How a career that began in IT support evolved into cybersecurity consulting, podcasting, and documentary filmmaking focused on telling the human stories behind technology.
Many medical devices have expected lifespans measured in decades, and the majority of connected medical devices currently in use wouldn't meet the FDA's latest cybersecurity standards if submitted for approval. Adversaries have noticed.
The bring-your-own-device (BYOD) dimension carries implications well beyond Stryker.
While Iranian drones were taking out Amazon's data centers in the Gulf, Tehran's hackers were already inside U.S. banks, airports, and defense networks — and they got there weeks before the first missile flew.
Ransomware events surged 55% in 2025, supply chain attacks widened the blast radius, and nation-state actors showed up. New data from Health-ISAC shows why the health sector's security problem continues to grow.
As Iran's cyber forces regroup after the most devastating military strikes in the Islamic Republic's history, the U.S. agency built to defend the nation's critical infrastructure is operating with a skeleton crew, gutted leadership, and a funding crisis — at precisely the moment it is needed most.
The SaaS market has shed $1 trillion in value. Salesforce, Workday, Adobe, and Snowflake are all down at least 40% from 2025 peaks. For CISOs managing risk across a consolidating software stack, the implications for vendor stability, integration continuity, and contract leverage are significant.
Lazarus-linked threat actors exploit fake recruiter campaigns in an operation ReversingLabs calls “graphalgo,” turning technical job interviews into remote access trojan (RAT) delivery mechanisms that target developers.
The forthcoming plan marks a sharp pivot from the Biden era—and some experts warn it may leave the nation more exposed, not less.
The Notepad++ incident isn't just another nation-state compromise. This attack highlights how developer tools are a governance blind spot, ongoing weaknesses in the integrity of update mechanisms, and the continued evolution of supply chain attacks.
Epoch Theory is Jeremiah Grossman’s framework for understanding how cybersecurity evolves in distinct phases driven by attacker behavior, not defensive intention.
The world moved swiftly to adopt enterprise AI. Here come the regulations. In this story, we cover what security and risk teams need to know to weather the new regulatory waters.
For security teams, the message is sobering: initial access brokers such as Gootloader operate at sophisticated technical levels, leverage specialized knowledge of file-format quirks, and maintain operational resilience through rapid innovation.
For enterprises eager to consolidate their tools, success will take the form of "platformization" of enterprise security stacks.
We picked the top three news events of 2025. It wasn't easy: and neither will be 2026.
Here are the predictions we believe will have significant impacts on security professionals in the year ahead: the bad and the good.
