Please welcome our newest member from the United States, Caroline Humer As an international digital safety advocate, Caroline Humer is dynamic and motivated, with a track record of successfully fostering cross-industry engagement. Growing up in numerous global settings has honed her ability to lead global …
By Sumandeep Kaur
Throughout my participation in the CyAN Mentorship Program, I had the privilege of being guided by an exceptional mentor whose unwavering support and expertise were instrumental in my development.
From the outset, my mentor fostered an environment of learning and curiosity. Their deep knowledge provided me with a comprehensive understanding of how these fields intertwine. Whether it was navigating complex coding challenges or understanding the nuances of cybersecurity protocols, their guidance was always insightful and encouraging.
One of the most impactful aspects of our mentorship was their emphasis on best practices and real-world application. They didn’t just teach me the “how,” but also the “why,” ensuring I grasped the underlying principles that would allow me to adapt and grow beyond the program. Their patience and willingness to share personal experiences made our sessions both educational and inspiring.
Beyond technical skills, my mentor instilled in me the importance of continuous learning and ethical responsibility in the tech industry. Their mentorship extended beyond our scheduled sessions, as they were always approachable for questions and discussions, demonstrating a genuine investment in my success.
I am profoundly grateful for the time, knowledge, and encouragement my mentor provided. Their influence has not only enhanced my technical abilities but also shaped my professional ethos. As I continue to build my career, the lessons and values imparted by my mentor will remain a guiding force.
During my tenure in the CyAN Mentorship Program, I immersed myself in a comprehensive learning experience that bridged the realms of full-stack web development and cybersecurity. This dual-focused approach allowed me to understand the intricate relationship between developing robust web applications and ensuring their security against potential threats.
In the realm of full-stack development, I honed my skills in both front-end and back-end technologies. On the front-end, I worked extensively with HTML5, CSS3, and JavaScript, crafting responsive and user-friendly interfaces. I also delved into modern frameworks to build dynamic single-page applications. My experience also encompassed working with databases such as MySQL, ensuring efficient data storage and retrieval.
Parallelly, my exposure to cybersecurity principles was integral to my development process. I learned to implement security best practices, such as input validation, authentication, and authorization mechanisms, to safeguard applications against common vulnerabilities. I familiarized myself with the OWASP Top 10 security risks and integrated preventive measures during the development lifecycle. Additionally, I utilized tools like Splunk for monitoring and analyzing application logs, aiding in the early detection of potential security incidents.
By understanding the full spectrum of application development and its associated security considerations, I am better equipped to build applications that are not only functional and efficient but also resilient against cyber threats.
Throughout the mentorship, I regularly engaged in:
Objective: Master secure coding practices by studying the OWASP Top 10 vulnerabilities and implementing mitigation strategies in your projects.
Action Plan: Enroll in courses focused on secure web application development and participate in code review sessions to identify and fix security flaws.
Objective: Create comprehensive web applications that integrate both front-end and back-end security measures.
Action Plan: Design projects that include features like secure authentication, data encryption, and protection against common web threats, showcasing them in a professional portfolio.
Objective: Stay updated with the latest trends in web development and cybersecurity.
Action Plan: Attend industry conferences, contribute to open-source projects, and participate in forums or local meetups to exchange knowledge and experiences.
Shantanu Bhattacharya
Shantanu Bhattacharya is a seasoned cybersecurity professional with over 25 years of experience. Known as the “Cyber Doctor,” he helps small businesses in finance, legal, and retail sectors defend against phishing and ransomware. He provides actionable, budget-conscious solutions tailored to client needs delivered within 60 days.
Sumandeep Kaur
Sumandeep Kaur is a Web Developer and Cybersecurity Intern who brings a dual focus in full-stack development and secure coding. She has hands-on experience with HTML, CSS, JavaScript, MySQL, and cybersecurity tools like Splunk. Passionate about building applications that are both functional and resilient, she is committed to continuous learning and ethical tech practices.
In this first mentorship story of 2025, Kuljit Kaur (Australia) shares her experience under the guidance of her CyAN mentor, Shakil Khan (UAE). My Mentoring Experience with CyAN Mentorship Program and Mr. Shakil Khan By Kuljit Kaur Starting a career journey in cybersecurity can be …
CyAN 10th Anniversary
(Details TBA)
CyAN Q2 Call (APAC + Gulf)
June 11 – 12:00 GST / 16:00 SGT / 18:00 AEST
CyAN Q2 Call (EMEA + Americas)
June 11 – 20:00 GST / 18:00 CET / 17:00 UTC / 12:00 EDT
Please welcome our newest member from Australia, Norman King! Norman has 25+ years of experience working as a technology professional. As CTO, he has been part of the leadership team at iPartners since the company began operations in 2017. He has overseen the development of …
News Former cyber official targeted by Trump quits company over moveNBC News – Kevin Collier MITRE’s CVE program given last-minute reprieveitNews – Raphael Satter Whistle Blower: Russian Breach of US Data Through DOGENarativ – Zev Shalev Midnight Blizzard deploys GrapeLoader malwareBleepingComputer – Bill Toulas 4chan …
The cybersecurity world runs on shared language.
