by Gary Zimmerman | Apr 10, 2026 | Cybersecurity, Governance, Identity
Most M&A teams move fast on financial, legal, and operational due diligence—but overlook one of the biggest post-close failure points: identity. When you buy a company, you are also acquiring every account, role, entitlement, and backdoor they have in place. Yet...
by Gary Zimmerman | Apr 3, 2026 | Cybersecurity, Identity
Over the last few years, most organizations have made heavy investments in identity: single sign‑on, MFA, privileged access management, and cloud directory modernization. Yet many of the most damaging breaches still begin with something simple: an attacker using valid...
by Gary Zimmerman | Apr 3, 2026 | Cybersecurity, Governance
Two CISOs. Same security program. Same budget. Same risk posture. One walks out of the board meeting with full investment approval and a standing agenda slot. The other spends 45 minutes defending patch completion rates to a CFO who wanted to talk about AI risk. The...
by Gary Zimmerman | Mar 20, 2026 | AI, Cybersecurity, Governance
LLM red teaming, GenAI governance, EU AI Act timelines, and the AppSec integration most programs are missing. This week’s newsletter covers the AI security operational layer most programs haven’t built yet: how to test the LLMs already operating, how to govern GenAI...
by Kevin Kampman | Feb 27, 2026 | AI, Cybersecurity, Governance
AI isn’t just a tool—it’s an accelerant for human ingenuity. But as CISOs and IT leaders, we’ve been conditioned to see technology adoption through an IT-centric lens: control first, innovation second. AI governance flips that script. It’s governance foremost—rooted...
by Gary Zimmerman | Feb 27, 2026 | AI, Cybersecurity
The enterprises that safely scale AI into their core operations will win the next decade. The ones that don’t govern the basics—like model drift—will watch AI silently reverse course, turning their greatest advantage into their biggest vulnerability. In 2026, AI...
by Gary Zimmerman | Feb 20, 2026 | AI, Cybersecurity, Governance, Identity
Credential stuffing used to be a volume game. Spray billions of stolen username-password pairs at login pages, get a 0.1% hit rate, move on. In 2026, it’s surgical. And your board is going to ask you about it. Here’s what changed: AI-powered attackers aren’t just...
by Gary Zimmerman | Feb 13, 2026 | AI, Cybersecurity, Governance, Identity
You wouldn’t hire an employee without vetting them, tracking their access, or having a termination plan. So why are you treating AI agents differently? By now you’ve probably seen all the buzz about Openclaw (or Clawbot, or Moltbook)… For enterprises, the headline is...
by Gary Zimmerman | Jan 30, 2026 | Cybersecurity, Governance, Identity
As security leaders, we often find ourselves trapped in a translation gap. We talk about “policy decision points,” “ephemeral credentials,” and “microsegmentation.” Our CEOs and Boards talk about strategy execution, capital efficiency, and talent retention. The...
by Gary Zimmerman | Jan 23, 2026 | Cybersecurity, Governance, Identity
Walk into a typical enterprise and ask, “Where are you with Zero Trust?” You’ll probably get an answer that’s a mix of high-level commitment and operational frustration. Many organizations have made a real start. Pieces of a Zero Trust model are in place. But most are...
Recent Comments