Cybersecurity’s New Rules: Speak Up & Act Fast
From cautious conversations to offensive cyber strategies—Munich just redefined the game.
Hello CyberBuilders 🖖
It's great to have you back. As promised, here’s part two of my insights from attending the Munich Cybersecurity Conference. I was surprised by this cybersecurity event. Usually, it goes with a very cautious approach. People filter their words like lawyers and carefully avoid provocative ideas.
But something shifted this year. The conservative approach I've known since entering cybersecurity is being challenged, and it’s changing the rules quickly.
Today, I’m sharing three surprising insights from the conference—insights about bold collaboration versus empty talk, embracing offensive strategies, and a new willingness to get ruthless when defending against threats. If you missed part one, where I reported on powerful revelations from Ukrainian officials on cybersecurity during the conflict, check it out.
In this Post
Surprise #1: Straight Talk Beats Playing Safe
Surprise #2: Forget Collaboration—It’s Time for Action
Surprise #3: Offensive Cybersecurity Is No Longer a Taboo—It’s Essential
Surprise #1: Straight Talk Beats Playing Safe
I went to Munich expecting cautious exchanges. But this year’s conference completely smashed that stereotype.
Participants—including former US officials from the Biden administration—were refreshingly direct and candid about the realities of cybersecurity. There was no sugar coating, no empty formalities, just real talk. Discussions openly addressed tensions and collaboration between the EU and the US, providing genuine insights rather than diplomatic clichés.
This shift in tone matters so much because dialogue leads to real solutions. We can't fix cybersecurity by tiptoeing around sensitive issues.
The frankness I saw in Munich signals a promising change: People are ready to speak, solve problems openly, and tackle cybersecurity threats head-on. I'm all in for it.
Surprise #2: Forget Collaboration—It’s Time for Action
Cybersecurity conferences have preached the same mantra for years: Collaboration is key. But let’s be honest—most of that "collaboration" boiled down to sharing threat intelligence reports, exchanging IP blacklists, and hoping someone else would take action.
The message in Munich was clear: passive collaboration is dead. Only strong, coordinated action matters now.
This change is apparent in Eastern Europe, where smaller nations cannot afford slow bureaucratic processes. Governments and private companies collaborate, sharing information and implementing joint defensive strategies.
During the conference, I attended a practitioner session where industry leaders, such as Allianz and Siemens, stressed the need to promote collaborative action instead of pursuing more regulations.
They also emphasized the significance of exchanging best practices, providing training, and leveraging open-source tools to strengthen cybersecurity. One interesting initiative mentioned is NetWatch (https://netwatch.team), which allows practitioners to share intel by installing a data collector. This initiative reminded me of what my friends at Crowdsec (https://www.crowdsec.net/) are doing.
Furthermore, they create standards for suppliers and industry partners instead of accepting the EU institutions' impractical, complex, and slow-to-adopt framework standards.
The takeaway? Cybersecurity is no longer about talking—it’s about doing.
Surprise #3: Offensive Cybersecurity Is No Longer Taboo—It’s Essential
Cybersecurity has been primarily defensive for years—patching vulnerabilities, detecting breaches, and responding to attacks. Going on the offense? That was controversial, legally complex, and mostly reserved for military operations.
But that mindset is shifting fast.
In Munich, the consensus was clear: waiting and reacting are no longer options. Proactive offensive cyber strategies are now considered necessary, not a last resort.
Take the Fight to the Attackers
One of the most striking discussions revolved around taking direct, immediate action against ransomware infrastructure—primarily when hosted in the US or an EU country. Instead of waiting for lengthy legal approvals, there was a strong push for rapid intervention:
Shut down malicious servers.
Dismantle ransomware networks before they strike.
Use offensive tactics to disrupt criminals in real time.
This raises difficult questions: Where do we draw the line? Do we redefine legal and ethical boundaries in response to the growing urgency of cyber threats? The old approach of playing by strict legal frameworks is being challenged by those who argue that cybercriminals—and their state-sponsored backers—aren’t following any rules and are moving very fast.
The Rise of Integrated Cyber Commands
Many officials have provided a significant insight: separating defensive and offensive cyber operations isn’t working. In many countries, defensive cybersecurity falls under regulatory and economic policies, while offensive actions remain within military or intelligence agencies. This divide slows down response times and creates bureaucratic bottlenecks.
The solution? An integrated cyber command model where offensive and defensive operations work together. This is a very controversial idea that will raise many discussions. It also divides the US, which already has Cyber Command, from Europe, which tends to split complex topics between different “bodies” to prevent conflicts of interest or privacy issues.
Cybersecurity Is Changing—Are You?
Looking back at these three surprises, one thing is clear: cybersecurity is evolving faster than ever.
Conversations are no longer cautious—people speak openly, challenge old assumptions, and push for real action.
Collaboration is outdated; joint action is now the priority. Waiting for regulations and slow information-sharing will not cut it anymore.
Offense is no longer off-limits—proactive cyber strategies are essential, even if they challenge traditional legal and ethical norms.
The message from Munich was loud and clear: Adapt, move fast, and be ready. Those who hesitate will be one step behind the next attack.
CyberBuilders, what do you think? Are we ready for this shift? Let’s discuss. 👇
Laurent 💚