Author: Andrew Hay

Andrew Hay’s 2025 Cybersecurity Predictions

As we approach 2025, the ever-evolving landscape of cybersecurity continues to challenge professionals and organizations alike. Based on observed trends and emerging technologies, here are my predictions for the coming year.

AI-Powered Threats and Defenses

The ubiquity of artificial intelligence in cybersecurity is inevitable. In 2025, adversaries will use AI more effectively to bypass traditional defences. Expect sophisticated AI-based malware capable of learning and adapting in real-time. Conversely, defenders will increasingly rely on AI-driven solutions for threat detection, anomaly detection, and automated response systems. The race between offence and defence will be more about algorithmic sophistication than ever before.

Quantum Computing’s Shadow Looms

While practical quantum computers remain a few years away, 2025 will bring heightened anxiety about “quantum supremacy” breaking current encryption standards. Preparations for a post-quantum cryptography era will accelerate, with enterprises prioritizing migrating to quantum-resistant algorithms to safeguard sensitive data.

Ransomware Reaches New Heights

Ransomware operators will target critical infrastructure, healthcare, and small-to-medium businesses at an unprecedented scale. As payments via cryptocurrencies grow harder to track due to improved privacy tools, law enforcement agencies will face mounting challenges in pursuing perpetrators. Collaborative global efforts to dismantle ransomware syndicates and the complexity of attacks will increase.

Zero Trust Goes Mainstream

The mantra “trust no one, verify everything” will dominate organizational strategies in 2025. Zero-trust architecture will evolve beyond network security to encompass cloud workloads, supply chains, and even individual devices. Expect vendors to release more integrated solutions to streamline Zero-trust adoption, responding to a market hungry for robust, easy-to-deploy frameworks.

5G and IoT as Vulnerability Catalysts

The proliferation of 5G will dramatically increase the number of connected devices, leading to a new wave of vulnerabilities. In 2025, securing IoT ecosystems will be a top priority, as poorly designed IoT devices become an attractive attack vector for botnets and espionage campaigns. Regulatory bodies will push for stricter IoT security standards globally.

Human-Centric Cybersecurity

Recognizing that humans remain the weakest link in cybersecurity, 2025 will see renewed user education and awareness efforts. Organizations will invest in personalized training programs using gamification and AI-driven risk assessments to reinforce secure behaviours. At the same time, social engineering attacks will grow more nuanced, targeting emotional and psychological vulnerabilities.

Privacy Wars Intensify

With more countries introducing stringent data privacy regulations akin to GDPR, multinational organizations will grapple with compliance complexity. Emerging technologies such as privacy-preserving computation and decentralized identity systems will gain traction, promising to reconcile security and privacy in innovative ways.

Cybersecurity as a Boardroom Priority

In 2025, cybersecurity will no longer be just an IT issue; it will firmly hold its place in boardroom discussions. Expect increased budgets for cybersecurity initiatives, more frequent simulations of cyber incidents at the C-suite level, and greater accountability for breaches as boards recognize the direct impact on brand reputation and regulatory compliance.

Evolving Threat Landscapes

The motives behind cyber incidents will diversify further, from politically motivated cyberattacks to financially driven exploits. Nation-states will continue to leverage cyber tools for geopolitical influence, while hacktivists will focus on disrupting industries that fail to address pressing social issues like climate change and inequality.

Collaborative Security Ecosystems

Finally, 2025 will be the year of shared responsibility. Organizations will lean heavily on collective intelligence, shared threat databases, and industry-specific partnerships to bolster defences. Cybersecurity will become a cooperative endeavour, transcending organizational and national boundaries.

Closing Thoughts

2025 promises to be a year of transformation in cybersecurity, marked by rapid technological advancements and the growing sophistication of cyber threats. Staying ahead will require adaptability, collaboration, and an unyielding commitment to innovation. As always, the best defence is a well-informed community—stay vigilant and stay prepared.

