Robert Mckay @bug_less

When I was a kid, I learned how to cross the street: look left, look right, watch for traffic. Nobody told me to avoid the street entirely—in fact, I biked two miles to school with my little sister every day. That’s how I think about the internet with my kids. It’s not about…

You'll never catch me pretending to know everything about anything, even fields I have plenty of experience with. In the spirit of not knowing everything, I want to share a few things I've noticed now, nine months into 2025, that definitely weren't on my bingo card. I don't want…

The sun feels like a constant in our lives—but always full of surprises. That’s why I love IBM’s work with NASA on Surya: a digital twin of the sun powered by AI, helping scientists model solar activity and even predict solar storms before they disrupt satellites, power grids,…

Multi-Factor Authentication is something that most organizations say they enforce across the entire enterprise, but few manage to fully follow up on. It's nearly impossible to prove MFA is being enforced everywhere unless you have the right identity governance and auditing…

Most #ITDR conversations start with “real-time response.” But the truth is, how well that response works depends on what happens before the alert ever fires. If your directory is packed with stale accounts, broad roles, and endless exceptions… attackers already have the map.…

I keep seeing the same trap in the #identity space: vendors promise a silver bullet, buyers want to believe it, and both sides end up disappointed. The reality is that identity isn’t something you ‘solve’ with a single product or quick rollout. It's a living system. It's…

Microsoft's Entra has already seen several major improvements this year, but their new cross-cloud synchronization feature offers a new level of security and convenience. The features allows administrators to automatically manage user #identities across different Microsoft cloud…

It used to be that identity was treated as something of an afterthought in #cybersecurity. This is no longer the case though, as most people now recognize that weak credentials and privileged access management cause most security breaches. To stay ahead of malicious actors,…

Cyber attacks aren’t slowing down. Hackers are getting more sophisticated—and they’re counting on companies being caught off guard. Here’s the scary part: only 26% of organizations have an incident response plan and have actually rehearsed it. Without practice, even the best…

I think it’s pretty telling that 63% of breached organizations either didn’t have an #AI governance policy or were "still developing one." But honestly, the potentially bigger issue is that even when policies existed, most weren’t tied to actual controls. Governance can't just…

I used to believe #AI should be led by technologists. On the surface, it feels pretty logical, right? But the longer I work with it, the more I realize just how wrong I was. AI wouldn't be half as effective or game-changing as it is now if it were left to technologists. The…

Now this is what it looks like when tech is used to enable a mission. In their tech growth efforts, the Y identified a problem—5,000+ children without care—and worked with #Microsoft to build the structure, organizationally and technically, to solve it. And that's where I find…

Really cool work from IBM and Cleveland Clinic. Instead of teaching AI how we walk, they’re focusing on why it matters — using synthetic data grounded in physics, biomechanics, and clinical insights. No waiting around for patient data to slowly build up. This shift could be…

#Security has a usability problem, and for years, we’ve treated that as a user training issue instead of a design failure. But honestly, in my experience, people don't read prompts. They trust patterns. They move quick. It's just how humans often work, especially nowadays. So…

When we talk about #healthcare breaches, we normally focus on the monetary impact. But I think there are other crucial areas that are deeply affected that we have to address too, like delayed care, clinician burnout, and even patient harm. If #identity is the front door to every…

The rise of #ShadowAI isn't all that surprising. Honestly, it felt inevitable. What is a bit surprising, however, is how many companies are treating it like a user problem instead of a system problem. If employees are spinning up agents inside Salesforce or Workday, it’s not…

Sometimes, the simplest security gaps can cause the biggest damage. Social engineering exploits basic, outdated processes rather than sophisticated malware. These breaches expose a fundamental truth: tech alone isn’t enough. People and legacy workflows often remain the weakest…

Infosecurity Magazine @InfosecurityMag

2 months ago

Sometimes, the simplest security gaps can cause the biggest damage. Social engineering exploits basic, outdated processes rather than sophisticated malware. These breaches expose a fundamental truth: tech alone isn’t enough. People and legacy workflows often remain the weakest…

0 0 1 1K 1

Every budget season I hear the same thing: “We need to cut costs, but we also need to improve security.” But truth is, those aren’t competing goals. If your #IAM framework is outdated, fragmented, or reactive, you’re already paying a hidden tax in lost productivity, workarounds,…

I've learned that most unsuccessful #AI strategies don't fail because of inherently bad tech. They fail because of ambiguous intent. When I picture this, one enterprise comes to mind. They threw as much as possible together without giving thought to ROI, outcomes, or purpose.…

#Microsoft's Entra was already impressive, but their updates are forcing us to reconsider what enterprise #IAM needs to look like in a machine-first, hybrid-native world. Cosmetic changes are always nice, but Agent ID, passkey profiles, improved app backup, and guest user flows…