Active Directory Tier Zero remains the dominant intrusion path in enterprise environments in 2026. Field notes on inventory, credential separation, and the engineering discipline that defeats it.

There is a cyber conversation co-founders of growth-stage companies almost never have with one another. A Sunday letter on why that absence is no longer defensible in 2026.

Cyber range programs that produce compounding capability are sustained operating disciplines, not periodic events. Field notes from the iSECTECH desk in 2026.

The SBOM is not the deliverable. The query you can run against it at 3 a.m. during the next critical disclosure is the deliverable. Field notes from the iSECTECH desk in 2026.

Identity threat detection closes the gap modern adversaries exploit. Field notes on behavioral baselines, non-human identity monitoring, and ITDR coverage in 2026.

SOC burnout is the single most underreported operational risk in modern security. Field notes on workload, recovery design, and senior analyst retention.

The endpoint remains the dominant point of initial compromise in 2026 — not because endpoints have gotten worse, but because adversary tooling has outpaced default configurations.

Post-quantum readiness is a 2026 problem, not a 2030 problem. Field notes on cryptographic inventory, vendor pressure, and the migration timelines that decide who is ready and who is not.

The incident report is the single most truthful document a security program ever produces about itself. A Sunday letter on why boards must read at least one a year.

M&A cyber diligence is the discipline that decides whether a strategic acquisition creates value or destroys it. A field guide to evidence-based diligence in 2026.