Newsletter Archive

Issue #13 • Week of March 25, 2026 Sponsored message Security Tip of the Week 🔐 Treat Certifications as Starting Points, Not Endpoints When a vendor hands you a FedRAMP authorization, SOC 2 report, or ISO 27001 certificate, ask one follow-up question: what did the review not cover? Every certification has scope exclusions, known gaps,…

Issue #12 • Week of March 23, 2026 Sponsored message Security Tip of the Week 🔐 Treat Your Security Tools Like Production Assets Your firewall management console, SIEM, and PAM vault are high-value targets, not background utilities. Audit who has admin access to each, confirm those accounts are covered by MFA and privileged session monitoring,…

Issue #11 • Week of March 9, 2026 Sponsored message Security Tip of the Week 🔐 Audit the Service Accounts Your Security Devices Hold Pull the service accounts your firewalls, SD-WAN controllers, and edge devices use to integrate with Active Directory. Check what permissions those accounts have and when they were last reviewed. Most were…

Issue #10 • Week of March 9, 2026 Sponsored message Security Tip of the Week 🔐 Verify, Don’t Assume Audit one security control this week that your team treats as “handled” but hasn’t formally reviewed in over a year: a firewall rule, a trust boundary, an access policy. Assumptions are where security debt hides longest.…

Issue #07 • Week of Feb 16, 2026 Sponsored message Security Tip of the Week 🔐 Patch ≠ Eviction Validation Pick one system patched for a previously exploited vulnerability in the last 12 months. Check whether your logging captured what normal operation looked like before the patch, and whether you’d detect if the original exploit…

Issue #06 • Week of Feb 9, 2026 Sponsored message Security Tip of the Week 🔐 NTLM Reality Check Enable enhanced NTLM auditing in Windows 11 24H2 or Server 2025 and let it run for 48 hours. If you see authentication attempts from systems you don’t recognize or to services you thought were Kerberos-only, your…

The attack surface is not growing because of what you added this quarter. It is growing because of what you never fully removed, never fully mapped, and never fully governed. If you have spent the last week in an architecture review, an identity roadmap conversation, or an M&A due diligence call, you already know this…