Joana Pereira

This week, I took part in a NIS2 training session delivered by the Centro Nacional de Cibersegurança - Portuguese National Cybersecurity Centre, in collaboration with the Instituto Politécnico de Viana do Castelo. One thing that really stood out: cybersecurity is no longer “just an IT issue.” It now sits firmly within risk, governance, and compliance, which means leaders and decision-makers are more involved than ever. With threats evolving every day, our approach to Governance, Risk, and Compliance has to keep pace. The focus is increasingly on putting the right foundations in place to identify and address risks before they turn into incidents. It’s great to be part of these discussions and to see organisations taking a more proactive and joined-up approach to cybersecurity. #nis2 #governance #risk #compliance #grc #cncs #alwaysonline #securenet

7

1 comentário

#portugal #security #cybersecurity #ethicalhacking Executive summary 🛡️ What happened: Portugal updated its cybercrime law (Decree Law 125/2025) to create a legal “safe harbour” for ethical hackers and security researchers. Why it matters: Researchers who act in the public interest can now test systems and report vulnerabilities without automatically risking prosecution, as long as they follow strict conditions. Bigger picture: This aligns Portugal with a growing international trend (e.g., UK reforms to the Computer Misuse Act) toward recognizing ethical hacking as essential to cybersecurity, not as a crime.

1

Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions. https://lnkd.in/dmbXDa49

72

1 comentário

Mastering Cybersecurity: Start with the Basics "In cybersecurity, the fundamentals never fail. Jefferson Macedo reminds us that before thinking about hacking or forensics, you must understand how computing works, from TCP/IP to how Windows, Linux, and macOS operate. Mastering the basics builds the foundation for everything else. Without it, even advanced techniques crumble." #cybersecurity #infosec #fundamentals #learning #r19io

3

Threat modeling is a continuous process, not a one-time checkbox. While Security by Design is the starting point, the real challenge is maintaining that scrutiny as systems evolve. It requires identifying vulnerabilities during the initial architecture phase and continuously re-evaluating the attack surface post-design to bridge the gap between theoretical assumptions and production reality.

19

2 comentários

Portugal updates cybercrime law to exempt security researchers "Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions." https://lnkd.in/dYb3JDBB

4

Are you still thinking in terms of traditional 4-year, campus-based degrees when planning a career in DevOps and cloud security? When you compare AlNafi's Diploma in DevOps and Cloud Advancement (EduQual Level 4) with conventional programs at institutions such as Universidade do Grande Rio, a very different value proposition emerges. EduQual Level 4 is benchmarked to the first year of a UK undergraduate degree on the RQF, giving you a UK-based, globally recognized qualification in around 12 months, entirely online and self-paced. Instead of long lectures and high-stakes exams, AlNafi emphasizes hands-on, industry-grade labs in DevOps, multi-cloud platforms (AWS, Azure, Google Cloud), and offensive security, assessed through practical assignments. Because there are no relocation costs, no extended campus fees, and a compressed timeline, the overall investment is typically 60-80% lower than a traditional 4-year university route, while aligning content to current G20 and global skills frameworks. Crucially, AlNafi integrates an AI mentor (Al Baari) to support learning in real time, and the Al Razzaq ecosystem for CV building, interview preparation, and job placement support once you complete the labs. If you want a faster, more flexible, and globally aligned route into high-demand DevOps and cloud roles, explore AlNafi here: https://lnkd.in/dHEiffXJ #AlNafi #OnlineEducation #CareerGrowth #TechEducation #UniversidadedoGrandeRiovsAlNafi #EducationComparison #SmartEducation

