As the Global CISO of Comcast, I’ve had a front-row seat to some of the most sophisticated cyber campaigns in recent years—including nation-state campaigns like Salt Typhoon1 and Midnight Blizzard2. Even when Comcast isn’t directly impacted, as in those two cases, such events serve as critical inflection points. They compel us to ask: “What if it were us? How would we detect, protect, respond, and recover?” These reflections steer our evolving cyber defense strategy. One key insight: we must shift even further to “the left of boom” in the attack lifecycle—by increasing our awareness and prevention of inbound threats and to begin defending against them before cyber weaknesses are leveraged in a cyber-attack.

Both popular and academic cyber defense press tend to focus on the latest zero-day vulnerabilities, which are perceived to create massive risks for organizations. We agree and invest accordingly in our vulnerability management program. But we have found that often it’s the most basic cyber hygiene issues that lead to the most complicated attack scenarios. Cyber hygiene may sound simple, but it is not easy, especially at scale, and especially in an organization like ours, with very diverse infrastructure components in use. Default passwords on non-standard devices, open ports, over-privileged access for machines and humans are examples of cyber hygiene that, when not done correctly and comprehensively, can lead to wider harm.

These insights have led to several initiatives within our organization, including an enhanced understanding of our asset posture; constant, consistent, and custom-built asset scanning; improved data retention and utilization strategies; proactive defense against DDoS attacks; continuous controls monitoring; use of a security data fabric for AI/ML enabled threat hunting; and more. These activities have enabled a deeper understanding of our current cybersecurity posture and available defensive options. And they better position us to face the constantly evolving threats in the dynamic environment in which we operate.

Cybersecurity is a team sport. We believe that when practitioners share insights—successes, failures, and lessons learned—we all get stronger. That’s why we’re launching the Comcast Cybersecurity Blog: a space to share our experiences, amplify learnings from others, and contribute to the broader security community.

Welcome aboard. For our first topic, we’ll dive into some recent work on Residential Proxies by our Comcast Threat Research Lab (CTRL).

Noopur Davis, Global CISO, Comcast

1 https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a

2 https://www.cisa.gov/news-events/alerts/2024/10/31/foreign-threat-actor-conducting-large-scale-spearphishing-campaign-rdp-attachments

Related Stories

Abstract artistic rendering of colorful data points.
Cyber Security
Sep 16, 2025
ResProxies – What Hasn’t Been Herd Yet
Abstract artistic rendering of colorful digital code.
Cyber Security
Sep 16, 2025
Comcast’s Proactive Cyber Defense Activities
A man using a tablet in a high-tech office setting.
Cyber Security
Oct 07, 2024
Comcast Business 2024 Cybersecurity Threat Report: Artificial Intelligence Drives New Era of Cyber Threats and Defenses