- Zero Trust in Practice: What It Actually Takesby Cody KellerZero Trust is one of the most marketed concepts in cybersecurity. It’s also one of the most misunderstood. If you’ve sat through enough vendor presentations, you’ve heard it positioned as a product — something you buy, deploy, and check off the maturity model. The reality is different, and the gap between the marketing narrative and… Read more: Zero Trust in Practice: What It Actually Takes
- Supply Chain Risk: The Problem That Quadrupledby Cody KellerThird-party risk has been a fixture of security program conversations for years. Most organizations with a mature GRC function have a vendor risk management process — tiering, assessments, questionnaires, contractual requirements. The process exists. The problem is that the scale and nature of supply chain attacks have outpaced what those processes were built to handle.… Read more: Supply Chain Risk: The Problem That Quadrupled
- The Summer Security Gap: What Happens to Your Program When Everyone’s Distractedby Cody KellerSummer is operationally the most complicated season for security teams, and it’s rarely discussed that way. The conversation tends to focus on threat actors and external risks. The more immediate problem is internal: interns onboarding with broader access than they need, senior staff on extended PTO, temporary employees hired for seasonal peaks, and an organizational… Read more: The Summer Security Gap: What Happens to Your Program When Everyone’s Distracted
- The State Privacy Law Stack Is Now Your Compliance Problemby Cody KellerIf your organization has been tracking state privacy legislation as a “watch and monitor” item, that posture is overdue for a change. Twenty states now have comprehensive consumer privacy laws in effect. Three more — Connecticut, Arkansas, and Utah — have significant updates or new provisions taking effect July 1, 2026. That’s thirty days from… Read more: The State Privacy Law Stack Is Now Your Compliance Problem
- Ransomware in 2026: The Playbook Most Organizations Have Is Already Outdatedby Cody KellerRansomware response has been a standard component of incident response planning for nearly a decade. Most organizations with a mature security program have a ransomware playbook — escalation paths, isolation procedures, backup recovery processes, and a decision framework around payment. The problem is that the environment those playbooks were written for has changed significantly, and… Read more: Ransomware in 2026: The Playbook Most Organizations Have Is Already Outdated