Anyone who knows me knows I’m passionate about mindfulness. Because I genuinely believe it makes us better humans. But also, because I have one of those brains that desperately needs it. I’m easily distracted and I start new ideas before finishing old ones. My attention can scatter in a hundred directions. I wrote before how I clicked on a phishing test because I was multitasking and running on autopilot. And that moment really changed the direction of my career and my research.

Remote access into OT and ICS environments has always carried risk. But the nature of that risk has changed. Threat detections now happen in seconds. Sensors identify anomalous behavior in real time. Identity platforms continuously evaluate trust. SIEM and OT security tools generate rich, contextual alerts instantly. Yet in most environments, access enforcement is still manual. A detection triggers a ticket. A human reviews. A decision is made. Minutes—or hours—pass before action is taken.

You probably feel this already: the surface you’re responsible for no longer has edges. New assets appear without tickets. A team flips on a SaaS app and suddenly sensitive data, OAuth scopes, and public links widen your blast radius. Your scanners keep finding “stuff,” but little of it changes what you fix next week. That’s the gap attack surface analysis has to close in 2026—seeing more, yes, but mainly acting faster on what actually matters.

Automating user provisioning sounds simple, until you remember everything that provisioning really touches.

As I was writing my latest book, How AI and Quantum Impact Cyber Threats and Defenses, I was hit by how many theoretical and real attacks there are involving AI. There are attacks committed by AI and attacks committed agsinst AI, and I’m not sure which category is bigger.

Modern enterprises aren’t just adding employees; they’re adding subsidiaries, multiple teams, contractors, AI builders, temporary projects, and new SaaS tools every week.

AI security tools are no longer just defensive layers. They are high value targets being studied, fingerprinted, and bypassed much like traditional endpoint detection and response (EDR) platforms and antivirus solutions were in their early days. The speed and scale at which these tools are being deployed makes reactive defense increasingly unsustainable.

Think back to the old image of a “cyberattack”: a hacker in a dark room trying to smash through a digital firewall to reach a dusty server. In 2026, that’s a relic. Today, the most dangerous threat actors aren’t breaking into your house; they’re walking through the front door with a copied key.

You’ve entrusted your Git and/or SaaS app data to popular cloud platform providers like GitLab, Atlassian, and Microsoft. But are you 100% sure about the data security, considering that your organization lives and dies by it? Do you have a backup and recovery plan? Or do you rely on your cloud provider only? Get to know how to implement cloud-to-cloud backups to stay with the modern cloud technology, while giving your business-critical data in the cloud maximum protection.