-
Agents Are Identities: The New Control Plane for Enterprise AI
AI agents are not just features. Once they connect Slack, Jira, internal data, and downstream tools, they become operating identities with permissions, authority, and blast radius. This post explains why agent governance is an identity problem, not a prompt problem, and offers a framework: name, scope, bind, watch, prove, retire.
-
Agent Inventory and the Agent Register: The Control You Need Before Agent Sprawl Becomes Identity Debt
AI agents do not create a new governance problem so much as a faster identity problem. This post explains why agent inventories, Agent Registers, and ownership discipline matter, how discovery differs from authorization, and what teams need to prove scope, effective access, lifecycle, and accountability before something breaks in production.
-
When Your MDM Becomes the Weapon
A cyberattack on Stryker in March 2026 disrupted operations across 79 countries without a single piece of malware. Publicly reported attack path: Microsoft Intune administrative abuse. This post breaks down what happened, what could not have been predicted, what the governance gaps were, and what every Intune admin should do…
-
Approved Tool, Expanding Agent: The Ownership Model That Works
Approved SaaS platforms keep gaining agentic capability. The original security review does not expand with them. This post covers the RACI model, re-review triggers, and anti-patterns that break accountability when trusted tools evolve, plus what NIST AI RMF and OWASP Agentic Top 10 say about why one-time approval was never…
-
TechThatMattRs: Week Two of Building a Content Engine in Public
Most PMMs in a job search grind the application queue and wait. This one built a content campaign instead. Week two: what is working, what the data actually shows, why the numbers that matter are not the obvious ones, and what AI collaboration honestly looks like when nobody is watching.
-
Defending Against Modern Cyber Threats: A Day in the Life of Security Operations
Modern security incidents don’t fail in one place – they move. A phish becomes an identity problem. A third-party app becomes a data exposure problem. A zero-day becomes a privilege problem. This post follows a SecOps lead through five real attack scenarios and the process discipline that keeps operations standing.
-
The 90-Day Agent Identity Governance Plan
AI agents are moving fast, but governance is not keeping up today. This practical 90-day plan shows how to bring agent identities under control with ownership, least privilege, data-aware boundaries, and lifecycle discipline before hidden access, unmanaged connectors, and pilot magic turn useful automation into the next preventable security incident.
-
Shadow Agents Are the New Shadow IT
Shadow agents are the new shadow IT. This blog explains how unsanctioned agents, hidden connectors, and delegated access create new security risk, and why inventory, ownership, boundaries, and review are the practical controls that keep pilot magic from turning into production debt.
-
Tech That MattRs: Field notes for people who have to operate the mess
A living content index of practical field notes on identity security, authorization, AI agent governance, non-human identities, SecOps, compliance, hybrid cloud, and technical PMM craft. Use the tracks to find what fits your situation, then apply it in production.
-
Tech that MattRs: Why this exists, and where it goes next
Tech that MattRs is my reset button. I had to move to a new host because my old platform stopped letting me publish reliably in public, including posts and images. I am not interested in wrestling a platform into compliance. I am interested in writing, shipping, and building a body…
-
Configure Windows NTP Time Sync (Windows 10 / Windows 11)
I first wrote about this after getting smacked by what is, these days, an edge case IT problem: bad time sync, causing problems that looked like something else. This was at the start of COVID. Our team was all now working remotely, and one of our first in-person syncs during…
-
Use Device Groups to Automate Investigations in Microsoft Defender for Endpoint
Back in 2019, I wrote about using machine groups in Microsoft Defender ATP to automatically resolve investigations on selected systems. The core idea was simple: not every endpoint should be handled the same way, and security teams need a way to apply different remediation behavior to different classes of machines.…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
Tech That MattRs 