Security Staff Picks To Read This Month, Handpicked by Splunk Experts

Hello and welcome! Every month, our Splunk staff of security experts share their favorite reads of the month — this way, you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.

Here, we'll share a variety of articles, original research, presentations, whitepapers, and customer case stories. Topics that may be covered in these hand-picked reads may include:

• Cybersecurity news 
• InfoSec and computer security
• Threat hunting and detection engineering
• AI & security
• Risk management
• Emerging trends
• And much more!

We've been running this Security Picks series for years, and now we're making some updates: bookmark this URL, because we'll be making all of our recommendations here moving forward. So, anytime you have a little downtime or are wondering what to read to stay on the nose, check out these security articles hand-picked by security experts. 

Security articles to read in April 2025

The CISO as Business Resilience Architect

Author: Randolph Barr
Recommended by: Mark Stricker (LinkedIn)

Why we like it: “This article provides a starting point for discussions about the evolving role of the CISO. Multiple forces are converging to increase the role and the risk associated with the title. Compliance, Threat Defense, Incident Management, AI, Privacy, Legislation -- all fields which are changing faster than ever before!”

Pentesters: Is AI Coming for Your Role?

Author: The Hacker News
Recommended by: Lauren Stemler (LinkedIn)

Why we like it: “I liked this article because it has a realistic view on AI taking over jobs in penetration testing. It explains that AI is more about assisting with routine tasks, which allows human pentesters to focus on the more intricate aspects of their role. This article explains some of the practical applications for AI in cybersecurity, while still advocating that the human element is irreplaceable.”

Red Canary 2025 Threat Detection Report

Author: The fine folks at Red Canary
Recommended by: Mick Baccio (LinkedIn) 

Why we like it:  “Lucky Number 7:Red Canary’s 2025 Threat Report is here, marking the seventh edition of this comprehensive annual analysis. This year, the report dives into more than 308 petabytes of security telemetry, analyzing over 93,000 threats to deliver crucial insights for security practitioners and leaders alike. Packed with valuable data and the result of incredible effort, this report is a must-read for anyone in the field. It covers emerging trends such as the rise in identity attacks, RMM exploitation, and LLMjacking, while also shattering the persistent myth that “my Mac doesn’t get malware."

Additionally, the report sheds light on the growing threat of infostealers and marks the unexpected return of mshta to the top 10 threats after a long absence. Don’t miss out on the insights and data that make this report an essential resource for staying ahead in cybersecurity.”

Scam Empire: Inside A Merciless International Investment Scam

Author: Organised Crime and Corruption Reporting Project
Recommended by: James Hodgkinson  (LinkedIn)

Why we like it: “An extensive coverage of how well-organised financial crime scammers have gotten these days, and some human stories of their effects. It's impossible to overstate how thoroughly victims are abused by these groups, both in the initial contact, during and even after their losses start to mount; fake law enforcement and "crypto recovery" services start offering themselves to extract more money if the victims try to escape.”

A New Era of Attacks on Encryption Is Starting to Heat Up

Author: Matt Burgess
Recommended by: Tamara Chacon (LinkedIn)

Why we like it: “This article by Matt Burgess discusses how governments around the world are ramping up efforts to weaken encryption, sparking a new wave of debate over security and privacy. From proposed backdoors to controversial client-side scanning, policies in countries like the UK, France, and Sweden could reshape the future of online communication. While officials argue these measures are necessary to combat crime, privacy advocates warn they could expose users to surveillance and cyber threats. Is this the beginning of a major shift in digital security—or a dangerous precedent for online freedom?”

More Security Recommendations & Resources

That rounds out this month’s security reading recommendations! Check back next month for your next to-reads. In the meantime, check out these resources for more security content:

Splunk Security Teams To Follow

SURGe

• Listen to The Security Detail Podcast
• Sign up for the SURGe Newsletter

Splunk Threat Research Team (STRT)

• Read original STRT research & blogs
• Get the latest Splunk Security Content (ESCU)

More Recommendations

• The PEAK Threat Hunting Framework 
• Must-Read Cybersecurity Books & Articles 
• Top Security Podcasts
• Cybersecurity & InfoSec Conferences and Events