Quote for the day:
"When I finally got a management position, I found out how hard it is to lead and manage people." -- Guy Kawasaki
Stop Choosing Between Speed and Stability: The Art of Architectural Diplomacy
In contemporary business environments, Enterprise Architecture (EA) is
frequently misunderstood as a static framework—merely a collection of diagrams
stored digitally. In fact, EA functions as an evolving discipline focused on
effective conflict management. It serves as the vital link between the
immediate demands of the present and the long-term, sustainable objectives of
the organization. To address these challenges, experienced architects employ a
dual-framework approach, incorporating both W.A.R. and P.E.A.C.E.
methodologies. At any given moment, an organization is a house divided. On one
side, you have the product owners, sales teams, and innovators who are in a
state of perpetual W.A.R. (Workarounds, Agility, Reactivity). They are facing
the external pressures of a volatile market, where speed is the only currency
and being "first" often trumps being "perfect." To them, architecture can feel
like a roadblock—a series of bureaucratic "No’s" that stifle the ability to
pivot. On the other side, you have the operations, security, and finance teams
who crave P.E.A.C.E. (Principles, Efficiency, Alignment, Consistency,
Evolution). They see the long-term devastation caused by unchecked "cowboy
coding" and fragmented systems. They know that without a foundation of
structural integrity, the enterprise will eventually collapse under the weight
of its own complexity, turning a fast-moving startup into a sluggish,
expensive legacy giant.Why Identity Will Become the Ultimate Control Point for an Autonomous World in 2026
The law of unintended consequences will dominate organisational cybersecurity
in 2026. As enterprises increase their reliance on autonomous AI agents with
minimal human oversight, and as machine identities multiply, accountability
will blur. The constant tension between efficiency and security will fuel
uncontrolled privilege sprawl forcing organisations to innovate not only in
technology, but in governance. ... Attackers will exploit this shift,
embedding malicious prompts and compromising automated pipelines to trigger
actions that bypass traditional controls. Conventional privileged access
management and identity access management will no longer be sufficient.
Continuous monitoring, adaptive risk frameworks, and real-time credential
revocation will become essential to manage the full lifecycle of AI agents. At
the same time, innovation in governance and regulation will be critical to
prevent a future defined by “runaway” automation. Two years after NIST
released its first AI Risk Management Framework, the framework remains
voluntary globally, and adoption has been inconsistent since no jurisdiction
mandates it. Unless governance becomes a requirement not just a guideline,
organisations will continue to treat it as a cost rather than a safeguard.
Regulatory frameworks that once focused on data privacy will expand to cover
AI identity governance and cyber resilience, mandating cross-region redundancy
and responsible agent oversight.The human paradox at the center of modern cyber resilience
The problem for security leaders is that social engineering is still the most
effective way to bypass otherwise robust technical controls. The problem is
becoming more acute as threat actors increasingly use AI to deliver
compelling, personalized, and scalable phishing attacks. While many such
incidents never reach public attention, an attempt last year to defraud WPP
used AI-generated video and voice cloning to impersonate senior executives in
a highly convincing deepfake meeting. Unfortunately, the risks don’t end
there. Even with strong technical controls and a workforce alert to social
engineering tactics, risk also comes from employees who introduce tools,
devices or processes that fall outside formal IT governance. ... What’s needed
instead is a shift in both mindset and culture, where employees understand not
just what not to do, but why their day-to-day decisions, which tools they
trust, how they handle unexpected requests, and when they choose to slow down
and double check something rather than act on instinct genuinely matter. From
a leadership perspective, it’s much better to foster a culture which people
feel comfortable reporting suspicious activity without fear of blame, rather
than an environment where taking the risk feels like the easier option. ...
Instead of acting quickly to avoid delaying work, the employee pauses because
the culture has normalized slowing down when something seems unusual. They
also know exactly how to report or verify because the processes are familiar
and straightforward, with no confusion about who to contact or whether they’ll
be blamed for raising a false alarm.Is cloud backup repatriation right for your organization?
