RESEARCH
The Deepfake Was Convincing. So Was My Backpack.
Why Social Engineering Still Works, Why AI is Making it Sharper, and the One Habit that Stops it In early 2024, an employee at Arup, a global engineering firm, joined a video call with several colleagues, including someone who appeared ...
Communicating Risk
Building Trust in Executive Relationships: Lessons from King Lear
A Framework for Establishing the Kind of Trust that Survives Budget Season Imagine the curtain going up and a group of players act out the opening scenes of Shakespeare's King Lear, just for you. An aging king sits in his ...
Your Jokes Were Funny. They Still Didn't Renew.
How MSPs Build the Kind of Client Rapport That Survives a Budget Review You walked out of the meeting feeling good. The handshake was firm, the small talk landed, and you even got a laugh with the printer joke. You ...
Value That Converts: Why Your vCSO Pitch Keeps Getting Pushed to IT
You walked out of that meeting feeling like a closer. Your credentials were on point. You covered the whole stack: EDR, SIEM, MDR, quarterly risk assessments, tabletop exercises, NIST alignment. Your vCSO offering was solid. You even had a phased ...
Dark Web Monitoring & Threat Intelligence
Part 2: Congratulations, Your Password Manager Made the News (Again)
If you caught Part 1 last week, you know the shape of what TeamPCP has been running since December 2024: one supply chain campaign, still expanding, with credentials stolen over a year ago still being spent today. Part 2 is ...
Part 1: Congratulations, Your Password Manager Made the News (Again)
You've probably seen the headlines. Bitwarden compromised. Trivy compromised. Checkmarx tools compromised. A handful of other developer tools before that. Each one got its own news cycle, its own advisory, its own "here's what to do if you're affected" post. ...
Your OSINT Reality Check: Here’s What an Attacker Is Finding in 30 Minutes or Less
Today’s connected, AI-driven digital ecosystem has made it easier than ever to build a professional brand, network with peers, and share ideas with a wider audience. It’s opened doors for businesses that simply didn't exist before: new customers, new partnerships, ...
Human Layer Security
The Deepfake Was Convincing. So Was My Backpack.
Why Social Engineering Still Works, Why AI is Making it Sharper, and the One Habit that Stops it In early 2024, an employee at Arup, a global engineering firm, joined a video call with several colleagues, including someone who appeared ...
The Invisible Workforce
The Shadow AI Running Inside Your Clients' Environments and How MSPs Can Get Ahead of It It's Monday morning. A client's controller is on the phone. She spent Friday afternoon cleaning up the vendor list inside their accounting platform's new ...
Your AI Agent Visits Websites on Your Behalf. Attackers Are Leaving It Notes.
The last two years of AI adoption inside businesses have followed a pretty consistent pattern. A team tries a tool, it saves them time, word gets around, and suddenly half the company is using something IT didn't approve. Now those ...
More Articles
Part 2: Threat Actors Don't Pick You. You Just Happen to Be There.
In Part 1, we established that Handala didn't pick Stryker off a strategic target list and then figure out how to break in. They found access, recognized the value, and used it. That's still a deliberate, damaging attack—it just means ...
Part 1: Threat Actors Don't Pick You. You Just Happen to Be There.
There's this idea that floats around—usually in boardrooms and in forums—that advanced threat actors operate like surgeons. They pick a target, they plan it out, they execute. Super deliberate. Undeniably cinematic. It implies that a breach is something that happens ...
One Misconfigured AI Agent Can Impact Every Client You Manage
When One Action Hits Every Client, Governance Decides the Outcome Imagine a hypothetical that’s taught in law school every semester: A delivery driver abandons his route to join a drum circle for three days. On his way back, he causes ...
The Clients You're Ignoring Are the Ones Who Will Sue You
I said something on stage at XChange last week that made a lot of people in the room uncomfortable. "Your smallest clients are your biggest risk." Not your enterprise accounts. Not the ones with complex environments and demanding SLAs. The ...
Part 2: Incident Response: Panic Is Not a Phase, It’s a Symptom
Turning Incidents Into Improvement Instead of Repetition When an incident finally ends, most organizations do the same thing: they exhale. Systems are back online. Alerts stop firing. Customers stop calling. Leadership announces that things are “under control.” Usually right before ...
Part 1: Incident Response: Panic is Not a Phase, It's a Symptom
Why Incident Response Fails Before the Incident Starts Most organizations think they’re “doing incident response” because they bought a tool. Or three. Maybe they even survived an incident once or twice, so clearly they’re fine now. That’s not incident response. ...
They Already Have an IT Department. Good. That’s Why You Should Call.
Last night I was at dinner with the CEO of an MSP. Good operator. Growing. Adding clients. Doing the work. We were walking around his town before dinner talking about the usual founder stuff. Processes. How to get people to ...
Agentic AI at the Edge: Opportunity, Autonomy & the Coming Legal Minefield
You’ve probably heard executives gush about autonomous AI agents, the shiny new productivity booster that can automate workflows faster than you can say “zero-trust.” But what they don’t hype is how agentic AI turns your cybersecurity playbook into an existential ...
Notepad++ Compromise: What you need to know
The recent Notepad++ compromise should make you pause for a moment because the Chrysalis backdoor is exactly the type of malware ...
Your Best Salespeople Aren’t in Sales. They’re on the Floor.
Last night I went out to dinner. I’m an early-to-bed guy, which means I eat when restaurants are still serving happy hour menus. This was New Orleans, so happy hour still meant good food and strong opinions. I was halfway through an appetizer when I overheard ...
The New Frontier: Securities Class Actions Triggered by Cybersecurity Failures
Cybersecurity risk isn’t just about limiting data loss anymore, it’s increasingly about legal exposure at the highest corporate level. A recent massive data breach at Coupang, one of South Korea’s largest online retailers, may fundamentally change how publicly traded companies and their cybersecurity providers think about risk ...
Your Statement of Work Is Your Security Program Playbook, Not Paperwork
Most MSPs treat the Statement of Work like something you do after the sale. A formality. A box to check. That mindset is exactly why scope creeps, expectations get fuzzy, and security ends up feeling hard to prove when a ...
