The SEC Fired the Starting Gun — Most Boards Still Haven't Moved In late 2023, the SEC's new cybersecurity disclosure rules forced publicly traded companies to report material cyber incidents within four business days. Suddenly, board directors who had spent decades delegating "the tech stuff"
In 2023, the FBI's IC3 received over 880,000 cybercrime complaints with losses exceeding $12.5 billion — and a massive chunk of those victims were everyday people sitting at home computers. Not Fortune 500 companies. Not government agencies. Regular people who thought their home setup was too small
In 2024, the FBI's Internet Crime Complaint Center received over 859,000 complaints with losses exceeding $16.6 billion — a 33% increase from the year before. That number isn't slowing down in 2026. I've spent years watching organizations and individuals make the same preventable
A 20-Year-Old Exploit Still Topping the Charts In 2023, the MOVEit Transfer vulnerability — a SQL injection flaw — led to the compromise of over 2,600 organizations and roughly 90 million individuals' records. One vulnerability. One technique that's been publicly documented since the early 2000s. And it still
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the help desk, pretended to be an employee, and talked their way into a password reset. No malware. No zero-day exploit. Just a phone call and a convincing story. That single incident shut down slot machines,
In June 2024, researchers at SpyCloud reported that over 17.3 billion credentials were circulating on underground marketplaces. That's not a theoretical number from a think tank. That's the real inventory of stolen credentials on the dark web — usernames, passwords, session tokens, and API keys — available
In 2024, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't brute-force a password. They simply called IT support, impersonated an employee they found on
The $350 Million Oversight Nobody Saw Coming When Verizon acquired Yahoo in 2017, two previously undisclosed breaches affecting all 3 billion Yahoo accounts forced a $350 million price reduction. That's what happens when cybersecurity due diligence fails at the highest level. The breaches had already happened. The data
Welcome to the Phish Tour: How a Single Email Becomes a Full-Blown Breach In March 2023, the FBI's IC3 received over 298,000 complaints related to phishing schemes — more than any other cybercrime category by a wide margin. That number has only climbed since. Yet most people still
A Six-Figure Starting Salary Isn't the Exception Anymore I reviewed a job posting last week for a mid-level security analyst in Omaha — not San Francisco, not New York — offering $115,000 base salary plus a signing bonus. Five years ago, that role paid $78,000 in the same