Cost is, without a doubt, one of the major reasons for repatriation. Cloud
providers have touted the affordability of the cloud over physical data
storage, but getting the most bang for your buck from using the cloud requires
due diligence to keep costs down. Even major corporations struggle with this
issue. The bigger the environment, the more complex it is to accurately model
and cost, particularly with multi-cloud environments. And as we know, cloud is
incredibly easy to scale up. Keeping with our data theme, understanding the
costing model of data backup and bringing back data from deep storage is
extremely expensive when done in bulk. Software must be expertly tuned to use
the provider storage tier stack efficiently, or massive costs can be incurred.
On-premises, the storage costs are already sunk. The data is also local
(assuming local backup with remote replication for offsite backup,) so
restoring data and services happens quicker. ... Straight-up backup to the
cloud can be cheaper and more effective than on-site backups. It also passes a
good portion of the management overhead to the cloud provider, such as
hardware support, general maintenance and backup security. As we discussed,
however, putting backups in another provider's hands might mean longer
response and recovery times. Smaller businesses often have an immature
environment and cloud backup can be a boon, but larger businesses might
consider repatriation if the infrastructure for on-site is available.
Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents
AI agents are different. They operate with delegated authority and can act on
behalf of multiple users or teams without requiring ongoing human involvement.
Once authorized, they are autonomous, persistent, and often act across
systems, moving between various systems and data sources to complete tasks
end-to-end. In this model, delegated access doesn’t just automate user
actions, it expands them. Human users are constrained by the permissions they
are explicitly granted, but AI agents are often given broader, more powerful
access to operate effectively. As a result, the agent can perform actions that
the user themselves was never authorized to take. ... It’s no wonder existing
IAM assumptions break down. IAM assumes a clear identity, a defined owner,
static roles, and periodic reviews that map to human behavior. AI agents don’t
follow those patterns. They don’t fit neatly into user or service account
categories, they operate continuously, and their effective access is defined
by how they are used, not how they were originally approved. Without
rethinking these assumptions, IAM becomes blind to the real risk AI agents
introduce. ... When agents operate on behalf of individual users, they can
provide the user access and capabilities beyond the user’s approved
permissions. A user who cannot directly access certain data or perform
specific actions may still trigger an agent that can. The agent becomes a
proxy, enabling actions the user could never execute on their own. These
actions are technically authorized - the agent has valid access. However, they
are contextually unsafe. The CISO’s Recovery-First Game Plan
CISOs must be on top of their game to protect an organization’s data. Lapses
in cybersecurity around the data infrastructure can be devastating. Therefore,
securing infrastructure needs to be air-tight. The “game plan” that leads a
CISO to success must have the following elements: Immutable snapshots; Logical
air-gapping; Fenced forensic environment; Automated cyber protection;
Cyber detection; and Near-instantaneous recovery. These six elements
constitute the new wave in protecting data: next-generation data protection.
There has already been a shift from modern data protection to this
substantially higher level of next-gen data protection. A smart CISO would not
knowingly leave their enterprise weaker. This is why adoption of automated
cyber protection and cyber detection, built right into enterprise storage
infrastructure, is increasing, as part of this move to next-gen data
protection. Automated cyber protection and cyber detection are becoming a
basic requirement for all enterprises that want to eliminate the impact of
cyberattacks. All of this is vital for the rapid recovery of data within an
enterprise after a cyberattack. ... But what would be smart for CISOs to
do is to make adjustments based on what they currently have protecting their
storage infrastructure. For example, even in a mixed storage environment, you
can deploy automated cyber protection through software. You don’t need to rip
and replace the cybersecurity systems and applications that you already have
in place. ICE’s expanding use of FRT on minors collides with DHS policy, oversight warnings, law
At the center of the case is DHS’s use of Mobile Fortify, a field-deployed
application that scans fingerprints and performs facial recognition, then
compares collected data against multiple DHS databases, including CBP’s
Traveler Verification Service, Border Patrol systems, and Office of Biometric
Identity Management’s Automated Biometric Identification System. The complaint
alleges DHS launched Mobile Fortify around June 2025 and has used it in the
field more than 100,000 times since launch. Unlike CBP’s traveler entry-exit
facial recognition program in which U.S. citizens can decline participation