I’d love to hear your thoughts and predictions—what challenges or innovations do you anticipate in 2025? Let’s discuss it!

Jupyter Notebook for crt.sh Queries

Hey All,

Long time no blog. During a recent OSINT investigation, I found that I needed to pull all domains found from my query on crt.sh. The problem I had, however, was that the results weren’t all that usable without a lot of copying, pasting, and cleaning.

To address this problem, and to save time in the future, I created a Jupyter Notebook to programmatically query the crt.sh website, dump the results into a pandas data frame (thinking that I’ll want to further enrich the data at a later date), and then printing out the unique list of results to the screen.

The code is written in Python 3, and relies on BeautifulSoup4, Pandas, and NumPy.

I’m calling it CrtShcrape (pronounced cert-shcrape) and you can download it from my GitHub here: https://github.com/andrewsmhay/CrtShcrape.

Hopefully, you can get some use from it. Until next time!

Tornados, Necessity, and the Evolution of Mitigating Controls

According to the National Oceanic and Atmospheric Administration (NOAA), a tornado (also called a twister, whirlwind, or cyclone) is a violently rotating column of air that extends from a thunderstorm and comes into contact with the ground. Tornado intensity is measured by the enhanced Fujita (EF) scale from 0 through 5, based on the amount and type of wind damage to a wide variety of structures ranging from trees to shopping malls.

The United States experiences more tornadoes than any other country in the world, especially in those states East of the Rocky Mountains. As a child, I always found myself wondering why people didn’t just move if they knew they were at risk of getting hit by a tornado. Of course, at the time, I had no sense of money, career, or family obligation to know that some people didn’t have the means to relocate. Without having a way to escape the danger, these people had to adapt their lifestyles to account for the unpredictable, and potentially devastating, weather.

This data alone makes me reconsider moving to an area constantly stricken by tornadoes.

  • In an average year, about 1,000 tornadoes are reported across the United States, according to NOAA.
  • The 2017 total was the highest since 2011, when there were 1,691 tornadoes, including two spring events that resulted in more than USD 14 billion in losses when they occurred.[1]
  • According to NOAA, there were 10 direct fatalities from tornadoes in 2018, compared with 35 in 2017.
  • The most “extreme” tornado in recorded history (an F5) was the Tri-State Tornado, which spread through parts of Missouri, Illinois and Indiana on 18 March 1925.[2]
  • The deadliest tornado in world history was the Daulatpur–Saturia tornado in Bangladesh on 26 April 1989, which killed approximately 1,300 people and left more than 80,000 people homeless.[3]
  • The most extensive tornado outbreak on record, the 2011 Super Outbreak, resulted in 360 tornadoes, 324 tornadic fatalities and cost upwards of USD 11 billion in damages.
  • Cordell, KS was hit by tornadoes three years in a row, on the same day, May 20th, disproving the myth that a tornado only strikes the same place once.

Yet, there are people who want to help us better understand tornados, so that we can better prepare for them. In 1887, the first book on tornadoes was written by John Park Finley, a US Army Signal Service officer and pioneer in the field of tornado research. Finley’s book introduced the concept of a “tornado cave” that instructed readers to “get into it with your family and your treasures before the storm reaches you.” Furthermore, the book showed readers the plans for building their own “prize tornado cave” throughout several pages. The instructions included detailed architectural diagrams and even cost breakdowns for labor and materialsroughly USD 300 dollars, in case you were wondering.

While it was a revolutionary book containing many breakthrough ideas, it contained a few ideas which have since been proven false. One example that Finley wrote, “a tornado travels from southwest to northeast,” and, “if it is going to the right of you, run to the left” and vice versa. Based on his research at the time, this may have been accurate. Further research shows that tornadoes do not always travel from southwest to northeast.

