by Gary Zimmerman | Jul 7, 2026 | AI, Cybersecurity, Governance
On December 23, 2025, the FDA cleared a software medical device called UpDoc under 510(k) number K253281. The clearance got relatively little attention when it was issued. When UpDoc announced $18 million in seed financing on June 25, 2026 — alongside initial...
by Gary Zimmerman | Jun 29, 2026 | AI, Cybersecurity, Governance
On April 17, 2026, the Federal Reserve, OCC, and FDIC issued SR 26-2 — the first rewrite of model risk management guidance since SR 11-7 in 2011. It superseded fifteen years of supervisory expectations. It clarified scope. It introduced a risk-based, proportional...
by Gary Zimmerman | Jun 22, 2026 | AI, Governance, Identity
The CISO role has always carried accountability that outpaced authority. What changed in 2026 is that the accountability became legally enforceable, personally, and the regulatory mechanisms to enforce it are no longer on the horizon. They are active. Splunk’s 2026...
by Gary Zimmerman | Jun 15, 2026 | AI, Cybersecurity, Identity
Your identity governance program almost certainly has a blind spot. It is not a configuration error or a policy gap. It is architectural. The IGA platforms most enterprises run were designed when “identity” meant a person. Joiner-mover-leaver workflows, access...
by Gary Zimmerman | Jun 8, 2026 | AI, Cybersecurity, Governance
Here is the problem with banning shadow AI: the people most likely to ignore the ban are your most senior decision-makers. According to TrustedTech’s Shadow AI in the Workplace report, published in May 2026, 65% of decision-makers use unapproved AI tools — compared...
by Gary Zimmerman | Jun 2, 2026 | AI, Cybersecurity, Identity
The question we keep getting from security architects right now is some version of the same thing: “We have a zero trust program. We have identity governance. We have PAM. Why does none of it cover our AI agents?” The honest answer is that it was never designed to....
by Gary Zimmerman | Apr 20, 2026 | Uncategorized
If you missed last week’s AI governance session (or want to revisit it), this edition gives you a concise but complete written walkthrough of the core framework we used. Watch the Replay The full session replay is available on demand. Share it with colleagues who are...
by Gary Zimmerman | Apr 10, 2026 | Cybersecurity, Governance, Identity
Most M&A teams move fast on financial, legal, and operational due diligence—but overlook one of the biggest post-close failure points: identity. When you buy a company, you are also acquiring every account, role, entitlement, and backdoor they have in place. Yet...
by Gary Zimmerman | Apr 3, 2026 | Cybersecurity, Identity
Over the last few years, most organizations have made heavy investments in identity: single sign‑on, MFA, privileged access management, and cloud directory modernization. Yet many of the most damaging breaches still begin with something simple: an attacker using valid...
by Gary Zimmerman | Apr 3, 2026 | Cybersecurity, Governance
Two CISOs. Same security program. Same budget. Same risk posture. One walks out of the board meeting with full investment approval and a standing agenda slot. The other spends 45 minutes defending patch completion rates to a CFO who wanted to talk about AI risk. The...
Recent Comments