by valino | Jul 13, 2026 | Hacking, Phishing
One phishing report a week. That is the entire ask of this Sunday letter, addressed to every CEO who has read this far in the series. Not the dashboard. Not the trend chart. One specific phishing report, end to end, every Monday morning, for one quarter. Then we can...
by valino | Jul 11, 2026 | Compliance, Hacking
Cybersecurity reporting to the board in 2026 is the slide deck that quietly decides whether the security organization is funded, listened to, and trusted in the year ahead. The CISOs producing reports that boards actually read share a pattern: three numbers, two...
by valino | Jul 10, 2026 | Compliance, Hacking
Regulator engagement after a breach is the discipline that decides whether a difficult quarter becomes a difficult year. In 2026 the organizations whose regulator conversations resolved within months were the ones whose CISOs and general counsel had spent the prior...
by valino | Jul 9, 2026 | Hacking, SIEM
Application security posture management, or ASPM, has gone from a 2024 analyst category to a 2026 operational requirement faster than most application security teams expected. The pattern is consistent across every engagement we have run this year: organizations that...
by valino | Jul 8, 2026 | Compliance, Hacking
Cyber insurance claim reality in 2026 has matured into a discipline that lives or dies on documentation. The organizations that filed clean claims this year were not the ones with the largest premiums or the most expensive policies. They were the ones whose security...
by valino | Jul 7, 2026 | Hacking, SIEM
Threat hunting in 2026 has stopped being the prestige assignment that mid-career SOC analysts request and started being the operational program that mature security organizations run on a calendar. The hunting teams producing defensible findings every quarter share...
by valino | Jul 6, 2026 | Active Directory, Hacking
Privileged session recording is the control that quietly answers the hardest question in any post-incident review: what exactly did the privileged account do during the relevant window? In 2026 the organizations that can answer that question in minutes are the ones...
by valino | Jul 6, 2026 | Compliance, Hacking
The conversation between the CHRO and the CISO may be the single most underused executive conversation in 2026. In nearly every breach post-mortem I have read this year, there was a moment six to twelve months before the incident when an HR signal and a security...
by valino | Jul 4, 2026 | Hacking, SOC
Cyber workforce retention in 2026 is the security control that does not show up in any vendor demo and decides more about an organization’s defensive posture than any platform purchase. The teams who lost three senior analysts last quarter are not the teams...
by valino | Jul 3, 2026 | Compliance, Hacking
Data classification is the unglamorous discipline that quietly decides whether your data loss prevention, your DLP exceptions, your access controls, and your incident response timelines actually work the way the policy says they do. In 2026 the organizations winning...