Zach(ary) Eikenberry

The 2025 IACP annual conference showcased the best in law enforcement technology, from AI-powered investigations to drones as first responders... See the top 5 insights and key themes from the conference here: https://carah.io/IACP25 International Association of Chiefs of Police, George Vit, MBA, Police Officer, Jack Wold, Jason Wheeler, Jessica Raguso-Failla, Lacey Wean, Tiffany Goddard, MBA

16

Deterrence in cyberspace is no longer optional — it’s a strategic necessity. I had the privilege of sitting down with National Cyber Director Sean Cairncross this week for a special episode of Cyber Focus to discuss the President’s Cyber Strategy for America, just released by the White House. The strategy reflects a growing recognition in Washington that effective cyber defense cannot rely on resilience alone. We must also shape adversary behavior, impose costs, and deny hostile actors the operational freedom they have long enjoyed in cyberspace. For policymakers, operators, and industry leaders alike, the question now is how to translate strategy into sustained operational advantage. Sean unpacks the strategy’s six pillars and what they mean in practice in a threat environment where adversaries increasingly rely on low-cost, low-risk cyber operations capable of generating disproportionate impact. A central theme of our discussion: alignment. Success will depend on bringing together government policy, operational cyber capabilities, industry partnerships, and international coordination around a common approach to deterrence and resilience. Sean also underscored a critical point — private companies should not be left to fend for themselves against foreign intelligence services and other sophisticated threat actors. As he put it, there is more we can do to “make life harder” for bad actors and deny them safe haven. Watch the full episode here: https://lnkd.in/ezzKND4z #CyberStrategy #CyberDeterrence #CyberPolicy #Cybersecurity #CriticalInfrastructure

81

2 Comments

📌 𝗢𝗻𝗲 𝗼𝗳 𝘁𝗵𝗲 𝗺𝗼𝘀𝘁 𝗼𝘃𝗲𝗿𝗹𝗼𝗼𝗸𝗲𝗱 𝗖𝗠𝗠𝗖 𝗿𝗶𝘀𝗸𝘀 𝗶𝘀 𝗽𝗵𝘆𝘀𝗶𝗰𝗮𝗹 𝗮𝗰𝗰𝗲𝘀𝘀 𝘁𝗼 𝗽𝗮𝗽𝗲𝗿 𝗮𝗻𝗱 𝘀𝗲𝗻𝘀𝗶𝘁𝗶𝘃𝗲 𝗮𝗿𝗲𝗮𝘀 Unescorted visitors may see, hear, or handle CUI without realizing it—especially in facilities that appear “ordinary” from the outside. Defense contractors must control visitor access, escort policies, and physical visibility to truly protect sensitive information. #CMMC #CUI #PhysicalSecurity #DFARS #NIST800171 #Compliance #DefenseContractors

"Signature defense is dead!" Loudon County Va. CISO Dr. Elizabeth Di Bene was a sound bite machine during our interview at yesterday's CyberSmart 2026 event in Reston. We covered compromised software & supply chains, managing human & machine identities at scale, and the shift to behavior-based security -- valuable thought leadership coming soon to a TV near you. Kudos to Carahsoft and FedInsider.com for putting together a great program.

46

CMMC will break sloppy BD processes. Adapt now! For years, business development teams in GovCon got away with broad outreach, mass file sharing, and a whole lot of “just send it over.” Those days are over. CMMC changes the entire BD playbook. Once CUI lives inside a controlled enclave, you can’t casually attach files, forward intel, or drop proposal artifacts into a shared drive and call it a day. You can’t blast the market with generic capability decks that were never reviewed for data exposure. You can’t hand off documents to teammates who aren’t enclave-enabled. The result: Prospecting has to get tighter, more disciplined, and actually documented. You have to know exactly who you’re targeting. Exactly why you’re targeting them. Exactly what data you’re sharing. And exactly who is authorized to see it. The BD teams who thrive in this new world will not be the loudest. They’ll be the most precise. CMMC isn’t just a compliance requirement. It’s about to become the great filter for sloppy sales processes across the entire Defense Industrial Base. Spray-and-pray is gone. Precision and accountability are the new competitive edge. If you’re rethinking how your BD team will operate under CMMC, reach out at mattheww@atozmc.com and I’ll walk you through the right starting point.

