Category: Security
-

Mandiant Got Inside. The AI Threats Were Not What Anyone Expected.
Mandiant’s AI Risk and Resilience report shows a useful gap between perceived AI risk and real implementation failures: browser caching, SQL injection, broken access control, SSRF, excessive agency, and missing visibility.
-

Secrets and Tokens: Rotation SLAs, Blast Radius, and Attacker Dwell Time
Long-lived secrets are not harmless leftovers. They are blast radius waiting for an incident. This post breaks down rotation SLAs, attacker dwell time, delegated OAuth risk, and the operational habits that keep non-human credentials from becoming tomorrow’s breach path. Built for practitioners who have to run the mess in production.
-

When Your MDM Becomes the Weapon
A cyberattack on Stryker in March 2026 disrupted operations across 79 countries without a single piece of malware. Publicly reported attack path: Microsoft Intune administrative abuse. This post breaks down what happened, what could not have been predicted, what the governance gaps were, and what every Intune admin should do…
-

Approved Tool, Expanding Agent: The Ownership Model That Works
Approved SaaS platforms keep gaining agentic capability. The original security review does not expand with them. This post covers the RACI model, re-review triggers, and anti-patterns that break accountability when trusted tools evolve, plus what NIST AI RMF and OWASP Agentic Top 10 say about why one-time approval was never…
-

Defending Against Modern Cyber Threats: A Day in the Life of Security Operations
Modern security incidents don’t fail in one place – they move. A phish becomes an identity problem. A third-party app becomes a data exposure problem. A zero-day becomes a privilege problem. This post follows a SecOps lead through five real attack scenarios and the process discipline that keeps operations standing.
