Covers the integration of cybersecurity into broader enterprise risk management strategies. Articles address how organizations identify, assess, and prioritize cyber risks alongside operational, financial, and strategic threats, ensuring a unified approach to protecting critical assets and business continuity.
posts
Your Employees Are Building a Second Network You Can't See A marketing manager signs up for an AI writing tool using her corporate email. A developer spins up an AWS instance on a personal account to test code faster. A sales rep stores client contracts in a personal
The SolarWinds Wake-Up Call That Still Echoes in Every Boardroom When SolarWinds disclosed its massive supply chain compromise in late 2020, it wasn't just IT teams scrambling — it was CEOs fielding calls from senators, board members demanding answers they didn't have, and general counsel mapping out
When Colonial Pipeline's CEO Joseph Blount testified before the Senate in June 2021, he admitted the company paid $4.4 million in ransom after a single compromised password shut down the largest fuel pipeline in the United States. No multi-factor authentication. No segmentation between IT and operational technology.
One Unapproved App Cost a Hospital Network $3 Million In 2023, a regional hospital system discovered that a department had been using an unapproved file-sharing tool to exchange patient records for over a year. The tool had no encryption, no access controls, and no audit trail. When an attacker exploited
The SEC Changed Everything — Most Boards Still Haven't Caught Up In July 2023, the SEC adopted rules requiring public companies to disclose material cybersecurity incidents within four business days and to describe their board's oversight of cyber risk annually. Since then, I've reviewed dozens
