Imaginary Access Management
When the Policy Exists Only in the Slide Deck On Tuesday, January 14, 2026, at 8:47 sharp, Monsieur le Vicomte Jean-Baptiste de Vauquelin-Pétainville, Directeur Suprême de la Fabrique Identitaire of the Banque…
The Antivirus Is the Weapon
Inside BlueHammer, the Zero-Day That Made Microsoft Defender Promote Attackers to SYSTEM In April 2026, security researchers disclosed three zero-day vulnerabilities in Microsoft Defender. The vulnerabilities, named BlueHammer (CVE-2026-33825), RedSun, and UnDefend,…
The Shift Left Doctrine in 2026
What the Data Shows, and Who Pays the Cost In the late 2010s, the cybersecurity industry adopted a slogan: "shift left". The idea, in its original formulation, was reasonable. Catch security problems…
The Climate Fashion Week
Notes on COP30 Belém, the Belém Package, and the Genre's Signature Move In November 2025, one hundred and ninety-five Parties met in Belém, Brazil, for the thirtieth Conference of the Parties to…
Why $94 Billion in Corporate Wellness Spending Coincides With Record Burnout
A Note on the Tobacco-Yoga Industrial Complex In 2026, the global corporate wellness industry will pass $94 billion. Eighty-five percent of large U.S. employers offer a wellness program of some kind. In…
What Is a Policy
A Definition Updated for the AI Compliance Era Allow me to attempt a definition of a thing I have observed for two decades, across hundreds of corporate environments, and which has just…
Madame Colbac and the Russian Hat
A Note on Linguistic Confusion, Threat Attribution, and the Continental European Boardroom Some years ago, a senior executive at a European bank briefed her board on a cyber threat the company was…
The Post-Incident Communication as Liturgy
A Taxonomy of the Standardized Vocabulary of 2026 Breach Disclosures : There is a genre of corporate communication that, after twenty years of observation, has stopped pretending to be communication and has…
The Four-Month Cyber Resilience Act Countdown
Less than four months separate today from the moment when Article 14 of the EU Cyber Resilience Act becomes binding. On September 11, 2026, manufacturers of products with digital elements placed on…
Agentic, Self-Healing, and Other Press-Release Animals
Somewhere in the corridors of #RSAC2026, there exists a creature called the "AI-native, #ZeroTrust enabled, agentic, self-healing, autonomous security operations platform with continuous compliance posture management". It lives in press releases. It…