Field notes from the front line.
Practical guidance from our team — written for the people who actually have to make security decisions, not the consultants who write checks after the breach.
Compliance
CMMC 2.0 is here. Most DIB suppliers aren’t ready — what to do this quarter.
A practical checklist for defense contractors staring down a Level 2 assessment without a clear path forward.
Risk
What cyber insurance underwriters actually look at — and how to pass the next renewal.
MFA, EDR, backups, and incident response plans. What’s now table stakes, and what gets you a discount.
Healthcare
Why a hospital’s biggest cyber risk is usually a door.
How the convergence of physical and cyber security changes the threat model for HIPAA-covered entities.
Public sector
The SLCGP application window: a calendar, a checklist, and what we wish we’d known.
State and Local Cybersecurity Grant Program timing for FY2026 — practical guidance for municipalities and school districts.
Operations
How to run a phishing simulation without trashing employee trust.
The single biggest mistake organizations make in their first awareness program — and how to avoid it.
Infrastructure
Cloud vs on-prem video surveillance: a 5-question decision tree.
Bandwidth, retention, compliance, and total cost of ownership — by the numbers, not the marketing.
Subscribe to our quarterly briefing.
A short, practical roundup of what’s changed in the regulatory and threat landscape — sent four times a year, never more.