Latest posts

We are not facing a single cybersecurity crisis, we are entering a perfect storm. Individually, the risks are manageable. Cloud adoption, AI acceleration, vendor sprawl, and identity complexity. But together, they are creating something far more dangerous… A system where trust is assumed, visibility is fragmented, and control is increasingly an illusion. This is not…

Read more

Walking into RSA Conference 2026 this year, the energy is undeniable. The expo floor is packed, the messaging is bold, and the innovation is real. But as an IT Security Professional, CISO, or anyone responsible for outcomes, not just tools, what stands out isn’t just what’s new, it’s what it all means operationally. Because beneath…

Read more

I received another letter in the mail this week. You probably did too. It had all the usual elements: A calm, reassuring tone A vague explanation of a “security incident” A timeline that somehow stretches back months before anyone noticed And, of course, the grand finale… “We are offering you 12 months of complimentary credit…

Read more

Why I Believe Browser Extensions May Be One of the Most Overlooked Threats in Cybersecurity I’ve written about this topic before, but given how serious the threat exposure has become, a deeper follow-up feels warranted. Browser extensions have quietly evolved into one of the most overlooked attack surfaces in modern computing. They sit inside the…

Read more

Welcome to the Security Industry’s New “Noise Problem” Something strange has started happening in the cybersecurity world. Security teams are now being flooded with vulnerability reports… not from security researchers, and not from bug bounty hunters… but from AI. And while that might sound like a productivity breakthrough, the reality is turning into something quite…

Read more

Recently, I came across news that certain cybersecurity compliance requirements for telecommunications providers may be reduced or shifted at the regulatory level. I’ll admit… that surprised me. Not because telecom lacks security rigor. In fact, many carriers operate with extraordinary levels of operational maturity, redundancy, and resilience. The professionals protecting modern telecom networks are some…

Read more

A long time ago, in a data center not so far away… We built Multi-Factor Authentication and thought we had secured the galaxy. We were wrong. There was a time when MFA felt like the final boss of security. It stopped password spraying, credential stuffing, basic phishing, stolen credentials, brute force attacks, and script kiddies.…

Read more

Why I Believe Microsoft’s Latest Zero-Days Should Change How We All Think About Endpoint Trust On February 11, 2026, Microsoft disclosed and patched multiple zero-day vulnerabilities affecting Microsoft Windows and Microsoft Office… vulnerabilities that were already being actively exploited in the wild. This wasn’t a routine ‘Patch Tuesday’, this was a reminder. A reminder that…

Read more

This week, Jeppesen ForeFlight announced the appointment of Ron Wood as Chief Information Security Officer. On the surface, it seems a standard leadership move, one more CISO appointment in a sea of cybersecurity headlines. But beneath that headline, I see something much more important. A signal that cybersecurity leadership is no longer just about defense,…

Read more

For years, NTLM has been that one piece of technical debt everyone knew was dangerous… but no one wanted to touch. It wasn’t secure, it wasn’t modern, but hey… It was convenient. And now, FINALLY, Microsoft is done pretending otherwise. Microsoft has announced a three-phase plan to disable NTLM by default and move Windows environments…

Read more