Sean D. Mack
CIO/CISO and author (Enterprise Security: A Data‑Centric Approach) who discusses real‑world cybersecurity leadership conversations and enterprise risk focus areas.
AI Turns Everyone Into Potential Hacker, Raising Threat Floor
One of the things that changes most for cybersecurity with AI is not detection. It is access to offense. Exploit tooling that used to require real skill is now a prompt away. Everyone has a hacker in their back pocket now, whether they know how to hack or not. When the floor on attacker capability rises that fast, your old assumptions about who can hurt you are out of date. What are you doing to adapt in this new threat landscape?
AI Valuation Bubble Exists, Yet Real Enterprise Adoption Thrives
Is there an AI bubble? Probably, in the valuations. But I think people asking that question are watching the wrong thing. Bubbles pop on hype. What I am seeing in actual enterprises is the opposite of hype: AI doing real work,...
48‑Hour SLA vs 48‑Minute Threats: Rethink Vulnerability Response
How do you manage when your SLA is 48 hours to remediate a critical vulnerability but the bad guys are finding it in 48 minutes? Mythos and AI-driven attacks have changed the math. Most vulnerability management programs were built for a...
V
Two weeks back I asked what people were vibe coding to replace their subscription apps. The replies are still coming in. I'm amazed by what people are building ever day. What's the most useful thing you've vibe coded recently? Genuinely curious,...
Mandatory AI Training Essential to Prevent Security Risks
Employees need training before they use AI tools for work. The rush to adopt is creating security risk, and most people genuinely don't know what they're doing wrong. One org I talked to last week is now mandating training as...
Engineers Must Learn Management Skills Early with AI
Every engineer is a manager now. If you're using Claude Code or any agent, you're delegating work, reviewing output, redirecting, and giving feedback. The skills that used to separate ICs from EMs are now table stakes for ICs. We should...
Detroit Cybersecurity Leaders: Join Agentic AI Roundtable
I'll be in Detroit this Thursday for a roundtable on Agentic AI in Security Operations. If you're a cybersecurity leader in the area, there's still time to register. No vendor pitches, free food and drinks and great conversation. Come join us:...
Vibe Coding Spurs 84% App Store Surge, Delays Review
Following up on last week's vibe coding post. Looking at the broader picture: App Store submissions jumped 84 percent year over year in Q1. Sensor Tower is calling vibe coding the cause. Apple is so swamped that review times stretched from...
Quiet Saturday Mornings Unlock Unpressured, Focused Productivity
Saturday morning is my favorite working time of the week. Coffee, Ivy at my feet, the rest of the house still asleep. No meetings pulling at me, no inbox running the agenda. Just a couple of quiet hours where I...
DIY Coding Replaces Costly Subscription Apps
Anyone else replacing subscription apps with apps you vibe-coded yourself? Started doing this for small utilities and now I cannot stop. What have you replaced?
AI Reliability Engineers: The Next Essential Development Role
Here is a prediction: The developer of the future is going to be an orchestrator of agents and a master of fixing code in production that they did not personally write. Call them AI Reliability Engineers (AI RE). I think this...
What GRC Users Hate Most About Current Platforms
Real question for GRC users: what do you hate most about your current platform? Asking because we are about to launch something built specifically to fix the things that drive practitioners crazy. So tell me, what are we trying to fix?
Security Teams Juggle Frameworks Yet Still Question Risk Accuracy
Question for the security folks on Threads: how are you actually measuring risk? NIST CSF? CIS? Some Frankenstein blend of frameworks plus vendor assessments? Every conversation I have lately ends with "all of the above and we are still not sure it...
AI Accelerates Existing Threats, Not Creates New Ones
Going to say something a little controversial: AI does not actually raise any new threats. The categories of attack have not changed. Vulnerabilities are still vulnerabilities. Chained attacks have existed forever. What is new is the speed, and the fact that everyone...
Infrastructure Security Upgrades only Happen with New Trains
Great roundtable last week with a group of CISOs from transportation and critical infrastructure. One of them said cybersecurity improvements only happen when they buy new trains. That is the real story of critical infrastructure security. Not the threat landscape, not...