While Finley was in the middle of his tornado research, the U.S. Army Signal Service banned the word “tornado” because they were concerned that word would cause panic. So, for more than half of a century, the weather reports ignored the word “tornado” and used the euphemisms – more on that later. One of Finley’s supporters, Edward S. Holden, tried to implement a tornado warning system using telegraph poles. But it was overshadowed by a report by Henry A. Hazen, a civilian employee of the corps, who deemed that because tornadoes were “exceedingly rare” and very localized, it was impossible to pinpoint forecasts.

From 1887 up until 1950, American weathermen were strictly forbidden to use the word “tornado” in the weather report. Back then, when science was still struggling to find a proper scientific explanation, they were considered a dark and mysterious force. In addition to upholding the “tornado” ban for decades, the Weather Bureau (which assumed jurisdiction from the Signal Corps in 1890) remained skeptical of the value and accuracy of tornado forecasts. It took until 1943 for experimental warning systems to be implemented; a public outcry in 1952 (after a severe outbreak that killed over 200 people) finally helped form the U.S. tornado research and forecasts.

Over the years, the storm cellar became the standard underground bunker design to protect the occupants from violent severe weather, such as tornadoes. The average storm cellar for a single-family was built close enough to the home to allow instant access in an emergency, but not so close that the house could tumble on the door during a storm, trapping the occupants inside. This was also the reason the main door on most storm cellars were mounted at an angle rather than perpendicular with the ground. An angled door allowed for debris to blow up and over the door, or sand to slide off, without blocking it, and the angle also reduced the force necessary to open the door if rubble had piled up on top.

In 1950, Congress simultaneously launched a system of nuclear bomb shelters and disaster relief for victims of natural disasters. It was then that the families living in tornado alley realized that these bomb shelters could serve a double purpose.

Research into improving buildings for resisting extreme winds began with the 1970 tornado in Lubbock, Texas. Twenty-six people were killed and about 1/3 of the city of 160,000 people was heavily damaged or destroyed. Texas Tech researchers produced a comprehensive documentary of building damage, the first of its kind. The concept of the above-ground storm shelter was presented in Civil Engineering magazine in 1974 by Texas Tech faculty member Dr. Ernst Kiesling and by Graduate Student David Goolsby. Intermittent development continued as available personnel and funding permitted.

As time passed, people started to ease up on their worry of being bombed, but the threat of tornadoes remained as common as the changing seasons. Since then, storm cellars or storm shelters have become a necessary part of life in many parts of the United States, and most people who do not own one are in search of one to go to during tornado season.

The total devastation of a small subdivision outside of Jarrell, TX in 1997 received national attention and news coverage, as did the widespread devastation of the Oklahoma City area on 3 May 1999. Many regional and local television companies and newspapers subsequently featured the above-ground storm shelter concept after severe storms struck this area.

Personnel of the Federal Emergency Management Agency (FEMA) observed the high level of interest in storm shelters among the public and published a prescriptive design booklet entitled, Taking Shelter from the Storm. The first edition was published in October 1998, the Second Edition in August 1999. After the events in Oklahoma City, FEMA and the state of Oklahoma put in place incentives for building storm shelters in houses that were being built or rebuilt after the tornado.

It wasn’t until June 2008 that a standard for the design and construction of storm shelters was approved.

In facing a life-threatening issue, we humans researched the problem, assessed the risk, and created mitigating controls to make the dangers of living in a tornado-rich environment tolerable. As time progressed, our ideas for mitigating controls spread to the masses and required additional research, guidance and eventually certification and accreditation to ensure the safety of its users.

Be safe out there and remember the words of comedian Ron White: “It’s not that the wind is blowing. It’s what the wind is blowing.”


[1] https://www.iii.org/fact-statistic/facts-statistics-tornadoes-and-thunderstorms

[2] https://en.wikipedia.org/wiki/Tri-State_Tornado

[3] https://en.wikipedia.org/wiki/Daulatpur%E2%80%93Saturia_tornado

Scroll to top