top of page
Search

A Deep Dive into 2025: The 25 Events, Incidents, Trends, and Content that Defined the Year

  • 4 days ago
  • 7 min read

By Michael Gips


2025 Highlights

Welcome to the 2025 version of what most caught my attention in the world of security in the past year. As I have done in the past, I have asked for assistance from colleagues, several of whom are members of the Life Safety Alliance. You will see them credited with their contribution.


1. Best New Podcast

a. Control Room

Cohosted by Shawnee Delaney and Tyler Grey. It dives deep into all things cybersecurity, fraud, and scams, teaching people how to protect themselves. Interviewees include experts like Erin West, Caitlin Sarian, and Perry Carpenter. 

b. Darknet Diarie

“Explore true stories of the dark side of the Internet with host Jack Rhysider as he takes you on a journey through the chilling world of hacking, data breaches, and cyber crime.” N

ominated by Garry Bergin.

c. Tino Urbina’s Executive Checkpoint

Livestreamed on LinkedIn each week, with highlights released the following week, it is eventually delivered in podcast format to all major platforms.  Christopher Stitt says it “has a pretty broad swatch of manufacturers, integrators, consultants and thought leaders from around the world.” Also nominated by Kasia Hanson.


2. Best New Book

a. Presilience

While it’s tempting to plug my own book, it seems tacky. I’m going with Dr. Gavriel Schneider’s Presilience, which reframes risk from something organizations merely endure into something leaders can actively shape.

b. The Seven Rules of Trust

As for security-adjacent books, the nod goes to this book by Jimmy Wales & Dan Gardner. A timely exploration of how trust functions as a strategic asset in polarized times, it offers practical rules leaders can apply to build resilience in people, teams, and systems.


3. Best Keynote

Ed McLaughlin

At ASIS Europe, the Mastercard CTO highlighted the role technology innovation plays across the interconnected themes of speed, society, trust and security.


4. Best New Conference

SJA Leaders in Security

20 minute sessions, no filler, no BS, no dodging questions.


5. Most Innovative Event

Friends of Chuck Cruise

The Hatted One on the high seas! Not innovative because of technology or format, but because it centered on relationships and conversation. And who could forget those epic rounds of Who Wants to Be a CPP and Security Family Feud?


6. Best Trainer

Marvin “Ben” Haiman (University of Virginia Center for Public Safety and Justice)

For teaching, moderating, and speaking globally at the intersection of law enforcement, security, and moral responsibility. Whether asking how Sweden can learn from Italy’s work against organized crime in Stockholm, or helping practitioners in Operationalizing Never Again in Krakow, Haiman consistently elevates training from technique to engagement.


7. Best LinkedIn Post

Shawnee Delaney, the Insider Threat in the Pantry


8. Most Poignant LinkedIn Poster

a. Burke Sigurdur Brownfeld

For discerning curation in a noisy year, and for highlighting what deserved attention rather than what demanded it.

b. Alexandre Blanc

Garry Bergin notes that Blanc often covers the dark side of AI, social media, and all things cyber.


9. Best New Award Scheme(s)

a. LSA Legends

It will honor lifetime contribution and institutional memory with the same rigorous standards as its Top 40.

b. SSI Trend Setting Technologies

It raised practical innovation over marketing gloss. Winners included RAD’s SARA and i-PRO’s ClassSecure Safety System.


10. Most Conference-Dense Week

OSAC Week (broadly defined)

Security 500, OSAC, DSAC, ISC West, RIMS ERM, and adjacent events turned one week into an ecosystem. If you weren’t in at least one room, you missed something. Even if you were in many rooms, you missed a lot.


11. Best Reports

a. Security Megatrends 2026

A practitioner-grounded forecast that leaders could actually use for planning, prioritization, and board conversations.

b. Mary Meeker’s AI Trends Report (via Kasia Hanson)  

According to Kasia Hanson, it provides the clearest macro context for why AI-enabled threats now feel qualitatively different—because the acceleration is real, measurable, and already here.

c. Verizon Data Breach Trends Report

Old faithful is still at the top of its game.

d. What will it take to enhance perceptions of the work of security professionals? (Security Research Initiative)

Alarmingly, this survey into security professionals perceptions of their own field revealed that less than half (45%) of participants have a positive view of private security.


12. Best New Standards

a. Updated ISO security and resilience standards

They clarify shared language and expectations.

b. The Organisational Risk Culture Standard (ORCS)

Someone finally treats risk culture as a measurable leadership capability, not a slogan.

c. ASIS International School Security Standard

Jeff Slotnick calls this the “first of its kind and an epic effort.”


13. Best New Hashtag

Otherwise known as return on network investment, it’s Chris Stitt’s formulation for the power of networking. And, unlike “Fetch,” it has staying power.


14. Most Consequential Critical Cyber Vulnerability

Per Confidence Staveley, it is React2Shell CVE-2025-55182, a critical security flaw with a maximum severity score of 10.0 that allows an attacker to take full control of a vulnerable server without needing a username or password. 


