Reflexiones y Artículos

Is the U.S. Government’s Stance on Tech “Selective Enforcement”? The recent push by multiple U.S. agencies to ban TP-Link products, citing national security risks, is a significant move. The stated concern is that TP-Link’s ties to China could make it subject to laws compelling cooperation with state intelligence, potentially turning millions of home routers into […]

Every heist movie has the same beat: create chaos, draw all eyes to the spectacle, while the real theft happens quietly in the background. The Italian Job: blow up the safe in the ceiling. Now You See Me: magic shows and flashy misdirection. The Dark Knight: “It’s not about money—it’s about sending a message.” In […]

Mission: Impossible made us believe breaking into secure facilities requires: Real attackers in 2024? They just check CVE databases for vulnerabilities you haven’t patched yet and walk through the front door you forgot to lock. The Reality: The average time to exploit a known vulnerability after patch release? 7 days. The average time organizations take […]

Remember the briefing scene in every heist movie? Blueprints covering the walls. Red string connecting photos. Months of surveillance. Danny Ocean studying vault schematics like it’s the Da Vinci Code. Real attackers in 2024? They compromised SolarWinds once, and 18,000 organizations voluntarily installed the malware for them. The Reality: Supply chain attacks are the ultimate […]

In Ocean’s 11, Danny Ocean needed Linus Caldwell to infiltrate the casino. Months of preparation. Deep cover. The perfect inside man. In 2024? Attackers just need Karen from Accounting to think the CEO really did email her about that urgent wire transfer at 4:47 PM on a Friday. The Reality: Social engineering attacks increased 135% […]

For years, the narrative has been “users are the weakest link” – and honestly, I think this framing has done more harm than good. When we position people as liabilities rather than assets, we create a culture of fear and blame. Employees start hiding mistakes instead of reporting incidents. They see security as an obstacle […]

We’ve spent decades building systems with perfect memory. Databases that never lose a record. Backups of backups. Perfect recall as the ultimate feature. Now we’re dealing with an uncomfortable reality: the thing that makes large language models so powerful is exactly what makes them risky. Last year, researchers pulled verbatim training data straight out of […]

For years, security leaders have championed “best practices” and “industry frameworks.” We’ve had to translate technical risk into business terms, often fighting for a seat at the table. With the SEC’s 4-day disclosure rule, the EU’s DORA, and a wave of new state-level privacy laws, the game has fundamentally changed. What was once “IT risk” […]

It’s easy to get focused on the complex, high-tech threats—AI-driven attacks, zero-days, and quantum-resistant crypto. But a recent warning from the head of GCHQ (one of the United Kingdom’s intelligence and security agencies) brought things back to a critical, analog reality. The advice? Keep paper copies of your crisis plans. It sounds almost archaic, but […]

The removal of the IceBlock app from the App Store, as reported by CNN, is a deeply concerning move for community safety and freedom of speech. https://lnkd.in/gHvhz-Zh When a tech platform capitulates to government pressure to remove a community-level alert tool used by over a million people, it doesn’t solve any underlying issues. It simply […]