Blog

Deep dives on security, compliance, and risk management - written for professionals who manage programs.

Building a Security Program from Scratch: A Practical 90-Day Plan

You've just been hired as the first security hire. Here's how to scope, prioritize, and build a program that earns trust - without drowning in frameworks.

2026-04-08 · 12 min read Regulations

NIS2 Enforcement Starts Now - Are You Ready?

The NIS2 Directive is now being enforced across EU member states. Here's what security managers need to know about scope, obligations, and penalties.

2026-04-07 · 8 min read Risk Management

Third-Party Risk: How to Build a Vendor Assessment That Actually Works

Move beyond checkbox questionnaires - here's a tiering model and assessment approach that scales with your vendor portfolio.

2026-03-25 · 9 min read AI Security

The AI Act Is Here: What Security Managers Need to Know

The EU AI Act introduces risk-based requirements for AI systems. Here's what it means for your organization's security and governance.

2026-03-18 · 7 min read Crisis Management

Your BCP Is Probably Outdated: 5 Gaps to Fix Before the Next Incident

Post-pandemic assumptions, cloud dependencies, and remote workforce scenarios - most business continuity plans haven't kept up.

2026-03-10 · 6 min read Secure SDLC

Secrets in Code: How to Build a Detection Pipeline That Catches Leaks

API keys, tokens, and credentials hardcoded in repositories remain one of the most common - and preventable - security issues.

2026-02-28 · 11 min read Awareness

Why Your Phishing Simulations Aren't Working - And What to Do Instead

Click rates aren't dropping despite monthly simulations? Here's why most phishing programs fail and how to fix your approach.

2026-02-14 · 6 min read Assessments

Running Your First Internal Security Audit: What to Measure and How to Report

Internal security assessments don't need to be formal audits. Here's a practical guide to scoping, executing, and reporting your first review.

2026-02-01 · 10 min read