Writing and thinking about information security. Helping organizations build resilient security postures through assessment, architecture, and compliance.
Comprehensive security solutions tailored to your organization.
Know where you stand before an attacker shows you. Our assessments go beyond automated scans to uncover real risks in your environment.
Build security into your infrastructure from the ground up. We design network architectures that are secure by default and resilient by design.
Compliance does not have to be painful. We help you meet regulatory requirements efficiently while building a governance program that adds real value.
Control who has access to what and when. We help you implement IAM frameworks that balance security with usability.
Thinking out loud about security, risk, and what it means to protect systems.
The part no one wants to say out loud: you can’t audit them all. Last week, a security research firm named Novee published a finding that should make every CIO in the country uncomfortable. A class of vulnerabilities they’re calling Cordyceps — embedded in GitHub Actions workflows — exposed more than 300 public repositories (including […]
test
The December 2024 NPRM ends the “addressable vs. required” loophole. Here’s what healthcare IT teams need to do in the next 90 days. In February 2024, a single ransomware group compromised Change Healthcare and walked away with the medical records of 192.7 million Americans. That’s more than half the country. The attack vector was almost […]