Well Hell-Ohh! And it’s 2026

STARDATE 01/23/2026

I’d love to say “Blink and you missed it” for the remainder of 2025, but alas, we weren’t so lucky. It wasn’t just some bad dream we woke up from, sighed, and shook off. Instead, it followed us right into the new year. I joke about my uncanny ability to “see bad things” but I really don’t like being right. Let’s call 2025 the opening act to the main event aka 2026 and what comes next.

This year isn’t going to be about just fixing what’s broke, or cleaning up the damage. It’s going to be about learning to live with the damage done. Once dedicated guardians in a global security community, CISA and other hollowed-out institutions and organizations have lost the capability and experience to respond, to monitor and proactively defend. That gaping wound is like a neon welcome sign to adversaries.

The adversaries have been steadily accumulating an arsenal of data for initial access and further compromise, while building out their cybercriminal infrastructure. They learn from our mistakes even when we don’t. They have the keys to the kingdoms – secrets, tokens, source codes, git repos, admin privilege. We’re way past credential theft, but they have all those too. Scattered Lapsus$ Hunters is the alliance of three cybercriminal gangs and evolution of script kiddie angst.

If we try to carry on BAU, then we’ve failed out of the gate. Successive network and security appliance vulnerabilities – Citrix, Fortinet – exploited. Chinese state-sponsored groups embedded for years in telco infrastructure, and prepositioning for attacks on critical infrastructure. A series of software supply chain compromises via NPM. The Salesloft drift breach had massive impact and reach. We’re frantically trying to identify and patch but exposure and exploitation have already ushered in whatever comes next.

With cost-gutting rampant and the misguided belief that advanced shiny tech will do our bidding, it’s time we told the Emperor he has no clothes. Despite all the potential and promises, AI isn’t coming to save us. It’s only as good as the flawed humans who teach it, so that it can then fail faster and bigger. And it should never, ever, be trusted to run without our supervision. “I, Robot” ended badly, remember?

I leave you with this: Plans + Preparation = Resilience. Think bigger than security. Think about what comes next.

Welcome to 2025! The year of “This wasn’t on my Bingo card”

STARDATE 11/30/2025

It’s been a minute. I started this blog in 2015 when I was new and all was shiny. I thought it was a great way to capture my learning journey and share information. I’ve kept those original sections in the menu because we still have those issues to deal with now, plus more. Historical context plays an important role when looking at threat actor behaviour or patterns of events. And as we know, history repeats. Yes, we need to look forward and not keep checking the rearview mirror BUT the past can have a powerful hold on us when we don’t learn from our mistakes, or move on too quickly and so I am keeping all that detail here, like time capsules, for future reference.

Our world, our civilization, changed with the pandemic of 2020. It feels like we’ve moved on but we’ll never return to the “before times”. This is very important to understand as we grapple with the year of OMG WTF, 2025. The consequences of decisions made take time to manifest – just because it hasn’t happened doesn’t mean it won’t. Be prepared to reap what has been sown in the AI frenzy, with the massive and devastating cuts to tech and security workforces, compounded by ongoing “unprecedented” disasters and storms driven by climate change, against a highly volatile and violent geopolitical backdrop. Silos exist for grain storage and enterprise bureaucracy – life is messy, lines are blurred, and so much overlaps. Nobody said this would be easy – except maybe that guy who sold us the SIEM.