I will be really, really honest with you — I have been totally “writer-blocked” and so I decided to release it anyway today … given the date.

So abit of history first. So, my “SOC visibility triad” was released on August 4, 2015 as a Gartner blog (it

ProPublica is reporting:

Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its lead

Microsoft faces ongoing, systemic cybersecurity failures rooted in blind spots within its very organizational design. These vulnerabilities repeatedly result in serious product blunders and damaging breaches. This has once again become evident with t

I froze when the question came in. If you work in cyber, you’ll know this question all too well. It’s the one that continues to resurface, both in boardrooms and at industry events:

“Why are people still the weakest link?”

Yes, it was familiar. Yes

The Chinese have a new tool called Massistant.

• Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico.
• The forensics tool works in tandem with

I am truly honored to join the Advisory Board of MindShield. This marks the beginning of an important journey—one focused on deciphering the underlying cognitive vulnerabilities that malicious cyber threats exploit. Our goal is to help individuals a

In my days there, Gartner had Maverick research (here is mine, from 2015 about social engineering AIs…. yes, really!) that “deliberately exposed unconventional thinking and may not agree with Gartner’s official positions.”

Here is a “maverick-ish” bl

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used th

Seems like an old system system that predates any care about security:

The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device (FRED), also known as an End-of-Train (EOT) de

We are excited to invite you to the CISO Cocktail Reception if you are there at the BlackHat USA, Las Vegas 2025. This event is organized by EC-Council with CISOPlatform and FireCompass as proud community partners.

Please note that this event is exc

It started in a rugby box.

There I was, watching the match from a VIP suite—surrounded by a handful of other cybersecurity leaders. The beers were cold, the banter flowing, but one comment cut through the noise:

“Cybersecurity’s no longer about tech

As healthcare will become increasingly digitized, the upward push of connected clinical devices—normally called the Internet of Medical Things (IoMT)—is revolutionizing patient care. From wearable glucose monitors and pacemakers to smart infusion pum

I am honored to be selected as the Thinkers360 Ambassador for Cybersecurity!

Congratulations to all the annual selectees, representing their fields of expertise!

Special call-out to my longtime colleagues:

• Chuck Brooks – Security

• Ingrid Vasiliu-Feltes –

Setting the Scene: The Rising Stakes in Cybersecurity

The cyber threat landscape isn’t just expanding—it’s convulsing. Ransomware, state-sponsored hacks, and zero-day exploits are wreaking havoc faster than organizations can respond. Yet, the workforc

UK shows leadership in a proposal to ban ransomware payments for public entities like healthcare, education, government services and other national critical infrastructure! This is a great step forward to undermine all ransomware attacks.

Such a strat

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsof