- The Identity Crisis Nobody Is Talking Aboutby Cody KellerMost organizations have mature processes for managing human identities. Onboarding, offboarding, access reviews, least privilege — these are established practices, even if execution is inconsistent. The problem is that human identities are no longer the majority of what’s accessing your systems. Service accounts, API keys, OAuth tokens, automation scripts, and now AI agents — non-human… Read more: The Identity Crisis Nobody Is Talking About
- CIRCIA’s Final Rule Is Almost Here. Are You Ready?by Cody KellerThe Cyber Incident Reporting for Critical Infrastructure Act has been in a holding pattern since CISA missed its original October 2025 deadline. The final rule is now expected in May 2026. If you’ve been treating CIRCIA as a future problem, that window is closing fast. RSA This post isn’t about what CIRCIA says in theory.… Read more: CIRCIA’s Final Rule Is Almost Here. Are You Ready?
- Breaking Into Cybersecurity: What They Don’t Teach You Before Graduationby Cody KellerGraduation season is here, and if you’re about to finish a cybersecurity degree, a bootcamp, or a certification program and step into your first job search, congratulations — and also, fair warning: the gap between what academic programs prepare you for and what the job actually looks like is real, and nobody warns you about… Read more: Breaking Into Cybersecurity: What They Don’t Teach You Before Graduation
- AI Regulation Is Coming. Most Businesses Aren’t Ready.by Cody KellerThe AI governance conversation has been running in the background for most organizations — something to monitor, something to address eventually, something for legal to sort out. That posture has an expiration date, and for many businesses, it’s August 2026. The EU AI Act’s major provisions go fully into effect on August 2, 2026. Organizations… Read more: AI Regulation Is Coming. Most Businesses Aren’t Ready.
- Geopolitical Cyber Threats Are Now a Business Problemby Cody KellerThe conflict between the United States and Iran that began on February 28, 2026 moved into the cyber domain almost immediately. If you’ve been watching it as a geopolitical story and not a security operations story, it’s time to adjust your perspective. This isn’t abstract nation-state activity happening at the edges of critical infrastructure. On… Read more: Geopolitical Cyber Threats Are Now a Business Problem