The risk to small and medium enterprises (SMEs) has been rising lately.  Executives’ personal information, accounts, and technology provide a lucrative and often overlooked target.

People assume good intent until proven otherwise. The same instinct that builds teams and partnerships also allows adversaries to impersonate them.

In cybersecurity, compliance is often mistaken for protection. Unfortunately, that decision trades measurable comfort for invisible risk.

Telescope facilities on Mauna Kea in Hawaii I enjoyed presenting Securing the Weird at Bsides Bloomington 2025. Slides are below for...

I recently had the pleasure of presenting Stakeholder Management In a Crisis: Lessons From a Crisis Communicator at Bsides Bloomington ....

In this blog articles we explore the cybersecurity risks that exist outside your direct control.

Many organizations rely on SaaS platforms instead of traditional on-premises solutions, trading control for convenience. The risks of that trade-off are often misunderstood.

This is the fourth installment in an ongoing series called "Executive Missteps" on how business leaders, often unknowingly, sabotage their organization's cybersecurity...and how not to be that person.  Each is inspired by a true story (or several). Find previous installments here: Above the Law (1) , Shadow (IT) Man (2) , On Deadly Ground (3) . Avery (not his real name) is busy, like most CEOs.  His company is a regional powerhouse in the process of building out a handful of

Stop me if you have heard this before. A company suffers a massive IT outage. The culprit is not a hacker in a foreign country or a sophisticated piece of malware. It is an unlocked door.

This is the third installment in an ongoing series called "Executive Missteps" on how business leaders, often unknowingly, sabotage their organization's cybersecurity...and how not to be that person. Each is inspired by a true story (or several). Find the first installment here , and the second here . Cybersecurity risks brought in by M&A can leave an executive feeling like the ground is falling out from under them. It's been a busy month for our CEO as the company works on w

Most companies don’t realize how narrow and conditional cybersecurity insurance coverage really is until they need it.

Managers, project managers, and executives can increase code quality by improving the environment and incentives for development teams.... and that includes improving security.

Starting your first job as a software developer is both exciting and intimidating. You want to make a strong impression, but you may worry about making a mistake that harms the company.

This is the second installment in an ongoing series called "Executive Missteps" on how business leaders, often unknowingly, sabotage their organization's cybersecurity...and how not to be that person. Each is inspired by a true story (or several). Find the first installment here . It's a normal Wednesday morning when the SOC (Security Operations Center) manager gets a knock on her door. One of her analysts has learned that the company's mail server has appeared on major bla

"Any sufficiently advanced technology is indistinguishable from magic." — Arthur C. Clarke’s Third Law The magic cybersecurity box, as...

It's late on Friday afternoon, and the corporate help desk gets a phone call.  The CEO is in a panic.  His next move will cost the company dearly.

Protecting your business from ransomware and blackmail requires a disciplined backup and data loss prevention strategy.

Small to Medium size Organizations, or commonly SME's face unique cybersecurity challenges now, and in the future. Here. Susan Sons explains the strategy for facing those challenges head-on.

Eliminating repetitive tasks, enforcing configuration consistency, and automating provisioning aren’t just technical wins, they’re operational leverage. Automation doesn’t mean less work. It means less waste and more time for what actually matters. 

Having at least a basic understanding of strategy, especially since most people in your position don’t, can be a massive career accelerator for an individual contributor.  This is especially true in IT, because our technological systems influence the behavior of the organization and sometimes of its customers.