Sharpen your security posture.
Browse our industry coverage and ongoing writing, all in one place.
Industries we serve
Sector-specific context: where our work fits and what regulators expect.
-
Financial services
FFIEC, PCI DSS, SOC 2: banks, fintech, insurers, advisors.
-
Healthcare
HIPAA, HITECH: hospitals, clinics, payors, health-tech platforms.
-
Legal & professional
Client confidentiality, privilege, matter-level data controls.
-
Public sector & education
CJIS, FERPA: state, municipal, higher-ed, K-12 districts.
-
Manufacturing & OT
IT/OT segmentation, CIS for ICS, Purdue model realities.
-
SaaS & technology
SOC 2 Type II, bespoke threat models, customer-facing reports.
-
Energy & utilities
NERC CIP, operational technology, vendor risk at the edge.
-
Retail & hospitality
PCI DSS 4.0, in-store network segmentation, franchise risk.
From the CyberBulletin
Field notes, write-ups, and short essays from the engagements we ship.
The Vendor You Trusted: Why Schools and Education Platforms Are the Newest Frontier for Cyberattacks
Canvas, PowerSchool, Udemy: schools keep getting breached through the vendors they trust. Why third-party penetration testing is now a basic requirement.
Read post →
The Door You Forgot to Lock: Why Application Security Testing Is the Cheapest Insurance You're Skipping
One in five breaches now starts with a software flaw. Why application security testing is the cheapest insurance most businesses are still skipping.
Read post →
All In on Risk: Why Gambling Establishments and Apps Can No Longer Afford to Skip Penetration Testing
MGM, Caesars, IGT, Wynn — two years of casino breaches that began with a phone call. Why penetration testing finds what compliance checklists miss.
Read post →