2

1 Comment

As part of National #Cybersecurity #Awareness Month, George Mason University's National Security Institute (NSI) published a series as part of their "The SCIF" publication - which provides analysis and opinion from NSI’s Experts on the real national security issues facing policymakers. For the 3rd installment the focus was on #emerging #technologies reshaping both the threats and defenses in cyberspace: these advances promise new tools for #securing networks and data, but they also introduce vulnerabilities that adversaries are eager to exploit. Understanding which technologies will define the next decade of cybersecurity is critical to maintaining U.S. national security and technological leadership. Several Fellows were able to weigh-in, my own predictions included these 3 points: 1. “#Patterns of #life” analysis represents our most powerful cybersecurity tool and our most dangerous vulnerability. 2. Machine learning systems can #baseline what “normal” looks like for each user and system, flagging deviations near-instantly. 3. Yet we need cybersecurity architectures that leverage behavioral analytics #without creating #centralized #repositories of pattern data that become irresistible targets for bad actors. ... I welcome your thoughts on what do you think will be the #game-#changers in cybersecurity? What are the new tech capabilities we need to be aware of both from a defensive side as well as making sure they're not used towards bad ends? Take a look at what folks suggested and share your thoughts + reshare this post (link to the full article in the comments below). #OnwardsAndUpwards #Together Jamil Jaffer, Ellen McCarthy, Bob G., 🌎David T. Ackerman, Esq., Dana W. Hudson, Jacqueline Acker, Tyrome Smith, Julia Mossbridge, PhD, Sue Gordon, Jeff Frazier, Evan Powell, Chuck Brooks, Karen Silverman, John Radovan, Kathleen Kennedy, Perry Hewitt, Dr. Janice Presser, Jana Eggers, Brittany Galli, Brady F., Radia Funna, Mika Cross, G. Nagesh R., Lewis Shepherd, Amy Webb, Francisco Molinero, Usman Choudhary, Valmiki Mukherjee, Whitney Johnson, William H. Dutton, Lev Gonick, Michael Krigsman, Niloo Norton, Charles Carithers, Lindy Kyzer, Suzanne Kelly, The Cipher Brief, Intelligence and National Security Alliance #courage #people #society #business #leadership

40

6 Comments

Colorado and Texas' AI legislation was thoughtfully drafted. One of the more notable features in Colorado's law (CAIA) and Texas' law (TRAIGA) is their use of safe harbors. Both laws offer a safe harbor for companies that follow the NIST Cybersecurity Framework and ISO/IEC 42001. Colorado goes even further. The statute provides that deployer risk management policies and program implementation “must be reasonable considering” the latest version of the NIST AI RMF, orISO/IEC 42001. This is the first time these frameworks are addressed in such specificity in a comprehensive AI legislation. I expect it is not the last. In fact, I expect this to be the norm in future AI legislation. Legislative inclusion of NIST and ISO is essential. It identifies well-established, excellent frameworks by which to measure an AI developer/deployer's operations. When I launched the Stanford Law School AI Life Cycle Core Principles project around 2.5 years ago, I mapped the principles to standards for that precise reason. The link to the full set of principles is ⬇️

26

1 Comment

Senators push to renew cyber grant program for state, local governments Security experts and local officials say the program is vital to protecting the country. https://lnkd.in/erTU9n8v