16

𝗔𝗜 𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗘𝗿𝗮 Cybersecurity was built on a simple foundational idea: • 𝘌𝘷𝘦𝘳𝘺 𝘵𝘩𝘳𝘦𝘢𝘵 𝘩𝘢𝘥 𝘢 𝘩𝘶𝘮𝘢𝘯 𝘮𝘪𝘯𝘥 𝘣𝘦𝘩𝘪𝘯𝘥 𝘪𝘵. Every attack was the result of intent, motivation and limitation. Defenses evolved around the assumption that malicious actors required time, resources and skill to breach a system. That premise defined decades of strategy, governance and technological design. Today that reality no longer exists. The modern threat landscape is shaped and accelerated by artificial intelligence operating with superior analytical capacity, adaptive reasoning and relentless execution. Attacks are no longer constrained by human rhythm or human error. They are produced, refined and deployed with a speed that outpaces traditional defense cycles. The shift is not about tools becoming better. It is about the attacker no longer being human. When offensive engines run autonomously, the industry faces adversaries that do not get tired, do not negotiate and 𝗱𝗼 𝗻𝗼𝘁 𝗳𝗼𝗹𝗹𝗼𝘄 𝗽𝗿𝗲𝗱𝗶𝗰𝘁𝗮𝗯𝗹𝗲 𝗯𝗲𝗵𝗮𝘃𝗶𝗼𝗿𝗮𝗹 𝗽𝗮𝘁𝘁𝗲𝗿𝗻𝘀. Cybersecurity suddenly becomes a race against a form of intelligence that is scalable, self-improving and constantly re-optimizing attack vectors. This requires a fundamental 𝗰𝗵𝗮𝗻𝗴𝗲 𝗶𝗻 𝗺𝗶𝗻𝗱𝘀𝗲𝘁. Defenders can no longer rely on static rules, outdated incident playbooks or manual analysis of threat behavior. The environment demands AI on the defensive side that is capable of matching the pace and depth of autonomous attacks. Artificial intelligence must not be seen as a tool but as a defensive colleague, working continuously at a scale humans cannot match. The future of cybersecurity will be defined by how well organizations adapt to this new equilibrium. The principle that once shaped the field, the principle of malicious human attack, has reached its limit. We now operate in a world where 𝘀𝘆𝘀𝘁𝗲𝗺𝘀 𝗯𝗮𝘁𝘁𝗹𝗲 𝘀𝘆𝘀𝘁𝗲𝗺𝘀. The strategic edge will belong to those who understand that cybersecurity is no longer about blocking a human intruder. It is about staying ahead of an intelligence that learns faster than traditional defenses can react. In this new era, awareness is not enough. Only 𝗮𝗱𝗮𝗽𝘁𝗮𝘁𝗶𝗼𝗻 will keep us safe.

4

Nice write-up. Detailed look at one of the threat actors in the news. How they do what they do. How much of what they say to believe, and what not to believe and why.

10

1 comentário

Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions: - The research must aim solely at identifying vulnerabilities not created by the researcher and at improving cybersecurity through disclosure. - The researcher cannot seek or receive any economic benefit beyond normal professional compensation. - The researcher must immediately report the vulnerability to the system owner, any relevant data controller, and the CNCS. - The actions must be strictly limited to what is necessary to detect the vulnerability and must not disrupt services, alter or delete data, or cause harm. - The research must not involve any unlawful processing of personal data under GDPR. - The researcher must not use prohibited techniques such as DoS or DDoS attacks, social engineering, phishing, password theft, intentional data alteration, system damage, or malware deployment. - Any data obtained during the research must remain confidential and be deleted within 10 days of the vulnerability being fixed. - Acts performed with the system owner's consent are also exempt from punishment, but any vulnerabilities found must still be reported to the National Cybersecurity Centre. https://lnkd.in/eG8yeJMm

10

1 comentário

🔥 Portugal Just Made Ethical Hacking Legal-ish 🔥 Cybersecurity just got a significant upgrade in Europe. Portugal dropped Decree Law 125/2025, adding Article 8-A to its Cybercrime Law, giving ethical hackers a safe harbour from prosecution. What’s the play? ✅ Researchers can probe systems for vulnerabilities without fear of jail time ✅ Must act in public interest, no shady monetization ✅ No DoS, phishing, or malware, keep it clean ✅ Mandatory disclosure to CNCS + data deletion within 10 days This isn’t just Portugal flexing. The UK is next, exploring a statutory defense for security pros under the Computer Misuse Act. Global trend? Absolutely. Why it matters: 🔐 Digital resilience depends on ethical hackers 🌍 Governments finally get it: security ≠ criminality 🚀 Safe harbour = more proactive vulnerability hunting Bottom line: If your org still treats ethical hackers like adversaries, you’re playing defense in a world that demands offense. #Cybersecurity #EthicalHacking #InfoSec #Portugal #CyberLaw #VulnerabilityResearch #SafeHarbour #DigitalResilience #HackersForGood #GlobalTrend

1