Robert Mckay @bug_less

A doubling of third-party #breaches in a year tells me something we don’t talk about enough: trust is too often assumed, not verified. Every vendor relationship is an extension of your attack surface, yet so many organizations still rely on static questionnaires or one-time…

Identity and access management has always come with challenges, but with many companies now adopting #AI at a rapid pace, there's an added layer of complexity involved. According to a new report from Sailpoint, as AI-driven identities and machine accounts grow, most security…

Companies have been developing and executing identity and access management strategies for decades now, but they still tend to be caught unaware by some common pitfalls. Catching these issues early is essential for avoiding bigger problems down the line. Six common mistakes…

This piece from #IBM highlights an interesting trend in #AI development: people are increasingly expecting AI to feel human. It's becoming an increasingly common sight in the workplace: companies are testing AI that flags stress, frustration, and disengagement before people say…

I'm not alone in saying that I think technology has the potential to move us forward in big ways as a society. I have so many personal stories about tech making a difference in more traditional professional settings, but even as someone who works heavily with tech every day for a…

Really solid example of #ZeroTrust being less about control and more about precision. I think that a lot of people find the idea of “never trust, always verify” too rigid, but in practice, it can actually create a lot of freedom. When you know every access request is validated…

When I was a kid, I learned how to cross the street: look left, look right, watch for traffic. Nobody told me to avoid the street entirely—in fact, I biked two miles to school with my little sister every day. That’s how I think about the internet with my kids. It’s not about…

You'll never catch me pretending to know everything about anything, even fields I have plenty of experience with. In the spirit of not knowing everything, I want to share a few things I've noticed now, nine months into 2025, that definitely weren't on my bingo card. I don't want…

The sun feels like a constant in our lives—but always full of surprises. That’s why I love IBM’s work with NASA on Surya: a digital twin of the sun powered by AI, helping scientists model solar activity and even predict solar storms before they disrupt satellites, power grids,…

Multi-Factor Authentication is something that most organizations say they enforce across the entire enterprise, but few manage to fully follow up on. It's nearly impossible to prove MFA is being enforced everywhere unless you have the right identity governance and auditing…

Most #ITDR conversations start with “real-time response.” But the truth is, how well that response works depends on what happens before the alert ever fires. If your directory is packed with stale accounts, broad roles, and endless exceptions… attackers already have the map.…

I keep seeing the same trap in the #identity space: vendors promise a silver bullet, buyers want to believe it, and both sides end up disappointed. The reality is that identity isn’t something you ‘solve’ with a single product or quick rollout. It's a living system. It's…

Microsoft's Entra has already seen several major improvements this year, but their new cross-cloud synchronization feature offers a new level of security and convenience. The features allows administrators to automatically manage user #identities across different Microsoft cloud…

It used to be that identity was treated as something of an afterthought in #cybersecurity. This is no longer the case though, as most people now recognize that weak credentials and privileged access management cause most security breaches. To stay ahead of malicious actors,…

Cyber attacks aren’t slowing down. Hackers are getting more sophisticated—and they’re counting on companies being caught off guard. Here’s the scary part: only 26% of organizations have an incident response plan and have actually rehearsed it. Without practice, even the best…

I think it’s pretty telling that 63% of breached organizations either didn’t have an #AI governance policy or were "still developing one." But honestly, the potentially bigger issue is that even when policies existed, most weren’t tied to actual controls. Governance can't just…

I used to believe #AI should be led by technologists. On the surface, it feels pretty logical, right? But the longer I work with it, the more I realize just how wrong I was. AI wouldn't be half as effective or game-changing as it is now if it were left to technologists. The…

Now this is what it looks like when tech is used to enable a mission. In their tech growth efforts, the Y identified a problem—5,000+ children without care—and worked with #Microsoft to build the structure, organizationally and technically, to solve it. And that's where I find…

Really cool work from IBM and Cleveland Clinic. Instead of teaching AI how we walk, they’re focusing on why it matters — using synthetic data grounded in physics, biomechanics, and clinical insights. No waiting around for patient data to slowly build up. This shift could be…

#Security has a usability problem, and for years, we’ve treated that as a user training issue instead of a design failure. But honestly, in my experience, people don't read prompts. They trust patterns. They move quick. It's just how humans often work, especially nowadays. So…