16

We’re kicking off the year with three cybersecurity checks every Florida SMB can actually do — no mystery budget required. 1) Patch promptly: that “later” update is a welcome mat for attackers. 2) Verify backups: a backup that won’t restore is just expensive clutter. 3) Enable MFA: one extra step, vastly fewer sleepless nights. I say this as someone who’s seen what a little proactivity prevents — Craig Strang‑Thompson and the EASICOMM team help tailor these steps so they fit your business, not the other way around. Ready to make your security boring (in a good way)? Visit https://wix.to/xiLYpHN to get started. 🔧🛡️ #CyberSecurity #SMB #FloridaBusiness

2

JIATF 401’s new guide says protect critical infrastructure by hardening, obscuring, and extending the perimeter. Agreed. But protection starts with detection. Detect. Classify. Protect. At the edge. Right now, the Caribbean has critical infrastructure that supports FEMA operations, DHS missions, power generation, and port security, with almost zero persistent C-UAS coverage. Puerto Rico alone is home to infrastructure that the entire region depends on, and it sits in a gap no one is filling. iTerra Solutions fills it. PhantomPulse is a autonomous drone detection and classification node, deployed where the U.S. perimeter actually needs to start, not at the fence line, but at the island line. Expanding US and allied airspace awareness 24/7. JIATF 401 Industry Day. March 5th. Let’s talk. #JIATF401 #CUAS #PhantomPulse #iTerra #CriticalInfrastructure #PuertoRico #DHS #FEMA #Caribbean

19

1 Comment

As we go deeper into the Christmas holiday season, a reminder for MTSA-regulated owners and operators: the MTSA cybersecurity compliance deadlines are approaching, and the updated requirements introduce a higher level of rigor across governance, monitoring, and response. Under the upcoming rule: Specified cybersecurity training must be completed by January 12, 2026, Proper reporting of cyber incidents must be done, starting July 16, 2025, Submit a Cybersecurity Plan to the USCG for approval, no later than January 17, 2027. Plans must reflect a comprehensive, risk-based approach to safeguarding both IT and OT systems that support Marine Transportation System operations. This includes documented cyber risk assessments, defined protection and detection measures, validated incident-response procedures, and clear lines of authority for cyber-related decision-making. Facilities will also be expected to demonstrate how they maintain cybersecurity readiness on an ongoing basis—through configuration management, access control, continuous monitoring, and integration of cyber considerations into their existing MTSA Facility Security Plan framework. For many organizations, aligning legacy processes with the new expectations will require early planning and cross-disciplinary coordination. Beginning that work now reduces complexity and ensures your team isn’t compressing months of technical and procedural updates into the final stretch before 2026. If anyone has questions about interpreting the new requirements or structuring an implementation path, I’m always happy to be a resource.

36

Echoing something my friend Lawrence Prettyman said that more people need to hear: we’re entering a new kind of warfare, and most businesses don’t even realize they’re already on the battlefield. Cybersecurity isn’t a future problem. It’s a right now problem. And while nation-state threats sound far off, the reality is they often hit smaller firms first because they’re easier targets. If your tech partner struggles to stay on top of the basics, missed updates, slow support, vague answers, do you really think they’ll be ready when the pressures on? It’s time to take this seriously.

1

2 Comments

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning for organizations and government entities: three vulnerabilities in legacy D-Link devices are now under active exploitation, prompting urgent mitigation efforts, particularly across the Federal Civilian Executive Branch (FCEB).

1

HCM DEFENDER Pulse Alert: PeopleCheck Potential Cybersecurity Incident Tuesday, June 24th, 2025 A ransomware group named Everest listed PeopleCheck to its data leak site. image While the date on the post says June 13th, the post was made today. The group did not specify the amount or type of data it allegedly stole from the company. It says it is giving the company a week to respond to ransom demands. It did provide samples of the alleged stolen data. Analyst has redacted the information to protect the data. PeopleCheck is a UK-based provider of background checks. While they are UK-based, they do work with organizations across the globe and are specifically focused in the professional services sector and recruitment and staffing. Defender Recommendations If you or your customers use PeopleCheck, it is important to look out for correspondence from the company about any potential cyberattack and consider the sensitivity of the data that they have or may be processing.

6

1 Comment