and consenting citizens’ photos are retained only until identity verification,
Mobile Fortify is not restricted to ports of entry and is not meaningfully
limited as to when, where, or from whom biometrics may be taken. The lawsuit
cites a DHS Privacy Threshold Analysis stating that ICE agents may use Mobile
Fortify when they “encounter an individual or associates of that individual,”
and that agents “do not know an individual’s citizenship at the time of
initial encounter” and use Mobile Fortify to determine or verify identity. The
same passage, as quoted in the complaint, authorizes collection in
identifiable form “regardless of citizenship or immigration status,”
acknowledging that a photo captured could be of a U.S. citizen or lawful
permanent resident.From Incident to Insight: How Forensic Recovery Drives Adaptive Cyber Resilience
The biggest flaw is that traditional forensics is almost always reactive, and
once complete, it ultimately fails to deliver timely insights that are vital
to an organization. For example, analysts often begin gathering logs, memory
dumps, and disk images only after a breach has been detected, by which point
crucial evidence may be gone. Further compounding matters is the fact that the
process is typically fragmented, with separate tools for endpoint detection,
SIEM, and memory analysis that make it harder to piece together a coherent
narrative. ... Modern forensic approaches capture evidence at the first sign
of suspicious activity — preserving memory, process data, file paths, and
network activity before attackers can destroy them. The key is storing
artifacts securely outside the compromised environment, which ensures their
integrity and maintains the chain of custody. The most effective strategies
operate on parallel tracks. The first is dedicated to restoring operations and
delivering forensic artifacts, while the other begins immediate
investigations. By integrating forensic, endpoint, and network evidence
collection together, silos and blind spots are replaced with a comprehensive
and cohesive picture of the incident. ... When integrated into the incident
response process, forensic recovery investigations begin earlier, compliance
reporting is backed by verifiable facts, and legal defenses are equipped with
the necessary evidence. Memgraph founder: Don’t get too loose with your use of MCP
“It is becoming almost universally accepted that without strong curation and
contextual grounding, LLMs can misfire, misuse tools, or behave unpredictably.
Let me clarify what I mean by ‘tool’ i.e. external capabilities provided to
the LLM, ranging from search, calculations and database queries to
communication, transaction execution and more, with each exposed as an action
or API endpoint through MCP.” ... “But security isn’t actually the main
possible MCP stumbling block. Perversely enough, by giving the LLM more
capabilities, it might just get confused and end up charging too confidently
down a completely wrong path,” said Tomicevic. “This problem mirrors
context-window overload: too much information increases error rates.
Developers still need to carefully curate the tools their LLMs can access,
with best practice being to provide only a minimal, essential set. For more
complex tasks, the most effective approach is to break them into smaller
subtasks, often leveraging a graph-based strategy.” ... The truth that’s
coming out of this discussion might lead us to understand that the best of
today’s general-purpose models, like those from OpenAI, are trained to use
built-in tools effectively. But even with a focused set of tools,
organisations are not entirely out of the woods. Context remains a major
challenge. Give an LLM a query tool and it runs queries; but without
understanding the schema or what the data represents, it won’t generate
accurate or meaningful queries.Speaking the Same Language: Decoding the CISO-CFO Disconnect
On the surface, things look good: 88% of security leaders believe their
priorities match business goals, and 55% of finance leaders view cybersecurity
as a core strategic driver. However, the conviction is shallow. ... For CISOs,
the report is a wake-up call regarding their perceived business acumen. While
security leaders feel they are working hard to protect the organization,
finance remains skeptical of their execution. The translation gap: Only 52% of
finance leaders are "very confident" that their security team can communicate
business impact clearly. Prioritization doubts: Just 43% of finance leaders
feel very confident that security can prioritize investments based on actual
risk. Strategy versus operations: Only 40% express full confidence in
security's ability to align with business strategy. ... Chief Financial
Officers are increasingly taking responsibility for enterprise risk management
and cyber insurance, yet they feel they are operating with incomplete data.
Efficiency concerns: Only 46% of finance leaders are very confident that
security can deliver cost-efficient solutions. Perception of value: CFOs are
split, with 38% viewing cybersecurity as a strategic enabler, while another
38% still view it as a cost center. ... "When security is done right, it
doesn't slow the business down—it gives leadership the confidence to move
faster. And to do that, you have to be able to connect with your CFO and COO
through stories. Dashboards full of red, yellow, and green don't help a CFO,"
said Krista Arndt,