We don’t often talk about it in those terms—but that’s exactly what the CVE (Common Vulnerabilities and Exposures) system is. A global taxonomy of flaws. A universal index of weakness. The quiet backbone that lets defenders coordinate responses in a coherent, time-sensitive, and standardised way.
This week, we almost lost it.
MITRE, the U.S. non-profit that has maintained the CVE database for the past 25 years, issued a warning: without urgent financial support, the program might have to shut down. For a moment, it looked like a cornerstone of global cyber defence could vanish not due to compromise, but because the funding simply… ran out.
In breaking news, that immediate crisis has been averted. MITRE’s contract has been extended by CISA (the US Cybersecurity and Infrastructure Security Agency)—giving the CVE program a last-minute reprieve.
But let’s be very clear: contract extended or not, if the stability of cybersecurity is dependent upon a single point of failure like the CVE program, then we were doing something wrong all along.
This isn’t just a funding story. It’s a governance failure. And a warning.
Think of CVEs like ISBN numbers for cybersecurity. Each known vulnerability gets a unique ID, a descriptor, and references to public advisories. This makes it possible for security vendors, IT teams, researchers, and regulators across the globe to talk about the same issue using the same label.
Without it, we’d see:
It’s one of the few places where the global cyber ecosystem has reached consensus.
And unlike, say, the metric system or date formatting conventions—which still spark furious debate—this agreed shared language is not just helpful, it’s vital.
Because ultimately, this isn’t about playing antics with semantics. It’s about enabling defenders to move fast, speak clearly, and act decisively—before the attackers do.
The CVE system underpins millions of software and hardware interactions. It’s built into everything from vulnerability scanners and SIEM tools, to third-party risk assessments and government guidance.
So when that structure comes under threat—even temporarily—the ripple effect is massive.
Yes, the CVE program is managed by a U.S. organisation, and yes, it’s historically funded through U.S. government contracts. But its reach is global. Cyber agencies across Australia, the EU, Singapore, Canada, the UK, and beyond rely on CVE-tagged data. Threat intelligence feeds are stitched together with CVEs as the reference point. Vulnerability disclosure laws, public alerts, and national security advisories depend on them.
It’s one of the rare areas where governments, private sector actors, and researchers use the same dictionary. If it vanishes, we don’t just lose convenience—we lose coordination. And in cyber, that costs time. And time costs everything.
The private sector benefits enormously from the CVE system. Many vendors submit vulnerabilities for cataloguing. Yet few have contributed meaningfully to its upkeep.
Governments reference it in policies and standards, but the funding model remains opaque, fragile, and U.S.-centric. What this moment exposed is a critical gap in global cyber infrastructure planning: we’ve built the digital equivalent of a universal translator—and expected someone else to maintain it.
There’s a real opportunity here to rethink that. Whether it’s through an international funding consortium, a public-private stewardship model, or formal multilateral support, we need to treat the CVE program like the critical infrastructure it is—not an afterthought.
Make no mistake: unless the underlying governance and funding structures change, there will be a next time.
If the CVE system shuts down or is significantly degraded, we can expect:
This isn’t just about one program or one week of funding uncertainty. It’s about resilience.
We can’t claim to be building trusted systems on a global scale while relying on legacy contracts, underfunded nonprofits, and hope.
Cybersecurity isn’t just about stopping breaches. It’s about building structures that can hold when the unexpected happens. And if something as essential as the CVE program can be taken to the brink so easily, we have to ask ourselves: what else have we built on sand?
We dodged a bullet this time; but maybe it’s time we stopped handing out ammunition in the first place.
Thanks for reading. If you’re in business, policy, or cyber, let this moment be your reminder: foundational systems matter. They don’t need bells and whistles—they need stability. And sometimes, the most important things are the ones quietly holding everything else together.
Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions.
She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.
The Psychological Impacts of Cyberattacks This is the fourth episode of a story related to individuals who, in a matter of moments, transition from “employees” to “rescuers” in the immediate aftermath of a destructive cyberattack. What I will call the “Heroes”! Let’s Rewrite the Story …
