Jason Edelstein

Heads CyberCX’s global Security Testing and Assurance (STA) practice — described in the 2026 Hack Report as “one of the largest private sector teams of penetration testers, red teamers and offensive cyber security experts anywhere in the world.” Author of the 2026 Hack Report foreword. The STA-side counterpart to hamish-krebs (DFIR).

Positions captured in the KB

• Defender improvement is real but losing the race. “To get ahead, defenders need to get better, and at a faster rate than attackers do. The rate at which threat actors increase their capability and impact is difficult to quantify, but no reasonable estimate would put this in the ‘low single-figure percentage’ range. At this rate of improvement, defenders are falling behind.” [[2026-05-12-cybercx-2026-hack-report]]
• AI adoption is creating a controls gap. “When tested, artificial intelligence (AI) systems contain far higher rates of severe findings, suggesting that the widespread race to adopt and benefit from AI is seeing security considerations often overlooked and new risks introduced.” [[2026-05-12-cybercx-2026-hack-report]]
• Root-cause concentration is actionable. “Almost all severe findings fell into four categories, helping to narrow down where defenders should focus their efforts.” [[2026-05-12-cybercx-2026-hack-report]]

See also

• cybercx
• hamish-krebs — DFIR counterpart at CyberCX
• dimitri-vedeneev — Hack Report lead author
• ai-security-defense