Thoughts & Articles

I was chatting with my son earlier today about the colloquialism factory that is Rap Music. It seems Eminem’s “Stan” has officially entered the lexicon as “an aggressive or enthusiastic fan,” joining YOLO, Mullet, Bootylicious, and Woke as linguistic gifts from the genre. | “I don’t create nothing, I reinvent.” — Jay-Z It got me […]

What the DoD Can Teach Us About Supply Chain Risk We need to stop pretending that securing the perimeter is enough. If your cybersecurity program in 2025 doesn’t have a dedicated, rigorous Supply Chain Risk Management (SCRM) component, you aren’t just missing a feature—you are failing at the fundamentals of defense. To understand why, look […]

Following my previous post on the TP-Link ban proposal, I’ve received crucial intelligence that significantly sharpens the focus on supply chain risk. The key takeaway is this: Even with TP-Link Systems Inc.’s organizational separation (headquartered in California), confirmation suggests they still utilize firmware produced in China for their US-market products. Why this is a critical […]

Is the U.S. Government’s Stance on Tech “Selective Enforcement”? The recent push by multiple U.S. agencies to ban TP-Link products, citing national security risks, is a significant move. The stated concern is that TP-Link’s ties to China could make it subject to laws compelling cooperation with state intelligence, potentially turning millions of home routers into […]

Every heist movie has the same beat: create chaos, draw all eyes to the spectacle, while the real theft happens quietly in the background. The Italian Job: blow up the safe in the ceiling. Now You See Me: magic shows and flashy misdirection. The Dark Knight: “It’s not about money—it’s about sending a message.” In […]

In Ocean’s 11, Danny Ocean needed Linus Caldwell to infiltrate the casino. Months of preparation. Deep cover. The perfect inside man. In 2024? Attackers just need Karen from Accounting to think the CEO really did email her about that urgent wire transfer at 4:47 PM on a Friday. The Reality: Social engineering attacks increased 135% […]

For years, security leaders have championed “best practices” and “industry frameworks.” We’ve had to translate technical risk into business terms, often fighting for a seat at the table. With the SEC’s 4-day disclosure rule, the EU’s DORA, and a wave of new state-level privacy laws, the game has fundamentally changed. What was once “IT risk” […]

It’s easy to get focused on the complex, high-tech threats—AI-driven attacks, zero-days, and quantum-resistant crypto. But a recent warning from the head of GCHQ (one of the United Kingdom’s intelligence and security agencies) brought things back to a critical, analog reality. The advice? Keep paper copies of your crisis plans. It sounds almost archaic, but […]

If you happen to live near Draper, UT, A company named Redo is hiring for a security architect, its AWS based and seems like a good bunch of people. https://lnkd.in/g558_mPw #job #Cyber #redo #racter

Another cloud outage, another flurry of posts about how cloud was the wrong choice and this is what happens when you put your eggs in one basket. It was not cloud that brought these sites down, failure is to be expected in any complex system, it was a lack of adherence to best practices. It […]