If there was someone that had reasons to not invest in Ethiack was João. His first impression of Ethiack was witnessing in person a discussion between the founders. Not the best first touch I guarantee you. Did he pull out? No. (maybe a lesson for all the VCs out there bragging that they make a decision to invest in the first 30sec of a call) He did what a good investor should do. He put us in contact with his tech team, with potential costumers and he did a proper due diligence. He ended up investing. And after the money is transferred he keeps showing me that investing is not about money, but about value. He puts all his energy into his investments. He messages, calls, connects me, and makes me jump on every stage he can find. And I am sure he will not stop. To this force of nature, thank you for believing and pushing us everyday 🙏 Grateful to have Start Ventures onboard and be part of The Fintech House ecosystem. … But what are the other 38%? That is just the % of data breaches that started with vulnerability exploitation (data from Mandiant 2024) You can see that on the slide in the picture That is also very BIG! But lets discuss that later 😉

Not to brag here but... Jornal de Notícias says that ETHIACK is at the vanguard of Portuguese technology and creativity. It's nice to see all the recognition. Now back to work!

What a special night at matosinhos.tech We talked about the choice you shall do today. Hack or Get Hacked If you are not being proactive and hacking yourself frequently, you are not preventing enough and you will get hacked But you deserve to get hacked! So start now and get ethically hacked! Or you will get criminally hacked soon. Thanks to Nelson Sachse and all the team for the invitation and empowerment. And congrats to the amazing audience and Alex Olsen for making this night cosmic. If you never heard about matosinhos.tech, go and check it out now. What a community! See you soon

Today we made an important decision at Ethiack: We got rid of all ethical hackers, because AI is replacing them all The next step will be to get rid of all Customer Success and Engineers God, I just love AI 💚