Recent Posts
Video•Feb 28, 2026
Compliant or Facing Federal Fines
The video warns government contractors that false claims about cybersecurity compliance can trigger severe penalties under the False Claims Act, especially as the Department of Defense’s CMMC framework becomes contractually mandatory. In 2025, whistleblower‑driven actions resulted in $6.8 billion in fines across 297 cases, illustrating the government’s aggressive enforcement. The speaker notes that any misrepresentation of security posture can be treated as a false claim, exposing firms to civil liability. The presenter, a co‑author of CMMC version 1, emphasizes that CMMC is designed to embed compliance checks directly into contracts, and he distances himself from version 2, underscoring the evolving standards. For contractors, the message is clear: invest in verifiable security controls or face lawsuits, reputational harm, and loss of lucrative federal business. Robust compliance programs are now a strategic imperative.
By Paul Asadoorian
Video•Feb 25, 2026
Governing AI with Security Fundamentals
AI governance need not reinvent the wheel; it can rely on proven security fundamentals. The video draws a parallel to early cloud migration, showing how organizations extended existing controls to protect data beyond the perimeter. It recommends applying third‑party risk...
By Paul Asadoorian
Video•Feb 24, 2026
Signal vs WhatsApp: Privacy Choice
The video contrasts the privacy architectures of Signal and WhatsApp, emphasizing that both platforms employ end‑to‑end encryption for calls and messages. The presenter’s focus is on how each service handles metadata and what that means for user privacy. While encryption protects...
By Paul Asadoorian
Video•Feb 23, 2026
Unseen Devices in Your Network
The video highlights how organizations routinely overlook a significant portion of devices on their networks, exposing a blind spot in cybersecurity defenses. Speakers reveal that roughly 10‑12% of assets are completely unknown, and among the known inventory, about 12% lack endpoint...
By Paul Asadoorian
Video•Feb 23, 2026
AI Is Only as Good as Your Data
The video stresses that AI’s value in asset intelligence is directly tied to the quality of the data feeding it. While AI hype dominates headlines, the speaker reminds viewers that without clean, current data, even the most sophisticated models will...
By Paul Asadoorian
Video•Feb 19, 2026
Hidden Risk of Expired Support Contracts
The video highlights a hidden security risk: devices operating on expired or nonexistent support contracts cannot receive the latest firmware updates, leaving them vulnerable to exploitation. This issue is especially acute for organizations that purchase second‑hand networking equipment, which often...
By Paul Asadoorian
Video•Feb 19, 2026
Transparency in Security Controls
Vanta uses a public trust center that displays real-time security control status with green check marks tied directly to internal continuous monitoring. Simple configuration checks—such as whether encryption is enabled—are automatically run and reflected on the external site so prospects...
By Paul Asadoorian
Video•Feb 18, 2026
Cloud Password Vault Weakness
A team of security researchers at ETH Zurich examined the resilience of popular cloud‑based password managers by modeling an extreme threat: a server that is entirely malicious. Using this worst‑case assumption, they evaluated Bitwarden, LastPass and Dashlane. The tests showed a...
By Paul Asadoorian
Video•Feb 17, 2026
DNS Click Fix Threat
The video discusses a newly reported threat – the first known DNS ClickFix attack – in which cyber‑criminals use a seemingly innocuous nslookup command to deliver malicious payloads. Microsoft’s security team identified the technique, marking a shift from traditional email‑based...
By Paul Asadoorian