15. Most Significant Security Incidents

a. Bondi Beach Hanukkah attack

A brutal reminder that open societies require intentional protection. As Australian security practitioner Dave Cohen observed (along with his family) from firsthand experience, the attack exposed the danger of confusing violent extremism with protected speech, and underscored how preventable tragedy often is. 

b. The New Orleans Vehicle Attack

It pierced the Laissez le bon temps roulez spirit of the city.

c. The 345 Park Avenue shooting

It reinforced the lesson of how executive risk may be a matter of wrong place, wrong time.

d. AI-enabled attacks

They blurred the line between digital and physical harm, accelerating impersonation, doxing, and trust erosion.

e. The NPM package 'is' compromise

The compromise occurred in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. BTW, npm is the default package manager for the JavaScript runtime environment Node. Js. Confidence Staveley says the compromise showed us “how fragile our software supply chain really is.”


16. Most Underappreciated Trend

a. The sudden glut of experienced security talent

Federal reductions in force and program drawdowns released a wave of seasoned professionals into the market. This is both opportunity and ethical test. Handled well, it strengthens leadership pipelines. Handled poorly, it commoditizes experience and erodes trust.

b. Security as Part of Organizational Resilience

Bruce McIndoe notes the trend of “getting beyond the tribal Security silo and bridging to the other “protective” silos (BCM. EM/CM, Cybersecurity, EH&S, Compliance. …) and looking at Operational Resilience more broadly and jointly.”

 

17. Best Articles by Publication

a. Security Journal Americas

“The Paradox of Vulnerability in Security” by Christopher Stitt. Stitt explores the cognitive dissonance caused by “vulnerability.” 

b. Security Management

“From Officer to Leader: Rethinking Leadership Development in Security” by Scott Fitzsimmons. Fitzsimmons dismantles the assumption that great operators naturally become great leaders, making a clear case that leadership in security is a distinct discipline that must be intentionally taught, practiced, and supported.

c. Security Sales & Integration

“Is Every Voice Heard?” by Alesia Hendley. In a quiet but pointed essay, Hendley challenges organizations to stop recycling the same small networks and instead broaden who is invited into security conversations.

d. International Security Journal

30 Global Thought Leaders in Security (December issue). The outlook for 2026. Hint: More than just AI.

e. Security

The 2025 Security Benchmark Report. This year’s version confirms persistent talent gaps, budget pressure, and the continued rise of executive protection as a core enterprise concern.

f. Security Executive

“4-Dimensional Security Surveillance = 3-D + Time” — Ray Bernard. Despite the ungainly title, Bernard warns that physical security operations will change more this decade than in all previous history.


18. Best Recruiter Insights

a. Kathy Lavinder

Chris Stitt notes that she provides “poignant, insightful, research-backed and data driven insights into trends, highlights, and foibles of recruiting and applying for senior positions.”

b. Jerry Brennan

My fellow columnist at Security, partnering with Joanne Pollock, covers topics ranging from interviewing and pay transparency to AI skills and cultural fit.


19. Most Significant New Regulation

Martyn’s Law (UK)

A legal duty on venues to prepare for terrorist attacks—born of persistence, loss, and moral clarity. Regulation as consequence. (Per Mike Hurst)


20. Most Notable Governance Action(s) by a Security Association

a. UK Security Industry Authority

It toughens “fit and proper” standards, reframing suitability as an ethics issue. (Mike Hurst)

b. IFPO (UK)

IFPO expanded  professional and leadership certifications, treating security leadership as a learned discipline. (Mike Hurst)


21. Most Significant Case Law

National Recovery Agency Group, LLC v. Durenleau (U.S. Court of Appeals for the Third Circuit)

The case strongly reaffirmed the narrow interpretation of the Computer Fraud and Abuse Act (CFAA). The court emphatically rejected an employer's attempt to use the CFAA against former employees who accessed company systems with authorized credentials (even if allegedly in violation of internal policies), stating that "the 'gates' of access were 'up'" and no hacking occurred. The court held that an authorized employee misusing a work computer isn't a federal crime without hacking, and passwords themselves aren't trade secrets unless developed uniquely. Garry Bergin says that this decision curbs the overuse of the CFAA as a tool for civil litigation in insider threat or ex-employee data access disputes, a common tactic in cybersecurity-related cases.


22. Best Documentary Rollout

The WOMEN IN SECURITY Documentary

A thoughtful, deliberate rollout that matched message to medium. It’s been shown in Chicago, San Diego, New Orleans, Seattle, etc. Next stops in Charlotte, DC, Miami, New York, and elsewhere. The juggernaut rolls on.


23. Biggest Growth Resurgence

Executive Protection

After UHC and 345 Park, everyone needed an executive risk assessment. EP evolved into decision support: intelligence, digital exposure, family safety, and restraint. Was UHC 2025’s 9-11?


24. Best Guide to AI in Security

a. Don Morron

For translating acceleration into understanding, and hype into usable insight.

b. AI Cyber Magazine

Per Confidence Staveley, it provides cutting-edge insights, expert interviews, and in-depth analyses of AI’s impact on cybersecurity.


25. Most Fun Zoom Show

Security and Music, Hosted by James Willison and Michael Gips

Because joy, culture, and curiosity still belong in a profession that too often forgets them. We’ve covered genres from early rock to 80s to jazz and blues to Broadway tunes, as well as themes such as the sea, holiday songs, and security. And what a pleasure it is not talking security all the time with security experts.

bottom of page